When an organization’s computer systems go down, it’s not just an inconvenient IT problem. It can stop clients and customers from getting the services they need, damaging a firm’s reputation. For essential service providers like water and power companies, it can cause life-threatening situations.
The cause of this system downtime is often due to cybercriminals launching ransomware attacks on vulnerable organizations. These attacks can cause businesses to grind to a halt across multiple industries — and it’s a type of attack that’s on the rise. Threat actors, the malicious cybercriminals who infiltrate a company’s systems, are becoming more skilled, opportunistic, and ruthless.
What Is Ransomware?
Threat actors try to gain access to a company’s systems or data in several ways. Phishing is a common method for gathering username and password information. Criminals pose as official members of a company or service provider in order to trick users into disclosing personal information.
Malicious actors may also scan an organization’s network for vulnerabilities, finding weak points in their cybersecurity defenses.
Once they find a way into a firm’s networks, they install malware (malicious software). This locks away sensitive data or systems access until a ransom is paid. The ransom is usually demanded in cryptocurrency such as Bitcoin to make it harder to trace.
Savvy businesses have disaster mitigation plans in place, including backups of sensitive data and ways to remotely reboot systems. However, ransomware is evolving and now includes double-extortion or triple-extortion attacks. These attacks take into account how prepared some organizations are. Instead of just locking data away, cybercriminals encrypt it and threaten to leak it online. Common threats are sending business-critical data to competitors or causing problems for a firm’s customers by misusing personal information.
The Impact of Ransomware
Because ransomware prevents businesses from accessing their systems or data, the effects can be far-reaching. When a firm can’t access its internal systems, the following can happen:
- Customers or clients can’t receive goods or make orders
- Tech providers like SaaS companies can’t provide their services
- Connections to logistics partners fail
- If a healthcare facility is attacked, lives are placed in danger
- Ransomware attacks on utility providers can leave homes without energy or water
All these aspects impact how the public perceives an organization. Instead of a trustworthy, reliable entity, they see the firm as vulnerable and incapable of securing their data.
Of course, there are high financial impacts too. While systems are offline, businesses aren’t making any money — but overheads continue to mount up. Companies who agree to pay the ransom are left out of pocket. They may also be at risk of further attacks as threat actors will note that this company is willing to pay.
Recovering from a ransomware attack can also be costly. Sophos recently reported that the average cost of full recovery and data retrieval hovered around $3 million.
Who Is at Risk from Ransomware Attacks?
Higher recovery costs are most common in critical infrastructure industries like energy and water. Threat actors know that by attacking facilities that impact the lives of thousands of people, they can cause the most disruption. That disruption is the incentive they hope will prompt businesses to pay up.
A prime example is the attack on the Colonial Pipeline in 2021. This pipeline delivers fuel to huge swathes of the East Coast. Ransomware caused production to grind to a halt, leaving thousands of Americans queuing for limited fuel reserves.
Since then, the U.S. government has demanded that firms be more proactive about bolstering their cybersecurity posture and reporting threats. However, more recently, there have been multiple attacks on water facilities across the States. Threatening key industries, utilities, and the supply chain creates panic and makes it more likely criminals will get paid.
These industries have all seen increasing volumes of attacks over the past year:
- Healthcare attacks up 3%
- Tech hardware and software providers, both up 13%
- Financial institutions, up 3%
- Communications providers, up 8%
- Utilities, up 1%
As recently as June 2024, hospitals in the United Kingdom were suddenly unable to access critical patient data after a cyberattack that originated in Russia. Ransomware is becoming more targeted and harder to protect against, particularly for well-established organizations with older, legacy IT systems.
Is the Threat of Ransomware Increasing?
IBM reports that a fifth of all cyberattacks involve ransomware. Additional statistics show that in 2023, at least one in ten organizations worldwide were hit by ransomware attempts. That’s up by a third on the year before.
In 2024, the number of attacks was still on the rise, including physical threats leveled against company CEOs. While cybercriminals have yet to resort to physical violence to back up extortion, they have inadvertently caused severe harm. Many patients died due to not receiving the right care when hospitals were targeted by ransomware.
In an interview with Wired, threat intelligence experts stated “We’re definitely not winning the fight against ransomware right now.” That’s an alarming statement for any business looking for ways to guard against this rise in attacks.
Three Factors Driving the Rise in Ransomware Attacks
What’s driving this ruthless rise in ransomware attacks? Emerging technologies are one factor, providing threat actors with advanced tools for launching malware. Other factors include a lack of security on mobile devices and talent shortages in the cybersecurity industry.
Skills Shortages in Tech and Cybersecurity
Gartner recently predicted that 50% of cybersecurity leaders will leave their roles due to the rising stress levels. The same report also states that in 2025, half of all major cyber incidents will be due to a lack of qualified cybersecurity professionals.
There are millions of cybersecurity jobs going unfilled because of a lack of qualified talent. Demand for these experts is growing twice as fast as people are gaining relevant qualifications. Without major efforts to upskill teams to handle cybersecurity risks, this will always be a major vulnerability across multiple industries.
Generative AI and Cybercrime-as-a-Service
The ability to create code in seconds with generative AI means cybercriminals with some basic tech skills can create complex malware. For those with minimal coding skills, there is ransomware-as-a-service (RaaS). Cybercrime-as-a-service is becoming popular with opportunistic criminals who don’t want to take the time to learn a skill. They pay a provider who gives them the tools for phishing, identity theft, or ransomware.
RaaS is provided by ransomware gangs who, for a price, offer leak sites, encryption protocols, and all the necessary tools to launch attacks. While RaaS isn’t new, there will certainly be more criminals utilizing these “services” in 2025.
Remote and Hybrid Work Without Proper Device Management Protocols
Since the pandemic, remote and hybrid work has become the new normal. People can work from anywhere with the right connections and devices. Unfortunately, this has led to employees using personal laptops, smartphones, and tablets for corporate purposes.
Personal devices rarely have the same level of security as their corporate alternatives. Because of this, threat actors can use these as a back door into a company’s network. This becomes even easier when users are hopping on and off free, unsecured Wi-Fi channels. And, of course, organizations may struggle to find qualified device managers due to the aforementioned skills shortages.
Mitigating the Risk of Attacks
Thankfully, there is some good news: most ransomware attacks fail. Only around 10% of attacks are successful, however as noted above, they can be very costly for businesses. Take these steps to help protect your organization:
- Educate employees on how to recognize the signs of phishing. Ensure there are clear protocols for reporting any suspicious emails or messages.
- Work with a qualified third party to assess your cybersecurity posture — this is usually more cost-effective than a full-time hire.
- Back up everything and then back it up again. Ensure multiple backups are stored in separate locations. Consider combining cloud-based and on-site storage where possible.
- Move all sensitive data to systems requiring two-factor authentication (2FA).
- Invest in ransomware protection software.
- Create policies around device use including avoiding public Wi-Fi and limiting the use of personal devices.
In the face of more elaborate and persistent attacks, companies who prepare for the worst probably won’t ever have to face it.
Looking Ahead: How Cybersecurity Professionals Can Handle the Next Wave of Threats
Cybersecurity experts know that fighting back against ransomware is vital. Threat actors may only operate in the digital realm. However, they’re often connected to criminal groups who partake in real-life violence. Funding one inevitably funds the other.
Coordinated police attacks involving threat intelligence analysts and expert consultants could help root out the criminal element behind many of these attacks. In the meantime, governments may consider making ransomware payments illegal. Forcing companies to handle cybersecurity vulnerabilities instead of paying criminals could be a wake-up call for organizations unwilling to pay to update their legacy systems.
AI can also be a tool on the side of cybersecurity, helping detect vulnerabilities before attacks occur. These tactics could be the first steps toward finally pushing back the rising wave of increasingly ruthless ransomware attacks.
