Security Experts:

Connect with us

Hi, what are you looking for?



Ransomware Attacks: Don’t Let Your Guard Down

History has shown that when it comes to ransomware, organizations cannot let their guards down.

Barcelona Hospital Ransomware Attack

A recent report from blockchain data company Chainalysis shows that extortion payments for ransomware declined significantly in 2022. The decrease is attributed to the disruption of major ransomware gangs, a weakening in crypto values, and organizations finally stepping up their cybersecurity practices. According to U.S. Deputy Attorney General Lisa Monaco, the industry has pivoted “to a posture where we’re on our front foot.” Based on her view, companies are more focused on making sure they’re doing everything to prevent attacks in the first place and invest in business continuity and backup software that allow computer systems to restart after they have been infected. Does this mean we can refocus on other attack vectors and tactics?

Not so fast. A quick Google ransomware search under ‘News’ will reveal plenty of recent high-profile attacks on Dole, the City of Oakland, and Regal Medical Group and illustrate that even if ransomware appears to be slowing down, organizations cannot let their guards down.

History has shown that cyber adversaries are often adjusting their tactics and techniques to account for evolutions of their victims’ defense strategies before starting a new wave of attacks. For instance, threat actors have shifted from just infecting systems with ransomware to multi-faceted extortion where they steal data and threaten to release it to the public or even sell it. In those cases, traditional ransomware defense tools are less effective.

And while organizations might try to limit their risk exposure to these extortion schemes by taking out cybersecurity insurance policies, going forward this approach might no longer prove efficient. As insurers like Lloyds continue to add restrictions on payouts, including excluding losses related to state-backed cyber-attackers, fewer companies will be able to rely on cybersecurity insurance to mitigate catastrophic risk. Instead, companies need to increase their ransomware preparedness. This is especially true for the recovery of endpoints, which represent an essential tool for remote workers to conduct business in today’s work-from-anywhere environment. In this context cyber resiliency plays an important role, allowing businesses to improve their ability to prepare and quickly recover endpoints from ransomware attacks.

Increasing Ransomware Cyber Resilience

Unfortunately, while organizations are very concerned about the time to recover from ransomware attacks, they often solely focus on prevention tools, without planning for the worst-case scenario: falling victim to an attack. In turn, it is important to increase an organization’s ransomware preparedness and assure that the tools needed for remediation, eradication, and recovery are not just in place but also functioning as expected.

To assist organizations in increasing cyber resilience in their ransomware response, consider the following capabilities:

  • Check strategic ransomware readiness across endpoints by identifying key controls (e.g., anti-virus/anti-malware, endpoint protection, or endpoint detection and response solutions) and device management tools that are required to minimize ransomware exposure and assure expedited recovery efforts.
  • Enable ransomware cyber hygiene across endpoints by establishing application resilience policies to ensure that identified mission-critical security applications and device management tools are installed and functioning as intended.
  • Assess device security posture bycontinuously detecting and reporting on anti-malware, as well as detection and response software deployed on endpoint assets.
  • Discover sensitive endpoint data by scanning endpoints for financial information, social security numbers, personally identifiable information (PII), protected health information (PHI), and intellectual property to identify at-risk devices and ensure proper back-up via existing tools.
  • Self-healing for endpoint security and device management software by leveraging application resilience to keep essential tools installed, healthy, and effective to ensure their availability for recovery purposes.
  • Inform users in a timely and coordinated fashion about mitigation stepsby displaying messages directly on user devices, preventing unnecessary help desk support calls and fragmented communications.
  • Expedite recovery tasks by gathering precise insights, executing custom workflows, and automating commands for device recovery by leveraging a library of custom scripts to assist with tasks such as identifying machines that have been infected and encrypted, quarantining endpoints (e.g., disable networking or unlock specific device ports), or supporting the re-imaging of devices.  

History has shown that when it comes to ransomware, organizations cannot let their guards down. Instead, companies need to increase their ransomware preparedness and response because it’s only a matter of time before cyber criminals reload with new exploits and tactics.   

Written By

Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.