These five tips can help organizations reduce the risk and impact of ransomware attacks.
Ransomware attacks have surged in 2025. One report noted a 126 percent increase in ransomware attacks in the first quarter, and another highlighted a 213 percent increase in the number of victims listed on data leak sites. One analysis found that ransomware attacks in the U.S. increase by 149 percent year over year in the first five weeks of 2025.
Ransomware has been around for decades, and remains one of the common forms of cyberattack. According to the Verizon 2024 Data Breach Investigations Report, ransomware was involved in about one-third of all data breaches, with 92 percent of industries citing ransomware as a top threat. Another report found that ransomware affected 59 percent of organizations in 2024.
Supply chain attacks have amplified the impact of ransomware, allowing malicious actors to infiltrate downstream customers of software providers. For example, on June 12, 2025, the Cybersecurity and Infrastructure Agency warned of a vulnerability in utility billing software that allowed hackers to infiltrate downstream customers.
Why Organizations Shouldn’t Pay the Ransom
Cybercriminals prefer ransomware because of the potential for a high payout with relatively low risk. Law enforcement officials have been able to infiltrate some ransomware gangs and unmask key players, but arrests remain relatively uncommon and typically involve low-level players or affiliates. Meanwhile, gangs are demanding higher and higher ransoms. One report found that the average extortion amount exceeded $1.3 million.
Increasingly, attackers are targeting victims with double and triple extortion. With double extortion, attackers exfiltrate data before encrypting it. With triple extortion, they threaten to expose the data unless they are paid. For example, more than 1,000 organizations were affected by the MOVEit attack, in which the Cl0p ransomware gang exploited a flaw in the file transfer software to exfiltrate and publish victims’ data.
Around 40 percent of organizations pay the ransom because they cannot access critical data or because of the potential damage to the organization if sensitive data were leaked. However, many organizations refuse to pay on principle. They don’t want to fund a terror group or reward cybercriminals. Paying the ransom doesn’t guarantee that data will be recovered or that the criminals won’t strike again.
5 Tips for Reducing the Ransomware Threat
Paying the ransom is a no-win situation, so organizations should take steps to prevent data exfiltration and ensure that data can be recovered if a ransomware attack strikes. Here are five tips for reducing the risk and impact of ransomware attacks:
- Use offline or immutable storage for backups. Ransomware attacks commonly try to encrypt backups, but keeping backup storage targets offline prevents the malware from finding the data. For example, tape and hard drives can be taken offline when not being written to or read from. Another option is immutable storage, which uses various protocols to prevent data from being changed or deleted for a set period of time.
- Let continuous backup do the work. Continuous backup, also known as real-time backup or continuous data protection, automatically backs up data every time it changes. Users can restore data to any point in time, rather than specific backup points, minimizing data loss and enabling the restoration of the last known good copy of data. As a bonus, continuous backup helps protect against those “oops” moments when files are deleted accidentally.
- Master the 3-2-1-0 rule. This rule for backup states that organizations should have three different copies of data, on two different media, one of which is offsite, and zero errors after backup recoverability verification. The 3-2-1-0 rule increases the likelihood that an organization will have at least one good backup that’s not compromised by ransomware and that data can be recovered from that backup.
- Document a data recovery plan. Backups are useless if there’s no plan for restoring data. In addition to an overall disaster recovery plan, organizations should have a specific response plan for ransomware to speed recovery and minimize damage. What specific steps need to be taken to recover data? Document these steps and test the plan to make sure it works.
- Encrypt data. By encrypting data, organizations can prevent it from being read if it’s exfiltrated. It’s especially important to ensure that all backups, both in transit and at rest, are encrypted using strong algorithms. Access to backup systems should be controlled using strong authentication and by following identity management best practices. Users should only be granted access to the systems and data they absolutely need for their roles.
How an MSP Can Help
A managed services provider (MSP) can help organizations shore up their defenses and ensure that they have a solid backup platform and strategy. Some MSPs offer managed backup services, in which they take responsibility for verifying and testing backups.
Qualified MSPs have security experts on staff with extensive experience in developing ransomware protection strategies. The MSP can evaluate the current infrastructure and implement the tools and processes needed to minimize risk and accelerate recovery.
