Ransomware Attackers Prioritize Data Theft Over Encryption as Attacks Become Multi-Dimensional

Ransomware Attackers Prioritize Data Theft Over Encryption as Attacks Become Multi-Dimensional

Barracuda Networks survey reveals evolving threat landscape

October 15, 2025 — Barracuda Networks Japan has released the Japanese version of “The Ransomware Insights Report 2025,” a comprehensive study conducted in partnership with research firm Vanson Bourne.

The report, originally published in English on August 5, surveyed 2,000 IT and security decision-makers across multiple countries—including 200 respondents from Japan—between April and May 2025.

Ransomware Attackers Prioritize Data Theft Over Encryption as Attacks Become Multi-Dimensional

High Victimization Rates Across Industries

The survey found that 57% of organizations experienced ransomware attacks in the past 12 months, with 31% of victim organizations being attacked two or more times. Industry-specific data revealed particularly concerning trends: healthcare organizations suffered the highest victimization rate at 67%, followed by local government at 65% and retail at 61%.

Security Gaps Leave Organizations Vulnerable

A critical finding of the report highlights the correlation between security preparedness and attack success. Victim organizations had significantly lower implementation rates of key security measures compared to non-victim organizations. Specifically:

Email security: 47% (non-victims: 59%)
Network monitoring: 48% (non-victims: 59%)
Security awareness training: 45% (non-victims: 51%)
Endpoint security: 37% (non-victims: 44%)

These security measures are particularly effective at defending against phishing and credential theft—common initial attack vectors for ransomware operations.

Ransom Payments Prove Unreliable

While 32% of victim organizations paid ransoms in attempts to recover their data, 41% of those who paid were unable to recover all or some of their data. This stark reality underscores the unreliability of negotiating with cybercriminals.

In contrast, 65% of organizations successfully restored their data from backups, highlighting the critical importance of robust backup strategies as a primary defense mechanism.

The Evolution Toward Multi-Dimensional Attacks

Perhaps the most significant finding is the dramatic shift in ransomware tactics. Traditional data encryption—once synonymous with ransomware—now accounts for only 24% of attack activities. Instead, attackers are employing a more diverse arsenal:

Installing additional malware: 29%
Data theft: 27%
Data leakage/publication: 27%
Multi-endpoint infection: 26%
Lateral network movement: 25%
Data encryption: 24%
Backup deletion: 19%

Attackers now employ multi-pronged pressure tactics, including double extortion through data theft and publication threats, and impeding recovery by deleting backups. This multi-dimensional approach operates across three axes: temporal (from initial intrusion through lateral movement, theft, and encryption), objective-based (combining financial demands with data exposure threats and backup destruction), and methodological (blending technical attacks with psychological pressure).

Key Takeaways

The 2025 report paints a picture of an evolving threat landscape where traditional defenses focused solely on preventing encryption are no longer sufficient. Organizations must adopt comprehensive security strategies that address the full spectrum of modern ransomware tactics—from initial access prevention through robust backup systems and incident response capabilities.

The data strongly suggests that proactive security measures and reliable backup systems remain the most effective defense against increasingly sophisticated ransomware operations, far outperforming ransom payments as a recovery strategy.