top of page

The Rise of Ransomware: It's Not Too Late to Invest in Security, but it Will be Soon

TL;DR: Ransomware is a growing threat, with nearly half of targeted organizations paying ransoms, which only encourages more attacks. The article argues against capitulation, emphasizing the importance of robust contingency planning, including incident response, business continuity, and disaster recovery plans. The solution to ransomware requires significant investment in layered security strategies, as running faster than just one lion (or attacker) is no longer enough in today’s threat landscape. Preparation, not capitulation, is key to protecting your organization.


Ransomware attacks have become a persistent and growing threat to organizations worldwide. The statistics are staggering: according to a 2023 report by Cybersecurity Ventures, ransomware attacks since 2016 have grown by an estimated 430%! Moreover, according to a 2022 report by IBM’s X-Force, ransomware had become the most popular attack method, with a 41% increase in attacks from 2019-2020 alone. With the advent of ransomware-as-a-service (RaaS) this trend is likely to become increasingly steeper.


A trend I find more alarming, that has really piqued my interest of this cyber epidemic, is the number of incidents in which the ransomist are given exactly what they want! According to a 2023 Sophos survey, 46% of organizations targeted by ransomware end up paying the ransom. This figure rose even higher in 2024, with the CyberEdge Group reporting that 61% of organizations succumb to ransom demands. These numbers highlight a troubling trend—one that mirrors the age-old adage that the United States does not negotiate with terrorists. The parallels between negotiating with terrorists and conceding to ransomware attackers are clear, and the implications are just as serious.

The Risks of Capitulation

The U.S. government’s policy of not negotiating with terrorists is rooted in the belief that doing so projects weakness, legitimizes the attackers, and encourages more of the same behavior. Even when negotiations occur, the outcomes are often unsatisfactory, with terrorists using any concessions to further harm the country. The same can be said for ransomware. When an organization pays the ransom, it not only validates the attackers’ methods, but also emboldens them to continue their malicious activities. Ransomware begets more ransomware, as each successful attack serves as proof of concept, attracting more criminals to the fold.

Moreover, trusting that attackers will honor their promise to restore your data after payment, is folly. The reality is that many organizations do not recover all their data—if any—after paying a ransom. There is no honor among thieves, and the likelihood of being left with partial or irreparable data is high.

Furthermore, perhaps even worse than the initial breach is the damage to an organization’s reputation if it becomes known that they capitulated to attackers. Losing customer data is embarrassing enough, but being seen as having given in to criminal demands can be devastating to a company’s brand and trustworthiness.

The Importance of Contingency Planning

Given the grave consequences of capitulation, it’s easy to preach that organizations should never give in to ransomware demands. But when an organization is in the thick of an attack, the situation is far more complex. This is why contingency planning is critical.

The saying “Those who fail to plan, plan to fail” holds especially true in cybersecurity. The middle of an incident—when stress and anxiety are at their peak—is not the time to start making decisions. In such chaotic moments, the autonomic fight-or-flight response can take over, leading to rash decisions that may exacerbate the situation.

To prevent this, organizations need well-defined plans that guide their response to such threats. These include:

  • Incident Response Plans: A structured approach to detecting, responding to, and mitigating the effects of a security incident that threatens the confidentiality, integrity, or availability (CIA) of data and systems.

  • Business Continuity Plans: A plan outlining how an organization will maintain its critical functions during and after a disruption, ensuring that the mission continues despite ongoing threats or incidents.

  • Disaster Recovery Plans: A set of procedures and processes aimed at restoring an organization’s systems, data, and infrastructure to full operational capacity after a disaster.

  • Backup and Recovery Strategies: Data should be backed up separately from operating system (O/S) backups. Additionally, backups should be stored in environments that are isolated from the production network—ideally offline or in a secure, air-gapped network. Relying solely on a single backup strategy or location is risky; spreading out your backups ensures better resilience against ransomware and other threats. Remember, putting all your eggs in one basket is rarely advisable.

  • Capitulation should not be part of these plans. Instead, preparation is key, with a sufficient backup strategy and systems that cannot be affected by the attacks, can ensure that recovery is possible without giving in.

A Layered Approach to Security

The solution to the ransomware epidemic is complex, challenging, and requires a layered, systematic approach to data and system protection. Security is not about achieving perfection but about being robust enough to deter attacks. We often liken security to the analogy: "When being chased by a lion, you need not run faster than the lion, just the other guy." However, in today’s landscape, it's more like being chased by 50 lions. The sheer number of threats means that while perfection isn't required, significant investment in resources, strategies, and contingencies is critical. And perfection should always be the goal—even if realizing it is seldom possible.

There are myriad approaches to preventing ransomware, but these approaches contain immutable concepts and practices. The key question remains: What can you do to protect your organization?

Planning from the Top Down

Effective cybersecurity planning must start from the top down. Executives must understand the threats, the urgency, and the ramifications of failure. From there, a methodical and thorough approach must be taken, addressing every discipline affecting the CIA of data and systems.

At Excellens, we have a storied history of planning for such issues from the top down. We combine executive education, experience, and savvy with technical expertise to guide you not just in the broad aspects of security but also in the specifics. Preparing for a ransomware attack is not just about protecting your organization—it's about safeguarding your future.

Conclusion

Ransomware is a form of digital terrorism that threatens the very core of an organization’s operations. Capitulation is not a solution, but rather a path to further victimization. The key to resilience lies in thorough planning, robust defenses, and a layered approach to security. By investing in these areas, organizations can reduce their risk and ensure that they are not merely running from one lion, but prepared to face the entire pride.



References:

  • Sophos. (2023). The State of Ransomware 2023 Report.

  • CyberEdge Group. (2024). Cyberthreat Defense Report 2024.

  • Cybersecurity (2023) Cybercrime Magazine

  • IBM X-Force (2022) IBM Security

  • SonicWall Cyber Threat Report (2024) 

 

5 views0 comments

Commentaires


bottom of page