Ransomware attacks that encrypt critical data and then extort ransom payments for the decryption key are among the biggest cyber risks for enterprises of all sizes in every industry, with the double-extortion tactic of later threatening to publish sensitive stolen documents if a further payment is not made, gaining momentum.

Any organization that is connected to the internet is at risk, and the impact can be devastating, making ransomware the biggest existential threat for small and medium-sized companies, which typically struggle to recover from the disruption of ransomware attacks.

Ransomware attacks are increasing in number, sophistication, and impact, with one study showing that the number of attacks worldwide increased 282% in the second half of 2020 compared with the first six months, and then increased a further 14% in the first half of 2021.

Ransomware has become industrialized, with several groups offering ransomware-as-a-service, and it is big business, with the now-disbanded REvil ransomware group estimated to have collected $100 million in ransomware payments in the first six months of 2021 alone.

This makes these ransomware groups even more formidable because it enables them to buy whatever zero-day vulnerabilities and tools they need to go after any target they choose.

It is therefore essential for every business to become as resilient as possible against ransomware attacks to reduce the risk of attack and reduce the impact of attacks, while at the same time increasing the cost for bad actors to carry out the attacks.

Addressing ransomware and other cyber threats through greater resilience is one of the key topics at KuppingerCole’s 2021 European Identity and Cloud Conference (EIC) taking place this week, with one of the pre-conference workshops entitled Your Path to Ransomware Resilience.

“The complexity of today´s multi-cloud environments require more than traditional backup and restore approaches,” said Christopher Schütze, Cybersecurity Lead at KuppingerCole. “The workshop was designed to help participants do a ransomware resilience assessment and learn how to prepare for ransomware attacks, protect against them, respond to them, and recover from them,” he said.

Other workshops setting the tone for the EIC 2021 include the Women in Identity Workshop, highlighting the Women in Identity global organization as well as the latest insights into identity and access management topics; the Kantara Workshop on the essential requirements to build trust in the digital world; and the OpenID Workshop, featuring updates on key identity-related issues, including a discussion on how to meet social, enterprise, and government internet identity challenges. 

And continuing the focus on ransomware, this week’s EIC 2021 sessions also include a presentation by Joseph Carson of Thycotic on a real-world incident response to a CryLock ransomware attack, revealing the tools and techniques used by the attackers.

Sophisticated recent ransomware attacks are fully aware of standard backup strategies and corrupt or destroy your one and only option to recover without paying the ransom.

— Christopher Schütze, Cybersecurity Lead at KuppingerCole

Because we understand how important it is to be resilient to ransomware attacks, and because we are committed to helping your business succeed, KuppingerCole has a great deal of content in a variety of formats available.


To find out what steps you can take to reduce the likelihood of becoming a ransomware victim and what to do if you are hit, read Lead Analyst John Tolbert’s leadership brief on Defending Against Ransomware and Principal Analyst Martin Kuppinger’s Advisory Note on Understanding and Countering Ransomware.

Ransomware is one of the top threats to business continuity in the modern world. To find out how to bolster your business continuity capabilities, have a look at our insight on Business Resilience. Because ransomware attacks often use compromised credentials to get inside organizations to catalog digital assets, a Zero Trust approach to security can be useful. Have a look at this Comprehensive Guide to Zero Trust Implementation for an overview.


If you would prefer to hear ransomware advice directly from our analysts, listen to this Analyst Chat on Protecting Your Organization Against Ransomware. If data protection in the context of ransomware is a top concern, listen to this Analyst Chat on How to Protect Data in a Hostile World, and for a cloud focused discussion on ransomware, listen to this Analyst Chat on Ensuring Business Continuity for the Cloud.

KuppingerCole also has several video presentations on topics related to ransomware protection. Review the list below and choose those that best match your interests:


Ransomware is the topic of several blog posts by our analysts. Learn more about the Dark Side Ransomware Attacks and Ransomware During the Pandemic Crisis. Find out how ransomware criminals Raised the Stakes with Sodinokibi and find out which cybersecurity best-practices will help ensure that you Don’t Fall Victim to Ransomware.


Good network visibility can help mitigate security threats like ransomware. To find out more, have a look at this webinar entitled: Zero Trust Means Zero Blind Spots, and for more information on how to deal with challenges such as the rise in ransomware attacks targeting Active Directory, have a look at this webinar on Active Directory Disaster Recovery.


KuppingerCole has several Whitepapers on topics that reference ransomware. These include:

Tech Investment

If you are interested in investing in ransomware protection, check out our Market Compass reports on Cloud Backup and Disaster Recovery and Endpoint Protection, Detection, and Response. For more focused market information, have a look at our Buyer’s Compass reports on Ransomware Protection, Endpoint Detection & Response (EDR), and Endpoint Protection.

There are several technology types that relate to ransomware protection. For an overview of these market segments and an analysis of some of the key players in these markets, have a look at our Leadership Compass reports on Security Orchestration, Automation and Response (SOAR), Network Detection and Response, and Cloud Access Security Brokers.

Organizations investing in technologies to prevent and mitigate ransomware attacks, can also have a look at some of the related technology solutions that we have evaluated: