Stopping ransomware: Advanced safeguards for your organization
Protect your organization and stop ransomware attacks before they disrupt your business. Discover advanced strategies and proven solutions for robust cybersecurity.
Ransomware continues to be one of the most formidable cybersecurity threats facing organizations today. The financial ramifications alone are staggering. In 2024, ransomware attacks were projected to cause over $40 billion in losses for U.S. organizations, factoring in ransoms, lost productivity, and system outages. The increasing sophistication of attacks, coupled with the rise of Ransomware-as-a-Service (RaaS), has made it imperative for businesses to adopt advanced safeguards to protect their digital assets.
What is ransomware?
Ransomware is a type of malicious software designed to block access to a computer system or data, typically by encrypting it, until a ransom is paid. Modern ransomware attacks often employ a "double extortion" tactic, where attackers not only encrypt data but also threaten to publish sensitive information unless their demands are met. The RaaS model has further exacerbated the threat by allowing even low-skilled cybercriminals to launch sophisticated attacks using rented ransomware tools.
What effect could ransomware have on my business?
Ransomware attacks have historically had a profound impact on businesses, with consequences that include:
- Financial losses: Ransom payments can be exorbitant. In early 2023, the median ransomware payment was $200,000, and by July 2024, it jumped to $1.5 million. Even when ransoms are paid, there's no guarantee of data recovery.
- Operational disruption: Attacks can halt or complicate business operations, leading to significant downtime and financial consequences. A recent Marks & Spencer data breach halted online orders and wiped out inventory in stores, leaving the British retailer with an estimated 300-million-pound loss ($400 million).
- Reputational damage: Data breaches can erode public trust and damage an organization's reputation, as well as the reputation of those in charge of cybersecurity efforts. In 2019, the city of Baltimore suffered a ransomware attack and refused to pay the ransom of $76,000 in bitcoin. The incident resulted in over $19 million in damages and disrupted city services including the processing of water bills and property taxes for months.
- Legal and compliance issues: Failure to protect sensitive data can result in legal penalties and fines for non-compliance with regulations. In 2020, nonprofit service provider Blackbaud experienced a data breach that exposed sensitive information from over 13,000 nonprofits. The company paid a ransom to the intruder but initially downplayed the breach. In 2023, Blackbaud agreed to a $49.5 million settlement with multiple states and faced a separate $3 million fine from the U.S. Securities and Exchange Commission for misleading investors.
Recent high-profile ransomware attacks
Ransomware attacks have increasingly targeted major organizations, leading to significant operational disruptions and financial losses. Consider these recent incidents:
In February of 2024, Change Healthcare, a subsidiary of UnitedHealth Group, experienced a ransomware attack that disrupted electronic payments and medical claims processing across the U.S. healthcare system. The attack, attributed to the Blackcat RaaS group, led to widespread operational challenges for healthcare providers and pharmacies. UnitedHealth reportedly paid a ransom of approximately $22 million in bitcoin to the attackers. The incident prompted a civil rights investigation by the U.S. Department of Health and Human Services due to concerns over patient privacy.
In late May of 2025, Victoria’s Secret experienced a significant cybersecurity breach that disrupted its operations. The breach, first detected on May 24, involved unauthorized access to the company's IT systems, prompting an immediate response and the engagement of third-party experts. Customers were frustrated as the website remained offline for several days, and in-store services at Victoria's Secret and Pink locations were also affected. While the company has restored most functions, it is still working to fully recover access to internal systems, thereby delaying the finalization of its financial report.
In October of 2023, the British Library suffered a significant ransomware attack attributed to the Rhysida hacker group. The attackers demanded a ransom of approximately 600,000 pounds in bitcoin to restore services and return the stolen data. When the British Library did not acquiesce, Rhysida publicly released approximately 600GB of leaked material online. The attack disrupted the library’s online systems, including its main catalog and digital collections, forcing a return to manual operations. The library announced that it would use about 40% of its financial reserves, around £6–7 million, to recover from the attack, which has been described as one of the worst cyber incidents in British history.
In September of 2023, MGM Resorts International experienced a significant cybersecurity breach that disrupted operations across its U.S. properties. The incident was perpetrated by the threat group “Scattered Spider,” using BlackCat RaaS technology. The attack led to the shutdown of certain computer systems to protect data, affecting hotel reservations, casino floors, and other services. Hackers had compromised customer information, including names, contact details, driver's license numbers, Social Security numbers, and passport numbers, and MGM reported that the cyberattack would cost the company over $100 million.
How to know if a business is at risk for ransomware
It’s important to assess the ransomware risks of your organization, and even more important to understand how to protect your company from ransomware. Businesses can better safeguard their assets, operations, and reputations by focusing on the following strategies:
| Focus: | Ransomware risk | Protection strategy |
|---|---|---|
| Employee education | Employees who are unaware of phishing and other social engineering tactics are more likely to fall victim to cyber criminals. | Conduct regular training on recognizing phishing attempts and safe online practices. |
| Updates and patching | Unpatched software and legacy systems are prime targets for attackers. | Ensure all systems and software are up-to-date to close known vulnerabilities. |
| Backup solutions | Without regular backups, data recovery becomes challenging post-attack, and organizations may not have access to the latest data needed for operations if they have to go offline post-breach. | Maintain regular, secure backups to facilitate data recovery without paying ransoms. |
| Threat detection | Inadequate identity and access management tools can allow unauthorized access to critical systems. | Implement strong identity and access management tools including multifactor authentication, least privilege access controls, and passwordless authentication. |
Even a single compromised credential can have devastating repercussions. Once a hacker has breached a network, they can progress deeper with lateral movement, slowly finding vulnerabilities or deploying malware to help them access sensitive data and high value assets. Bad actors can move undetected through networks and systems for weeks or months after an initial breach.
Mitigating ransomware with advanced access controls
Ransomware poses a significant threat to organizations worldwide, with the potential to cause considerable financial and operational damage. By understanding the nature of ransomware, recognizing risk factors, and implementing robust security measures, businesses can effectively stop ransomware and protect their assets.
Imprivata offers comprehensive solutions to prevent ransomware attacks by focusing on comprehensive identity and access management.
- Enterprise Access Management: Provides secure, streamlined access to systems and applications with single sign-on and multifactor authentication, reducing the risk of unauthorized access
- Privileged Access Management: Secures privileged accounts, preventing lateral movement within networks by attackers
- Vendor Privileged Access Management: Helps stop ransomware by securing third-party access with Zero Trust controls, credential obfuscation, and session monitoring
By integrating these solutions, Imprivata helps organizations prevent ransomware attacks and safeguard their digital environments with secure, frictionless access management.
For more information, read about how Imprivata can help your organization mitigate ransomware attacks.