In the cybersecurity landscape, few threats have been able to evolve as rapidly and pervasively as ransomware. What was once a rudimentary attack targeted at individual users is now a major weapon of organized cybercrime, capable of crippling entire companies, blocking public services and causing significant economic damage.
Understanding how ransomware works, how it has transformed and what strategies can reduce risk is now an indispensable skill, not only for IT departments in large companies, but for anyone with a digital day-to-day: basically, all of us.
If you missed the latest installment of CyberSnap, our cybersecurity column, where we talk specifically about ransomware and how a simple click can put your data at risk, you can catch up with it here.
What is ransomware?
Ransomware is a type of malware that, once activated, encrypts data on a system and requires payment of a ransom to obtain the decryption key.
Over the years, this threat has evolved from simple suspicious attachments to a full-fledged criminal business model: today there are organized groups, dedicated infrastructure, and even “as-a-service” ransomware services sold to ready-to-hit affiliates.
Moreover, extortion techniques have evolved in recent years, making attacks even more sophisticated and effective:
- Targeted phishing, conveyed through email, SMS (smishing) or phone calls (vishing);
- Use of Artificial Intelligence to generate highly personalized messages and bypass traditional security filters;
- Double extortion: data is not only encrypted, but also stolen. If the victim refuses to pay, the information is published or sold;
- Triple extortion: in addition to direct blackmail, attackers threaten to involve customers, suppliers, or employees to increase psychological and media pressure.
This approach makes ransomware a threat that is no longer invisible but public, capable of generating operational and reputational damage that can bring even well-organized structures to their knees.
The numbers of the ransomware phenomenon in 2024
In 2024, ransomware affected public infrastructure, businesses of all sizes and private users with increasing frequency. Facilitating its spread have been unresolved vulnerabilities, predictable user behavior, and, increasingly, the use of automated AI-based tools.
According to the most recent data from ENISA (European Union Agency for Cyber Security):
- Ransomware accounted for 37 percent of serious incidents reported in Europe;
- The average cost of an attack for an SME is around 200,000 euros, considering downtime, data loss and technical intervention;
- More than 60% of victims chose to pay the ransom, but one in four still failed to fully recover their data.
Why SMEs are a perfect target
Many small and medium-sized businesses consider themselves off the radar of cyber criminals, convinced that they are not “attractive” targets. Nothing could be further from the truth.
In fact, SMEs are increasingly being targeted due to structural factors:
- IT systems that are not always up-to-date or adequately protected.
- Limited investment in advanced cybersecurity solutions.
- Poor staff training on the risks of phishing or social engineering.
- Lack of an incident response plan, resulting in unpreparedness in the event of an attack.
A ransomware attack can halt production, disrupt customer services, expose sensitive data and generate regulatory violations (particularly GDPR). Economic damage is often compounded by reputational damage, which can seriously undermine the trust of customers and partners.
Defending against ransomware: prevention and response
Protection from ransomware can no longer rely on simple backup alone. In the face of increasingly multifaceted threats, you need an integrated strategy that combines prevention, monitoring and response capabilities.
It all starts with prevention. A well-segmented network, for example, can limit malware propagation and quickly isolate compromised systems. Also crucial is the use of continuous monitoring tools to detect suspicious activity early.
Regular maintenance of systems is an additional defense against vulnerabilities. However, technology alone is not enough: the human factor is often the weakness exploited by cyber criminals. It thus becomes essential to train staff on the risks associated with phishing and social engineering, including through exercises that strengthen the organization’s preparedness.
Despite the measures taken, zero risk does not exist. In the event of a suspected ransomware infection, the priority is to disconnect the device from the network to limit its impact. The computer should be left on, but with all connections severed, and the IT team or a specialist should be notified immediately.
Paying the ransom is never a solution: it does not guarantee data recovery and encourages further attacks. Instead, it is essential to report the incident to the appropriate authorities, such as the Postal Police or the national CSIRT, who can provide technical and legal support in handling the emergency.
Ransomware is not a new threat, but it continues to evolve at an astonishing rate. Protecting yourself means not only adopting cutting-edge technology tools, but also developing a security culture based on awareness, preparedness and timely action.
In a world where everything is connected, digital security is not just a task for the IT department-it is a shared responsibility among companies, employees and partners.
Olidata, with its expertise in innovation and cybersecurity, is at the side of organizations that choose to address this challenge with foresight and strategy.