By Funminiyi Philips
Ransomware attacks have become a growing concern for organisations worldwide, with cybercriminals employing sophisticated tactics to extort money from their victims.
According to the 2025 Unit 42 Global Incident Response Report, 86% of ransomware incidents resulted in significant business disruption and reputation damage.
Oladimeji Ibrahim Alabi, a cybersecurity expert from the Digital Safety Network Society, notes that ransomware actors leverage advanced extortion methods to maximise ransom payments. These tactics include double extortion, where attackers encrypt files and steal sensitive data, threatening to release it online if the ransom is not paid.
Ransomware attacks have evolved significantly over the years, from simple encryption-based extortion to complex multi-extortion schemes.
The rise of Ransomware-as-a-Service (RaaS) has democratised access to ransomware tools, enabling less technical individuals to perpetrate attacks. This model has led to an increase in the volume and diversity of ransomware threats.
Ransomware attackers are getting more sophisticated, constantly changing their methods to avoid being caught and making more money. They’re using new tactics like double extortion, where they lock up files and steal sensitive data, threatening to share it online if the victim doesn’t pay.
Some even go further with triple extortion, targeting not just the organisation but also its clients, partners, and employees to increase the pressure.
Additionally, a model called Ransomware-as-a-Service allows attackers to provide tools to others, making it easier for more people to launch these types of attacks.
Ransomware attacks are on the rise.
In 2021, over a third of organisations globally faced attempted ransomware attacks, with 623.3 million attacks reported, a 105% increase from 2020. Although attacks dropped by 23% in 2022, likely due to increased government scrutiny and awareness, attack methods are evolving.
The average ransom demand has skyrocketed, reaching a record $570,000 in 2021. High-profile attacks, such as the one on JBS, which paid $11 million in ransom, highlight the severity of the threat. The cost of ransomware extends beyond the payment, with brand reputation damage accounting for 20% of costs.
Estimating successful attacks is challenging due to underreporting, but research suggests that 64% of companies have been victims of ransomware attacks, with 79% paying the ransom.
Organisations need a strong cybersecurity plan to protect against ransomware attacks. This includes regularly backing up data so systems can be restored if attacked.
Educating employees is also crucial, teaching them to spot and report suspicious emails and attachments. Keeping software and systems up-to-date with the latest security patches is essential.
Using multiple layers of security, such as firewalls, intrusion detection systems, and antivirus software, can provide added protection against these types of attacks.
Ransomware attacks are a serious and growing threat to organisations globally. By understanding how these attacks work and staying up-to-date on the latest tactics, organisations can take steps to protect themselves.
As one expert puts it, staying informed and following best practices can significantly reduce the risk of falling victim to ransomware attacks, making it essential for organisations to be proactive in their defence.
Funminiyi B. Philips is a cybersecurity enthusiast. He can be reached on LinkedIn https://www.linkedin.com/in/funminiyi-b-philips
