Anti-Ransomware Day 2025: Advice from the front line

The threat of ransomware continues to grow, with 150% more attacks this year compared to 2024. Organisations are scrambling to keep up with evolving tactics and advancing technologies. Given this rising threat, we spoke to a number of security experts to get their thoughts on this ransomware epidemic, and what organisations can do to protect themselves.

As cyberattacks grow more and more frequent, “ransomware continues to be the most common end game cybercriminals are working towards” according to Shobhit Gautam, Staff Solutions Architect, EMEA at HackerOne. He explains that “criminals are focusing their attacks on key sectors such as healthcare, retail, and manufacturing. These attacks may be increasing due to the growing reliance on digital systems within these industries, along with the higher use of third-party components and inadequately protected legacy systems, compounded by reduced funding for security measures.”

The rise in ransomware fuelled attacks is also a concern for Darren Thomson, Field CTO EMEAI at Commvault. For Thomson, the attacks aren’t solely motivated by monetary gain. “Cybercriminals are no longer just chasing payouts – they’re hunting for headlines” he explains. “Recent attacks targeting high-profile organisations and critical supply chains show a clear shift in strategy: aiming for maximum disruption and publicity by targeting the ‘big fish’.” This desire for notoriety could be attributed to the growing number of criminal groups, each looking to make their mark.

The influx of cybercriminal groups can also be attributed to the growing ease with which attacks can be carried out. As Glenn Akester, Technology Director for Cyber Security & Networks at Node4, makes clear, “with ransomware-as-a-service widely available, launching an attack no longer requires deep technical skill, just intent. At the same time, threat actors are starting to use AI to accelerate and adapt their tactics, from crafting more convincing phishing emails to mutating ransomware code in real time to bypass detection. This constant variation is making traditional, signature-based defences less effective, particularly for organisations without dedicated cyber teams.”

For Andy Swift, Cyber Security Assurance Technical Director at Six Degrees, “a notable shift is starting to occur; attackers are now increasingly turning to tactics such as malware free attacks or zero day exploits to breach systems. Additionally, proof of concept code for newly discovered vulnerabilities is being developed and circulated with increasing efficiency. Combined with recent research showing that ransomware attacks were up 126% in the first quarter of 2025, this highlights a clear change in tactical approach.

“The rise of agentic AI is set to accelerate this trend further, enabling ransomware developers to produce and refine malicious code faster than ever. No organisation is immune, making resilience just as critical as threat detection and prevention for businesses.”

HackerOne’s Gautam reiterates the problem of readily available ransomware tools, highlighting that “the capabilities of AI mean that criminals no longer need an in-depth knowledge of programming or hacking to launch these attacks. The deepening role of artificial intelligence in the technology industry is leading to an AI arms race between security teams and cybercriminals. With more than 50% of security researchers saying so, it is vital that businesses take the necessary steps to reduce the ransomware threat.”

However, these threats are not being taken seriously enough according to Akester. He is concerned by the fact that, “worryingly, recent research has revealed that cybersecurity ranks only 7th among strategic priorities for both business leaders and IT professionals, with protection from ransomware and malware ranking below 10th among cybersecurity priorities.”

This scale of the threat is emphasised by Commvault’s Thomson, who reveals “recent research found that cyberattacks are costing UK businesses £64 billion a year, accumulated across ransom payments, lost business, and other related costs. Yet, despite the rising threat, too many organisations remain underprepared.”

It is clear that businesses must take greater steps in improving their security measures. Swift,explains that: “Robust data protection through authenticated access, encryption, and dependable backup solutions is vital. These protections must also extend throughout the whole supply chain, incorporating zero trust principles, least privilege access, and strong boundary controls with all suppliers and partners.”

For Thomson, “true cyber resilience means more than just defence, it also requires the ability to recover fast. This is where tools such as cleanroom environments come in. By restoring critical cloud services in a secure, isolated space and using automation to speed up recovery, companies can minimise downtime. While recovery takes 24 days on average, some organisations don’t achieve business-as-usual for over 200, often due to poor preparation and a lack of understanding of their “Minimum Viable Company” – the essential systems needed to stay operational.”

He continues: “Taking practical steps like using secure password managers, avoiding password reuse, and steering clear of public Wi-Fi without a VPN are essential. On Anti-Ransomware Day, it’s time for both businesses and consumers to assess their cyber resilience.”

As well as a focus on internal security processes, Gautam highlights that “one of the most successful ways to counter the risk of ransomware is to adopt crowdsourced security. Bug bounty programs incentivise security researchers to highlight any weaknesses and potential vulnerabilities in businesses’ defences and can provide support to mitigate these threats. Working with security researchers is a critical step in identifying and fixing vulnerabilities before malicious actors can exploit them.”

Node4’s Akester concludes: “This Anti-Ransomware Day is a good moment to review your current posture. Are your defences keeping pace with the threat? Could you recover under real-world pressure? In today’s threat landscape, resilience can’t be assumed, it needs to be designed, tested, and maintained. Now is the time to close the gaps.”