The Cyberthreat that Just Won’t Die

21% of organizations were hit by ransomware in the last year. In fact, 30 years since the first attack,
ransomware is more devastating than ever.


Download this whitepaper to learn why ransomware has got deadlier over the years, the three new areas where ransomware is starting to take hold, and the technologies and behaviors needed to give you the best possible defense against ransomware.


whitepaper download

The Impact of Ransomware

The financial impact of ransomware is huge. When you add together the full costs of remediation, including downtime, people time, device cost, network cost, lost opportunities, and ransom paid, the final sums are eye-watering.


Ransomware is not new. In fact, the AIDS Information Trojan, the world’s first cyber ransomware attack was released in December of 1989. Since then, cybercriminals have continued to take advantage of developments in both technology and wider society to evolve and finesse their ransomware attacks.

What’s Next for Ransomware?

History teaches us that cybercriminals will continue to exploit changes in technology and society to inflict their ransomware attacks. In essence, ransomware is going to keep evolving.



Three new areas where the dirty tentacles of ransomware are starting to reach


Public Cloud

Service Provider

Encryption Free

Public cloud ransomware -

is ransomware that targets and encrypts data stored in public cloud services like Amazon Web Services (AWS), Microsoft Azure (Azure), and Google Cloud Platform (GCP). While the public cloud offers lots of advantages, confusion around security responsibilities creates protection gaps that hackers are quick to exploit.

Service provider attacks. 

As technology and threats become ever more complex, companies are increasingly outsourcing their IT to specialist managed service providers (MSPs). Cybercriminals have realized that targeting MSPs enables them to hold multiple organizations hostage with a single attack. One attack, many ransoms.  

Encryption-free attacks. 

The ability to encrypt files was one of the original core capabilities needed to make ransomware a viable cybercrime. Today cybercriminals no longer need to encrypt your files to hold you hostage. Why? Because they’ll think you’ll pay up just to stop your data going public.

How to Defend Against Ransomware

Ransomware has evolved into a highly advanced, highly complex threat – and it’s only going to evolve further. With that in mind, how can you minimize your risk of being affected by ransomware?


The answer is to make it as hard as possible for ransomware actors to deploy their complex attacks, and to take advantages of opportunities presented by changes in technology and society. To do this we recommend:

  • Threat protection that disrupts the whole attack chain
  • Strong security practices
  • Ongoing staff education

How Sophos can help

The best protection requires the best defenses, both for data held on premises and data stored in the public cloud.

Sophos Intercept X includes advanced protection technologies that stop ransomware on your endpoints and servers at multiple stages of the attack chain.

Sophos XG Firewall is packed with advanced protection to detect and block ransomware attacks, and stop hackers moving laterally around your network to escalate privileges.

Intercept X and XG Firewall are great on their own – and even better together thanks to Synchronized Security. If a detection is triggered in either product, they work together to automatically isolate the affected devices, preventing the threat from spreading further.

Sophos Managed Threat Response (MTR).  Many organizations don’t have the expertise, resources, or desire to monitor their network 24/7. The Sophos MTR service is a dedicated, round-the-clock team of threat hunters and response experts who constantly scan for and act on suspicious activity.

Sophos Cloud Optix continuously analyzes public cloud resources to detect, respond, and prevent gaps in security across AWS, Azure, and GCP public cloud environments that can be exploited in a ransomware attack.

Any questions? Feel free to contact our Solution Advisors!

Alexander Janssen

Technical Presales Software

+32 11 39 78 18

Alexander Janssen

Technical Presales Software

+32 11 39 78 18