The Cyberthreat that Just Won’t Die

21% of organizations were hit by ransomware in the last year. In fact, 30 years since the first attack, ransomware is more devastating than ever.

Download this whitepaper to learn why ransomware has got deadlier over the years, the three new areas where ransomware is starting to take hold, and the technologies and behaviors needed to give you the best possible defense against ransomware.

Get the Whitepaper

The Impact of Ransomware

The financial impact of ransomware is huge. When you add together the full costs of remediation, including downtime, people time, device cost, network cost, lost opportunities, and ransom paid, the final sums are eye-watering.


Cost to rectify a ransomware attack


US $852,000




AU $803,875


Ransomware is not new. In fact, the AIDS Information Trojan, the world’s first cyber ransomware attack was released in December of 1989. Since then, cybercriminals have continued to take advantage of developments in both technology and wider society to evolve and finesse their ransomware attacks.

Get the Whitepaper


What’s Next for Ransomware?

History teaches us that cybercriminals will continue to exploit changes in technology and society to inflict their ransomware attacks. In essence, ransomware is going to keep evolving.

Three new areas where the dirty tentacles of ransomware are starting to reach



Public Cloud Ransomware


Service Provider Attacks

Encryption Free Attacks

Encryption Free Attacks


Public cloud ransomware is ransomware that targets and encrypts data stored in public cloud services like Amazon Web Services (AWS), Microsoft Azure (Azure), and Google Cloud Platform (GCP). While the public cloud offers lots of advantages, confusion around security responsibilities creates protection gaps that hackers are quick to exploit.

Service provider attacks. As technology and threats become ever more complex, companies are increasingly outsourcing their IT to specialist managed service providers (MSPs). Cybercriminals have realized that targeting MSPs enables them to hold multiple organizations hostage with a single attack. One attack, many ransoms.

Encryption-free attacks. The ability to encrypt files was one of the original core capabilities needed to make ransomware a viable cybercrime. Today cybercriminals no longer need to encrypt your files to hold you hostage. Why? Because they’ll think you’ll pay up just to stop your data going public.

How to Defend Against Ransomware

Ransomware has evolved into a highly advanced, highly complex threat – and it’s only going to evolve further. With that in mind, how can you minimize your risk of being affected by ransomware?

The answer is to make it as hard as possible for ransomware actors to deploy their complex attacks, and to take advantages of opportunities presented by changes in technology and society. To do this we recommend:

  • Threat protection that disrupts the whole attack chain
  • Strong security practices
  • Ongoing staff education

Get the Whitepaper

How Sophos can help

The best protection requires the best defenses, both for data held on premises and data stored in the public cloud.

  • Sophos Intercept X includes advanced protection technologies that stop ransomware on your endpoints and servers at multiple stages of the attack chain.
  • Sophos Firewall is packed with advanced protection to detect and block ransomware attacks, and stop hackers moving laterally around your network to escalate privileges.
  • Intercept X and Sophos Firewall are great on their own – and even better together thanks to Synchronized Security. If a detection is triggered in either product, they work together to automatically isolate the affected devices, preventing the threat from spreading further.
  • Sophos Managed Detection and Response (MDR). Many organizations don’t have the expertise, resources, or desire to monitor their network 24/7. The Sophos MDR service is a dedicated, round-the-clock team of threat hunters and response experts who constantly scan for and act on suspicious activity.
  • Sophos Cloud Native Security continuously analyzes public cloud resources to detect, respond, and prevent gaps in security across AWS, Azure, and GCP public cloud environments that can be exploited in a ransomware attack.

Download the Whitepaper


Where does this information come from?

To simplify data entry, our forms use autocomplete functionality to fill in company contact information. This information comes from publicly available information. No private company data is being used. It simply makes it so you don't need to enter your company's information.