Skip to main content
close search
site logo
Dive Brief

One in four ransomware payers left with missing data: report

Most ransomware victims responding to the survey said they were threatened with having their data published or sold if they didn’t pay the attacker.

Published May 28, 2025
Alexei Alexis's headshot
Reporter
Team of hackers dressed in black work on computers in dark room.
gorodenkoff via Getty Images

Dive Brief:

  • About one in four companies targeted in a ransomware incident in the last year did not get all their data back after paying the attacker, cybersecurity firm Delinea said in a report released Wednesday.

  • Delinea also found that most ransomware today includes data-theft extortion, with 85% of victims saying they were threatened with having their data published or sold.

  • “Paying the ransom doesn’t always bring the desired results,” Delinea said in the report.

Dive Insight:

Ransomware remains one of the most profitable tactics for cybercriminals, with millions of dollars extorted worldwide every year, according to an article published in March by cybersecurity firm CrowdStrike.

With ransomware attacks, criminals use malicious software to prevent companies from accessing their own computer files, systems or networks, and they demand the payment of a ransom to have such access restored. Such attacks can also involve a threat to leak sensitive data to the public internet.

The FBI doesn’t support paying a ransom in response to a ransomware attack, according to an article posted on the agency’s website.

“Paying a ransom doesn’t guarantee you or your organization will get any data back,” the FBI article said. “It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”

A ransomware prevention guide published by the Cybersecurity and Infrastructure Security Agency, a component of the Department of Homeland Security, advises victims to take steps such as notifying law enforcement and restoring data from offline, encrypted backups.

According to Delinea’s research, more than two thirds of surveyed companies experienced a ransomware breach in the last year, and 57% of the targeted companies paid the wrongdoers.

Over half of those surveyed said they went against the advice of government authorities and paid a ransom to speed up their recovery, although fewer U.S. firms paid in 2024 compared with the prior year.

“If extortion is now predominantly focused on information theft, then backing up is a less useful mitigation strategy if used in isolation,” Delinea said. “The emphasis must be on proactive, preventative security that blocks data theft from happening in the first place.”

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Cherry Bekaert Launches Finance Modernization Solution, Offering Outcome-Driven Scalability fo…
From Cherry Bekaert
May 28, 2025
Cherry Bekaert logo
Ringo Announces Strategic Partnership with Vituity to Expand Access to Clinical Talent for Hea…
From Ringo
May 15, 2025
Ringo logo

Want to share a company announcement with your peers?

Get started

Editors' picks
Latest in Strategy & Operations
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.