Right now, organizations are struggling in the ongoing battle against ransomware, investing $150 billion in cybersecurity in 2021 alone. Yet ransomware attacks continue to succeed, and the threat landscape continues to grow.


Consider these recent statistics:

  • According to Verizon’s 2022 Data Breach Incident Report, ransomware is used in 25% of breaches.
  • In 2021, recovering from ransomware cost an average of $1.85 million per incident.
  • In 2021’s largest attacks, organizations paid between $4.4 and $40 million in ransom.

If you want to stay one step ahead of ransomware threats and attacks, you need a new approach. Let us take a look at the current approach to stopping ransomware and explain why it isn’t delivering the results that it promises.

The current approach to ransomware in four pieces of advice

There is no single approach that every organization should employ to fight ransomware. Much has been written on the subject by many different sources, but most of the advice boils down to four key recommendations:

  1. Follow CISA or NIST’s advice for preventing ransomware
    There are multiple frameworks for building a robust ransomware defense, but CISA’s Ransomware Guide and NIST’s Cybersecurity Framework Profile for Ransomware Risk Management are most often recommended. Both provide a comprehensive set of guidelines for fighting this threat. However, the key question is whether you are able to implement the practices and approaches recommended by these frameworks or not.
  2. Invest in the right cybersecurity solution to stop ransomware
    Fighting ransomware is a booming business, and many technology providers have built solutions to stop this threat. Common technology solutions include Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Managed Detection and Response (MDR) and zero trust segmentation. It is up to you to examine, analyze and identify the solution best suited to your business and your ransomware protection needs.
  3. Build your defenses against the most common ransomware variants
    There are dozens (if not hundreds) of active ransomware variants acting in your threat landscape at any given moment. Yet only a few of the most widely used variants cause most of the breaches. Building your defenses against these common variants should be able to stop most incidents. But can you really anticipate which variant you will be facing?
  4. Focus on stopping a particular phase of a ransomware attack
    Some experts claim you should focus on building your perimeter to prevent intrusions into your network. Others recommend focusing on stopping the spread of incidents after the breach. Still others tell you to focus on detecting and responding to incidents as quickly as possible. What are we really supposed to do now?

To mitigate ransomware, you must deploy many different tools and processes before, during and after an attack.

Why this approach is failing in the real world

Theoretically, most of this advice is solid. Yes, organizations need to follow good frameworks, deploy the right tools, defend themselves against common variants, stop the most dangerous phases of an attack, and make ransomware defense a top priority.

However, each of these pieces of advice falls apart in the real world. Here’s why:

    1. The CISA and NIST frameworks are hard to operationalize
      Both frameworks — and many others like them — give you a great picture of the defenses you must build and deploy to stop ransomware. Yet, these frameworks can be hard to develop and operationalize in a real-world organization. They are rigid, overly prospective, and overwhelming to bring to life.
    2. There is no silver bullet solution to ransomware
      Every technology vendor claims that their solution is the key to stopping ransomware, but there’s no single solution for stopping it. Each ransomware solution may be strong at containing some aspects of the attack, but also leave other vulnerabilities open to exploitation.
    3. Ransomware variants and TTPs are constantly evolving
      Certain ransomware variants and tactics, techniques, and procedures (TTPs) are more common and damaging than others, but new variants emerge every year and attackers constantly change their TTPs. If they expect to stay secure, organizations cannot defend themselves against today’s common patterns only.
    4. Ransomware attack patterns are complex
      Most ransomware attacks follow a complex, multi-stage attack pattern that can cause significant damage at any point during an incident. It isn’t enough to stop just one stage of this pattern. Every stage must be mitigated in a unified and focused approach that deals with the attack as a single, unfolding event.

To mitigate ransomware, you must consider deploying many different tools and processes before, during, and after an attack.

Many of these tools and processes require expert operators with rare (and often, expensive) skillsets.

Most organizations do not have enough resources to build a complete ransomware defense on their own, which is why they need to look to solution providers for an answer.

Outlining a new approach to stop ransomware

Ransomware is still evolving, and the most common defense against it isn’t working effectively. However, this isn’t to say that stopping ransomware is a lost cause.

Learn more about how you can adopt a new approach to stop ransomware in the real world with Eviden’s ransomware defense e-book: Eviden insights on emerging trends, combat strategies and solutions to enable an effective ransomware defense.

Download your Ransomware Defense eBook copy.