ransomware attacks are becoming more common and dangerous here’s how to prevent them banner

Ransomware Attacks Are Becoming More Common and Dangerous: Here’s How to Prevent Them

Ransomware continues to be one of the biggest cybersecurity threats organisations face today. According to recent research from Check Point, this attack vector grew by 126% in the first quarter of 2025. Overall, 2289 incidents occurred during this period, with consumer goods and business services being the most targeted industries.

But ransomware attacks aren’t just growing in number. They’re also becoming more sophisticated than ever before, with hackers increasingly adopting double extortion and artificial intelligence-based tactics to inflict greater damage on victims and scale their nefarious activities. So, what can cybersecurity teams do to keep pace with this fast-growing and evolving threat?

Ransomware is Quickly Evolving

A notable change in ransomware tactics is that hackers are no longer simply encrypting stolen data. They’re also threatening to upload it to the internet should victims fail to pay ransoms, which is known as double extortion ransomware. Ransomware gang Maze infamously employed this tactic against American private security and staffing firm Allied Universal in 2019.

After Allied failed to pay Maze’s $2.3 million ransom, the hackers responded by leaking a small amount of the firm’s stolen data online and upping the original ransom by 50%. Despite this ultimatum, Allied stood firm in its refusal to meet the hackers’ demand. Subsequently, Maze leaked even more data.

Since then, Maze has launched similar attacks against the City of Pensacola in Florida and professional services giant Cognizant. In fact, it’s estimated that the Maze ransomware cost Cognizant between $50 million and $70 million, illustrating the severe financial impacts of ransomware.

Given the high profitability of ransomware campaigns like those conducted by Maze, hackers are now operating as businesses in a bid to maximise their gains. As such, today’s ransomware attacks are highly sophisticated affairs, according to Dray Agha, senior manager of security operations at managed cybersecurity platform Huntress. He observes that these operations often involve affiliates, customer service portals and targeted strategies – aimed at ensuring ransomware stays hidden deep in corporate networks for long periods of time while exploiting weaknesses around people, processes and technology.

This sentiment is echoed by Pierre Noel, field CISO of EMEA at managed detection and response platform Expel, who describes ransomware groups as “big ecosystems”. He says they’re working tirelessly to “perfect their components” and are employing strategies used by genuine software-as-a-service companies. Examples include different pricing options, comprehensive user documentation and easy-to-use dashboards, which allow both novice and experienced hackers to conduct successful double-extortion ransomware campaigns.  He adds: “Ransomware has grown increasingly polymorphic, launching attacks far and wide, utilising any information or AI that cybercriminals can find to enhance the efficiency of their attacks.”

Because of these evolving tactics, ransomware campaigns aren’t just the domain of major cyber gangs and nation-states anymore. Nowadays, anyone can perform ransomware attacks, thanks to the increasing reliability and availability of off-the-shelf ransomware tools and kits, according to Mick Baccio, global cybersecurity advisor at American software firm Splunk. He adds: “Ransomware has been industrialised.”

Another alarming trend is the rise of artificial intelligence-fuelled ransomware attacks.

Giles Inkson, director of EMEA services at cybersecurity firm NetSPI, says hackers are using this technology for automating ransomware attacks, creating more compelling phishing campaigns, developing hard-to-detect malware and cracking large volumes of passwords more quickly. He continues: “While AI can help bolster cyber defence strategies, it also expands the organisation’s attack surface, leaving assets potentially exposed and vulnerable to adversaries.”

Multi-Faceted Risks

As ransomware tactics evolve, so do the stakes they pose to organisations. Baccio of Splunk warns that organisations don’t just face the prospect of stolen files in the event of a ransomware attack. Financial losses, reputational damage, eroded customer trust and legal implications are also inevitable.

The financial costs of ransomware attacks, in particular, can be devastating for victims. Splunk’s Cost of Downtime Report shows that unplanned IT downtime costs the world’s top 2000 companies $400 billion per year. On top of this, Baccio says stock prices can tumble by as much as 9% following a ransomware attack. Fines also average at $22 million and ransom payouts at $19 million.

But worse still, he says no financial figure can be put on the brand damage caused by ransomware. He tells ISMS Online: “Downtime now means more than lost revenue. It means bruising your reputation, compliance headaches, and your customers noticing before you do.”

Agha of Huntress concurs that the impact of ransomware attacks is multi-faceted.

Legally, when a business loses sensitive data due to a ransomware attack, he says it will be subject to strict breach notification rules, lawsuits and fines. Firms that are unable to show they have adequate cybersecurity protections in place will be hit the hardest by these penalties, he claims.

Not to mention, ransomware attacks affecting large organisations often become public spectacles. Agha warns that regulators, customers, investors and journalists will all want to know why an organisation was able to succumb to ransomware. He continues: “Having legal and PR teams involved from the start ensures that the response is not only technically sound but also legally compliant and reputationally careful.”

Mitigating Ransomware

When it comes to mitigating ransomware, Huntress’ Agha says organisations must remember that these attacks often comprise several steps and therefore can’t be stopped using a single cybersecurity product. Typically, hackers will circulate phishing emails before stealing credentials from unsuspecting users who click on malicious email links and gaining access to data and systems on the compromised IT network. They then go on to spread information-stealing malware, exfiltrate sensitive data, encrypt it and finally demand a ransom.

With this in mind, he urges organisations to adopt a layered cybersecurity approach. This should include cybersecurity awareness training to ensure employees spot phishing attempts early on, the use of a managed detection and response solution so threats don’t slip through the net and data backups to enable organisations to recover quickly after a ransomware attack.

Additionally, organisations should regularly patch security issues, set robust access controls and implement a comprehensive incident response plan. Doing so will result in a “resilient, coordinated defence” that protects organisations against the latest ransomware tactics. Agha explains: “It’s not just about buying tools; it’s about building a security-first culture that prepares for the reality of today’s attacks.”

Splunk’s Baccio also takes the view that ransomware attacks can’t be prevented through a silver-bullet approach. Just like you’d wear several layers to survive a snowstorm, he says organisations need multiple layers to protect against ransomware. These layers should include firewalls, endpoint protection, network monitoring, zero-trust architectures, backups and training. He adds: “Because when the attack hits, you want muscle memory, not mayhem.”

To ensure the smooth implementation of multi-layered cybersecurity strategies, Satish Swargam – principal consultant at application security software firm Black Duck – recommends that organisations detail each step in a roadmap. Investing in artificial intelligence-powered tools may also speed up many of these steps, according to NetSPI’s Inkson. But he’s clear that automation should augment – and not replace – human cybersecurity experts.

On that note, Shobhit Gautam – staff solutions architect of EMEA at offensive cybersecurity solutions provider HackerOne – argues that involving outside experts through bug bounty programs will help organisations identify and solve security flaws that may lead to ransomware attacks.

Of course, ransomware strategies are only effective if everyone within the organisation plays their part. However, that’s where professional industry standards like ISO 27001 are enormously helpful. Javvad Malik, lead security awareness advocate at security awareness training platform KnowBe4, explains: “It aligns people, processes, and technology towards robust information security, enhancing overall cyber resilience beyond just ransomware protection.”

With no signs of slowing down anytime soon, ransomware clearly can’t be ignored. But the reality is that the dynamic nature of current ransomware threats means organisations can’t expect to tackle this threat by investing in a single cybersecurity application. They need to design and implement a multi-layered cybersecurity strategy that provides effective solutions for tackling each step of the ransomware process. Most importantly, all employees have a role to play in putting this strategy into practice. That way, ransomware attempts will be quashed as quickly as possible.

Author

Nicholas Fearn

Nicholas Fearn is a freelance journalist from the Welsh Valleys. He’s written for major media outlets like the Financial Times, The Independent, The Telegraph, Evening Standard, iNews, HuffPost and Insider, as well as B2B publications like Computer Weekly, Computing and IT Pro. When Nic isn’t writing about the latest gadgets and tech trends, he’s probably listening to Mariah Carey’s entire discography.

View all posts by Nicholas Fearn

Related Posts

SOC 2 is here! Strengthen your security and build customer trust with our powerful compliance solution today!