• Established ransomware operators are upping their game, focusing on new monetization opportunities.
• Operators keep innovating, customizing ransom demands and constantly improving their ability to disrupt.
• Organizations need to strengthen defenses across people, processes and technology.
• Security leaders must act fast and demonstrate why security is critical to business resilience.

Why ransomware?

According to Christopher Krebs, former Director of the Cybersecurity and Infrastructure Security Agency (CISA), “You’ve got to start with what really matters the most and then you work out from there. So, from that perspective, ransomware is the biggest threat.”

Impacts vary, but, in many cases, ransomware disrupts businesses for significant periods—or even forces them to suspend operations or close.

A growing population of highly capable cyber extortionists is developing a new means to counter defenses and increase the level of disruption they can inflict, constantly. Threats are widespread; they extend across industry and the public/ private sector, affecting large and small businesses alike.

Today’s top three ransomware defense challenges

1. Successful ransomware extortionists are ramping up attacks
   Established ransomware operators are upping their game as they continue to focus on new monetization opportunities and see no limits to the potential profits.
2. Ransomware operators are constantly improving their ability to disrupt
   Cyber extortionists are incentivized to develop ever-more disruptive ways of working. The more disruption they can inflict, the larger the ransom they can demand.
3. Business growth and service strategies lack resilience
   Downtime from ransomware can affect tens of millions of people. The theft and publication of data gives attackers new extortion opportunities—such as the risk of regulatory sanctions if protected information is made available online.

Ransom demands are growing and becoming more customized—with threat actors assessing who is more likely to pay. If ransoms are paid, it can open the door to further criminality. Some ransomware operators have been sanctioned, potentially placing a ransom-paying victim in further legal jeopardy.