Veeam has compared regional data from both its 2024 and 2025 Ransomware Trends Reports, which both look back on findings from the previous year, exploring long term ransomware and data resilience trends in EMEA. The data revealed that ransomware payments by EMEA organisations dropped by nearly a quarter (22%) from the previous year. However, this doesn’t necessarily mean organisations are facing fewer attacks. Instead, improvements in data resilience capabilities and shifting attitudes toward negotiating with attackers are emerging.
Paying ransoms increasingly fails to recover data
Comparing the data, it’s clear that organisations are increasingly able to recover data without paying ransoms; in 2023, 14% recovered data without paying a ransom, while in 2024, this doubled to 30%. At the same time, there is a growing sense of reality that paying ransoms does not guarantee that data will be recovered; in 2023, more than half (54%) of EMEA organisations who paid ransoms were able to recover their data, but in 2024, this dropped significantly to just 32% – less than a third.
“As attackers remain an untrustworthy method of recovering data, and as organisations improve their data recovery capabilities, it’s no surprise we’re seeing a drop in the number of ransoms being paid. But this doesn’t mean the threat from ransomware is over,” said Tim Pfaelzer, Senior Vice President and General Manager EMEA, Veeam. “Attackers will always adapt. We are seeing some forgo ransomware encryption entirely, instead stealing data to extort money directly or sell it on black markets. For some, financial gain isn’t even the main driver; disruption is. Payments may drop, but it doesn’t mean attacks will. And our data has clearly shown that significant gaps remain in data resilience, leaving organisations vulnerable.”
Missing Data Resilience measures
In the wake of several EU regulations aimed at increasing organisations data resilience, such as NIS2 and DORA for financial services, organisations are taking steps to better prepare for ransomware attacks. But they can’t afford to stand still – there is still important work to be done.
In 2024, only 37% of EMEA organisations had arrangements for alternative infrastructure, meaning 63% still lack those plans. This means that, in the event of a site-wide attack, without alternative infrastructure, these organisations will be unable to recover until the main site is declared clean, which in many cases, could take multiple weeks. In any sector, the complete pause of your operations for multiple weeks spells disaster, both reputationally and materially. And with recent research suggesting that outages could cost over £1 million per hour of downtime, depending on the size of the company, these are costs few can afford to bear.
“It’s clear that organisations have put recovery at the heart of their data resilience strategy, rather than relying on paying ransoms, which is certainly a step in the right direction. But there’s more to be done,” added Tim Pfaelzer, SVP & General Manager EMEA at Veeam. “Regulation may have brought data resilience levels up, but organisations need to take it one step further. They should focus on improving baseline data resilience with alternative infrastructure and robust backups to fully negate the need to ever pay ransoms. This way, they can drive lasting and effective improvements to their data resilience.”
Organizations’ standards around data resilience are steadily improving. Alongside this, law enforcement crackdowns like the high-profile takedown of Lockbit are also disrupting ransomware attackers right at their roots However, there is still work to be done. And organisations need to prioritize implementing key data resilience measures such as alternative infrastructure and secure backups to reach true resilience. Otherwise, when the next attack hits, there might be no payment, but there’ll also be no route to getting back up and running.
