{"id":45397,"date":"2022-02-22T13:00:33","date_gmt":"2022-02-22T13:00:33","guid":{"rendered":"http:\/\/74f4809a-5899-4cc6-9188-18a84b8557f7"},"modified":"2022-02-22T13:00:33","modified_gmt":"2022-02-22T13:00:33","slug":"ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\/","title":{"rendered":"Ransomware victims are paying up. But the crooks are coming back for more"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/img\/resize\/821c6e891c571dafe43072927c3b4f76a7702771\/2020\/11\/10\/7a1ae90a-a816-4079-b3ff-fb2a9945268c\/istock-1185049571.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\" class=\"ff-og-image-inserted\"><\/div>\n<p>Many organisations that fall prey to ransomware attacks end up paying a ransom multiple times as cyber criminals exploit weaknesses in cybersecurity to squeeze their victims for as much cash as they can.&nbsp;<\/p>\n<p>According to <a href=\"https:\/\/www.proofpoint.com\/us\/blog\/security-awareness-training\/2022-state-phish-explores-increasingly-active-threat-landscape\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">analysis by cybersecurity researchers at Proofpoint<\/a>, 58% of organisations infected with <a href=\"https:\/\/www.zdnet.com\/article\/ransomware-an-executive-guide-to-one-of-the-biggest-menaces-on-the-web\/\" target=\"_blank\" rel=\"noopener\">ransomware<\/a> paid a ransom to cyber criminals for the decryption key \u2013 and in many cases, they paid up more than once.&nbsp;<\/p>\n<div class=\"relatedContent alignRight\">\n<h3 class=\"heading\"> <span class=\"int\">ZDNet Recommends<\/span> <\/h3>\n<\/p><\/div>\n<p>Law enforcement agencies and cybersecurity experts warn organisations against paying ransoms, because not only is there no guarantee that the supplied decryption key will work, giving in to ransom demands <a href=\"https:\/\/www.zdnet.com\/article\/ransomware-dont-pay-the-ransom-it-just-encourage-cyber-criminals-that-attacks-work-warns-home-secretary\/\" target=\"_blank\" rel=\"noopener\">just encourages more ransomware attacks<\/a> as it shows cyber criminals that the attacks work.<\/p>\n<p><strong>SEE:&nbsp;<\/strong><a href=\"https:\/\/www.zdnet.com\/topic\/cybersecurity-lets-get-tactical\/#link=%7B%22linkText%22:%22Cybersecurity:%20Let's%20get%20tactical%20(ZDNet%20special%20report)%22,%22target%22:%22_blank%22,%22href%22:%22https:\/\/www.zdnet.com\/topic\/cybersecurity-lets-get-tactical\/%22,%22role%22:%22standard%22,%22absolute%22:%22%22%7D%23link=%7B%22role%22:%22standard%22,%22href%22:%22https:\/\/www.zdnet.com\/topic\/cybersecurity-lets-get-tactical\/%23link=%7B%22linkText%22:%22Cybersecurity:%20Let's%20get%20tactical%20(ZDNet%20special%20report)%22,%22target%22:%22_blank%22,%22href%22:%22https:\/\/www.zdnet.com\/topic\/cybersecurity-lets-get-tactical\/%22,%22role%22:%22standard%22,%22absolute%22:%22%22%7D%22,%22target%22:%22%22,%22absolute%22:%22%22,%22linkText%22:%22%3Cstrong%3ECybersecurity:%20Let's%20get%20tactical%20(ZDNet%20special%20report%3C\/strong%3E%22%7D\"><strong>Cybersecurity: Let&#8217;s get tactical<\/strong><\/a><strong>&nbsp;(ZDNet special report)<\/strong><\/p>\n<p>Of those who paid the ransom, just over half \u2013 54% \u2013 regained access to data and systems after the first payment. But another third of ransomware victims ended up paying an additional ransom demand before they received the decryption key, while a further 10% also received additional ransom demands but refused the additional payment, walking away without their data.&nbsp;<\/p>\n<p>In 4% of cases, organisations paid a ransom or ransoms but still couldn&#8217;t retrieve their data, either because of a faulty decryption key, or because the cyber criminals simply took the money and ran.&nbsp;<\/p>\n<p>When organisations fall victim to ransomware attacks, the crooks have often been inside that network for weeks or months prior to the attack. That means that even if the ransom is paid, the hackers have the necessary controls and permissions to return and trigger another attack.&nbsp;<\/p>\n<section class=\"sharethrough-top placeholder\"> <\/section>\n<p>&#8220;I don&#8217;t think a lot of organisations are aware of the fact that you might pay the ransom once, but if the criminals have been in your infrastructure for eight weeks, you don&#8217;t know what else they stole,&#8221; Adenike Cosgrove, cybersecurity strategist at Proofpoint, told ZDNet. &nbsp;<\/p>\n<p>Stolen data is <a href=\"https:\/\/www.zdnet.com\/article\/ransomware-theres-been-a-big-rise-in-double-extortion-attacks-as-gangs-try-out-new-tricks\/\" target=\"_blank\" rel=\"noopener\">commonly used as additional leverage in ransomware attacks<\/a>, as the cyber criminals threaten to publish it if they don&#8217;t receive a ransom payment. While this does force some victims into paying, there&#8217;s no guarantee that the cyber criminals won&#8217;t return with additional threats to publish the stolen data later.&nbsp;<\/p>\n<p>&#8220;The first run is &#8216;give me a ransom so I can give you the decryption key&#8217;. The second ransom is &#8216;give me a ransom or I&#8217;m going to put this data on the dark web&#8217;,&#8221; Cosgrove explained.&nbsp;<\/p>\n<p>&#8220;Third might be &#8216;give me a ransom or I&#8217;m going to tell media publications about this data breach that you have and tell the regulators that, hey you didn&#8217;t notify customers that their privacy was impacted,'&#8221; she added.&nbsp;<\/p>\n<p>The best way to deal with ransomware attacks is to prevent them from happening in the first place. &nbsp;<\/p>\n<p>According to Proofpoint, 75% of ransomware incidents <a href=\"https:\/\/www.zdnet.com\/article\/ransomware-attacks-that-start-with-phishing-emails-are-suddenly-back-in-fashion-again\/\" target=\"_blank\" rel=\"noopener\">begin with phishing attacks<\/a>, which cyber criminals use to steal usernames and passwords, or <a href=\"https:\/\/www.zdnet.com\/article\/this-stealthy-malware-delivers-a-silent-threat-that-wants-to-steal-your-passwords\/\" target=\"_blank\" rel=\"noopener\">plant remote access trojans<\/a> to gain an initial foothold in the network.&nbsp;<\/p>\n<p>Being able to detect suspicious activity early on can, therefore, provide a means of preventing a full-scale ransomware attack.&nbsp;<\/p>\n<p>&#8220;The assumption is that a ransomware attack is the beginning of an incident, but the reality is the incident started weeks ago,&#8221; said Cosgrove.&nbsp;<\/p>\n<p>Training users to identify and report suspicious emails can help organisations detect ransomware and other malware attacks early.<\/p>\n<p><a href=\"https:\/\/www.zdnet.com\/article\/multi-factor-authentication-use-it-for-all-the-people-that-access-your-network-all-the-time\/\" target=\"_blank\" rel=\"noopener\">Enabling two-factor authentication<\/a> can also provide a significant stumbling block to phishing attacks that aim to steal usernames and passwords, because without access to the authentication app, it&#8217;s much harder for cyber criminals to leverage compromised login credentials.&nbsp;<\/p>\n<h3><strong>MORE ON CYBERSECURITY<\/strong><\/h3>\n<p> READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity experts warn against paying ransoms &#8211; this is why.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-45397","post","type-post","status-publish","format-standard","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Ransomware victims are paying up. But the crooks are coming back for more 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ransomware victims are paying up. But the crooks are coming back for more 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-22T13:00:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/a\/img\/resize\/821c6e891c571dafe43072927c3b4f76a7702771\/2020\/11\/10\/7a1ae90a-a816-4079-b3ff-fb2a9945268c\/istock-1185049571.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Ransomware victims are paying up. But the crooks are coming back for more\",\"datePublished\":\"2022-02-22T13:00:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\\\/\"},\"wordCount\":623,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/821c6e891c571dafe43072927c3b4f76a7702771\\\/2020\\\/11\\\/10\\\/7a1ae90a-a816-4079-b3ff-fb2a9945268c\\\/istock-1185049571.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\\\/\",\"name\":\"Ransomware victims are paying up. But the crooks are coming back for more 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/821c6e891c571dafe43072927c3b4f76a7702771\\\/2020\\\/11\\\/10\\\/7a1ae90a-a816-4079-b3ff-fb2a9945268c\\\/istock-1185049571.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"datePublished\":\"2022-02-22T13:00:33+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/821c6e891c571dafe43072927c3b4f76a7702771\\\/2020\\\/11\\\/10\\\/7a1ae90a-a816-4079-b3ff-fb2a9945268c\\\/istock-1185049571.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/821c6e891c571dafe43072927c3b4f76a7702771\\\/2020\\\/11\\\/10\\\/7a1ae90a-a816-4079-b3ff-fb2a9945268c\\\/istock-1185049571.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ransomware victims are paying up. But the crooks are coming back for more\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ransomware victims are paying up. But the crooks are coming back for more 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\/","og_locale":"en_US","og_type":"article","og_title":"Ransomware victims are paying up. But the crooks are coming back for more 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-02-22T13:00:33+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/a\/img\/resize\/821c6e891c571dafe43072927c3b4f76a7702771\/2020\/11\/10\/7a1ae90a-a816-4079-b3ff-fb2a9945268c\/istock-1185049571.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Ransomware victims are paying up. But the crooks are coming back for more","datePublished":"2022-02-22T13:00:33+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\/"},"wordCount":623,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/821c6e891c571dafe43072927c3b4f76a7702771\/2020\/11\/10\/7a1ae90a-a816-4079-b3ff-fb2a9945268c\/istock-1185049571.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\/","url":"https:\/\/www.threatshub.org\/blog\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\/","name":"Ransomware victims are paying up. But the crooks are coming back for more 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/821c6e891c571dafe43072927c3b4f76a7702771\/2020\/11\/10\/7a1ae90a-a816-4079-b3ff-fb2a9945268c\/istock-1185049571.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","datePublished":"2022-02-22T13:00:33+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\/#primaryimage","url":"https:\/\/www.zdnet.com\/a\/img\/resize\/821c6e891c571dafe43072927c3b4f76a7702771\/2020\/11\/10\/7a1ae90a-a816-4079-b3ff-fb2a9945268c\/istock-1185049571.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","contentUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/821c6e891c571dafe43072927c3b4f76a7702771\/2020\/11\/10\/7a1ae90a-a816-4079-b3ff-fb2a9945268c\/istock-1185049571.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-victims-are-paying-up-but-the-crooks-are-coming-back-for-more\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Ransomware victims are paying up. But the crooks are coming back for more"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45397","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=45397"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45397\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=45397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=45397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=45397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}