National Security Advisor for Cyber and Emerging Technologies Anne Neuberger recently warned of the widespread devastation caused by ransomware, citing examples like the attack against a US health insurance giant that crippled hospital and pharmacy operations for weeks, and another that shut down Japan’s busiest port, Nagoya, for two full days.

Neuberger stated that since 2021, the US government alone has tracked over 4,900 ransomware attacks, with at least $3.1 billion paid in ransoms.

At Malwarebytes, we recorded 442 ransomware victims in August 2024, noting a 2% increase in overall ransomware payments during the first half of the year, from $449.1 million to $459.8 million. At the same time, payouts for “very high severity strains” skyrocketed by 650%—from $200,000 in early 2023 to $1.5 million by mid-June 2024. This points to a steady rise in ransom demands across the board.

Interestingly, fewer victims are paying, despite the surge in attacks. The number of organizations with data published on leak sites isn’t just growing—it’s accelerating.

An additional, troubling consequence is where these payments are going. According to the Financial Action Task Force, Russia is a particular concern, providing a safe haven for both ransomware attackers and crypto exchanges involved in money laundering. Ransomware also remains a major income source for North Korea’s cybercrime operations.

Neuberger urged the insurance industry to take a more active role, suggesting that insurers demand robust cybersecurity measures as a condition for policies. She criticized the practice of reimbursing ransomware payments, arguing that it encourages payment to criminals and sustains their ecosystem. “This is a troubling practice that must end,” she said.

The statements followed the fourth annual International Counter Ransomware Initiative (CRI) summit in the United States this week.

There’s no indication that the US will ban ransomware payments outright, but it could follow the UK’s lead. Earlier this year, Britain’s National Cyber Security Centre (NCSC) issued new guidance, in partnership with the insurance industry, on how ransomware victims should handle incidents.

The NCSC warns that even after paying a ransom, victims may find their data still being sold to other criminals or be blackmailed again, months or years later.

Remember, prevention is always better than cure. Set yourself above the low-hanging fruit.

How to avoid ransomware

Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.

Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.

Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.

Stop malicious encryption. Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.

Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.