The trends in ransomware are worrying and the rapid emergence of generative AI and its use by bad actors isn’t helping, according to a new survey by cybersecurity firm Hornetsecurity.

In research released this week, the company found that while more organizations are paying ransoms this year, more data is being lost and less is being recovered.

Hornetsecurity CEO Daniel Hofmann noted that cybercriminals are constantly changing tactics and that to protect themselves, organizations need to not only invest in comprehensive security measures that can protect their entire attack surface but also need to continue running cybersecurity awareness training for their employees.

“The evolving landscape of ransomware threats highlights the need for constant vigilance,” Hofmann said. “The data shows that while fewer attacks are being reported, the outcomes are far more damaging, with potentially devastating consequences for organizations that fall victim to them.”

Ransom Payments Jump

In its annual ransomware survey, Hornetsecurity found that 16.3% of ransomware victims this year have paid a ransom in hopes of regaining control of their data, more than doubling the 6.9% who said the same thing in 2023. At the same time, data loss also jumped, from 17.2% last year to 30.2% so far in 2024. That number in 2022 was 14.1%.

In addition, 5% of the IT professionals surveyed by Hornetsecurity saw a complete loss of all the data involved in a ransomware attack.

The ability to recover data through backups also is continuing a steady drop. In 2021, 87.4% organizations were able to recover their data seized by ransomware groups. By last year, that figure had sunk to 74.8% and through August this year, it stood at 66.3%.

Varying Research

The view of ransom payments varies, with some researchers finding they’re going down while others see them going up. Research by Chainalysis earlier this year found a record $1 billion-plus in ransoms was paid in 2023, due in part to the massive exploitation of the MoveIT file transfer software flaw and cybercriminals expanding their focus on critical infrastructure environments.

However, Coveware – which in April was bought by Veeam – noted in January that 85% of ransomware victims in 2019 paid the ransom, but that by late 2023, that figured had dropped to 29%, more than what Hornetsecurity found for this year but trending in the other direction.

AI is Raising Fears

A string that is weaving through all this is the rise of generative AI. According to Hornetsecurity, the emerging technology is fueling greater fears about ransomware, with 66.9% saying it is ginning up their apprehension about potential attacks. And that comes as general concerns are already high, with 85% of companies moderately or extremely worried about ransomware.

Many of those surveyed also were unsure whether their organizations were prepared for such an attack. More than 89% said their senior leadership was aware of the ransomware risks, but 56.3% said that their leaders were actively developing or implementing prevention strategies.

Another 39.2% said they were content with primarily letting IT departments deal with it.

That said, a large majority – 84.1% – of respondents said they saw protecting against ransomware as a top IT priority, and 87% have disaster recovery plans in place.

“While this represents the majority, there are some concerns around the organizations that do not prioritize ransomware given its potentially ruinous consequences on a business’s operations,” Hornetsecurity researchers wrote, adding that when asked why they were putting a greater focus on ransomware, 13.1% “mistakenly believe” they can rely on platforms like Microsoft 365 and Google Workspace for protection, negating the need for the organizations themselves to come up with a formal plan.

More Investments and Training Needed

The German cybersecurity firm is pushing the need for companies to grow their protections and expand security awareness training for employees, but the survey found that while survey respondents – 95.8% – see the value in such programs, there are hurdles to getting them to implement or expand them.

According to the survey, 17.8% said that such initiatives are too time-consuming for users, while 14.4% cited “untrainable” users. Other challenges cited included that such programs are too costly (12.3%), too time-consuming for the IT staff (10.6%), and that the training seems outdated (7.6%).

This despite the numerous research reports that note that the most common factor in ransomware attacks is the human element and that Hornetsecurity’s research found that 52.3% of ransomware attempts result from email and phishing attempts.

“This shows the urgent need to overcome resistance to training, as employees are the first line of defence against cyber threats,” the researchers wrote, adding that “continuous and evolving training is essential.”

Research by other cybersecurity companies back up the need to bolster security practices. Keeper Security in a report this month found that AI is making cyberthreats more frequent, more sophisticated, and more difficult to detect. At the same time, many organizations say they are unprepared for them.