Ransomware is a very easy and successful way of making money illicitly, so it is a proven business model unlikely to lose popularity with cyber criminals any time soon. Cybercriminals are also evolving the business model and may even be collaborating with competitors, say security researchers.

Not only are tactics, techniques and procedures evolving, ransoms getting greater, demand for ransomware-as-a-service increasing, and double-dipping attacks that demand one payment to decrypt data and another to hold off publishing copies of sensitive data, but organizations are increasingly being hit multiple times by different ransomware groups, and even more concerning is the increasing targeting of critical infrastructure.

According to an IC3 report, one reason for this focus on critical infrastructure is that attackers are seeking to exploit the fact that governments are accelerating the digital transformation of the public health, food and agriculture, and manufacturing sectors.

Attackers believe that like public sector organizations, the increasing dependency on digital services will make government institutions more likely to pay ransoms to avoid disruption of critical services.  

In August alone, ransomware targets included an IT supplier to the UK’s National Health Service (NHS) and a gas and electricity supplier in Luxembourg, while in July, the Canadian town of St Marys, Ontario was hit by a ransomware attack.

It should be noted, however, that upward trend of attacking critical infrastructure affects not only public sector organizations, but a growing number of private sector companies that provide services that are essential for the normal functioning of society.

The EU’s NIS2 directive expected to be enforced from the second half of 2024, for example, imposes security requirements on “essential and important entities”, which include data centers, content delivery networks, trust services providers, providers of public electronic communications networks, and social networking platforms.

Every organization, whether they are part of critical infrastructure or not, should keep abreast of the evolution of ransomware attacks to ensure they are aware of the risks and take the necessary steps to increase their resilience in the face of ransomware attacks.

In the best-case scenario, organizations are prepared for ransomware attacks. The have the necessary backups, strategies, incident response processes, business continuity processes to not only raise the level of security, but also to enable the business to continue to function despite being targeted.

— Christopher Schütze, Director Cybersecurity at KuppingerCole.

Because we understand the importance of ­­­­­­­­being resilient in the face of ransomware, and because we are committed to helping your business succeed, KuppingerCole has a great deal of content available in a variety of formats.

This includes live events such as the Cybersecurity Leadership Summit taking place in Berlin and online from 8-10 November 2022. The agenda covers a wide range of security leadership topics including presentations on Lessons Learned: Responding to Ransomware Attacks, Exploring the role of Endpoint Security in a Ransomware Resilience Plan, and NIS2 Directive – What it is and why you need to prepare. There is also a workshop entitled: Strategy, Risk, and Security: Building Business Resilience for Your Organization, which will highlight the most important steps of an organization's journey to prepare for and even embrace disruptive events and circumstances as part of a holistic, sustainable business approach.


To find out what steps you can take to reduce the likelihood of becoming a ransomware victim and what to do if you are hit, read Director Cybersecurity Research John Tolbert’s leadership brief on Defending Against Ransomware and Principal Analyst Martin Kuppinger’s Advisory Note on Understanding and Countering Ransomware.  And for further guidance on how to prepare for ransomware or any other kind of cyber-attack, have a look at Senior Analyst Warwick Ashford’s Insight on Business Resilience.

Because ransomware attacks often use compromised credentials to get inside organizations to catalog digital assets, a Zero Trust approach to security can be useful. Have a look at this Comprehensive Guide to Zero Trust Implementation for an overview.  

As with most cyber threats, when it comes to ransomware attacks, a multi-layered defense is the best strategy.  For some high-level recommendations, have a look at this Leadership Brief on Defending Against Ransomware


If you would like to hear what our analysts have to say on the topic of ransomware, listen to this Analyst Chat on Protecting Your Organization Against Ransomware.

You can also watch presentations from last year’s Cybersecurity Leadership Summit (CSLS) that focused on ransomware by choosing from the following list:

Get an overview of the pillars of a proactively resilient IT infrastructure by watching this CSLS 2021 workshop entitled: Your Path to Ransomware Resilience [CS3] and watch this discussion from this year’s European Identity and Cloud (EIC) conference to find out more about The Role of Identity & Access Management for Ransomware Resilience.


Ransomware is the topic of several blog posts by our analysts. Get an updated perspective on ransomware and recommendations on countering it is this blog post on Ransomware in 2022.

For discussion on cloud backup and disaster recovery in the context of ransomware, have a look at this blog post entitled: When will Ransomware Strike? Should you Hope for the Best or Plan for the Worst?

Learn more about the Dark Side Ransomware Attacks and Ransomware During the Pandemic Crisis, and find out which cybersecurity best-practices will help ensure that you Don’t Fall Victim to Ransomware

Other ransomware-related topics are covered in these blog posts on When Are We Finally Going to Do Something About Ransomware?, The Evolution of Endpoint Security: Beyond Anti-Malware, Cybersecurity of Tomorrow: Delivered Entirely From the Cloud, and Cybersecurity Awareness – Are We Doing Enough?


To gain insights into the methods used by ransomware attackers and ways of preventing them from succeeding, have a look at this webinar entitled: Lessons From a Journey Into a Real-World Ransomware Attack.

Good network visibility can help mitigate security threats like ransomware. To find out more, have a look at this webinar entitled: Zero Trust Means Zero Blind Spots, and for more information on how to deal with challenges such as the rise in ransomware attacks targeting Active Directory, have a look at this webinar on Active Directory Disaster Recovery


KuppingerCole has several Whitepapers on topics that reference ransomware. These include: 

Tech Investment

If you are interested in investing in ransomware protection, there are several technology types that relate to ransomware protection. For an overview of these market segments and an analysis of some of the key players in these markets, have a look at our Leadership Compass reports on Security Orchestration, Automation and Response (SOAR), and Network Detection and Response.  

To familiarize yourself further with vendors and products of relevance to ransomware protection, have a look at our  Market Compass reports on Cloud Backup and Disaster Recovery and Endpoint Protection, Detection, and Response.  

For more focused market information, have a look at our Buyer’s Compass reports on Ransomware Protection, Endpoint Detection & Response (EDR),  Endpoint Protection, Network Detection & Response (NDR), and Security Orchestration, Automation and Response (SOAR)

Organizations investing in technologies to prevent, detect and mitigate ransomware attacks can have a look at some of the related technology solutions that we have evaluated: