1 week Ago
Verison's DBIR report reveals ransomware rampage. getty As cyberattacks of all flavors continue at an astonishing speed , the FBI issues a do-not-click warning and threat actors find worrying new ways to compromise your accounts, do not ignore the old guard. That’s the takeaway from the latest Verizon data breach investigations report, which has revealed that the ransomware rampage is far from over.
Given that certain ransomware actors are getting a lot of virtual column inches courtesy of a $1 trillion ransom demand if victims don’t respond with a DOGE-trolling bullet list of achievements for the week, you might be excused for thinking that the extortion business has become something of a joke. That, dear reader, would be a big mistake. How big? Well, just look at the numbers: according to the 2025 Verizon DBIR, ransomware attacks have risen by 37% since last year, and are now present in 44% of breaches.
Despite the silliness of the DOGE Big Balls ransomware attackers, the median ransom amount paid has decreased from $150,000 to $115,000. The numbers that concern me, and should you, are the ones relating to the presence of ransomware malware itself in data breach incidents. The Verizon DBIR report analyzed 22,000 incidents, of which 12,195 were confirmed data breaches.
Some 44% of these, 5,365 to be precise, contained ransomware. That is a 37% jump and represents the extent to which the ransomware rampage is impacting businesses. "The DBIR's findings underscore the importance of a multi-layered defense strategy," Chris Novak, vice president of global cybersecurity solutions at Verizon Business, said.
"Businesses need to invest in robust security measures, including strong password policies, timely patching of vulnerabilities, and comprehensive security awareness training for employees." The ransomware rampage is set to continue, according to Nick Tuasek, lead security automation architect at Swimlane, who warns that the “popularization of Ransomware-as-a-Service on the dark web, sophisticated insider threat recruitment efforts by ransomware operators, and the continued rise of the cryptocurrency economy,” will drive this resurgence. Tactics are changing as well, with some threat actors moving to the deletion of data as part of their normal operations, Brandon Williams, chief technology officer at Conversant Group, has warned.
“If this gains traction this year,” Williams said, “organizations will not have a method to recover by simply paying a ransom and hoping to get a working decryption tool.” The only method of recovery will be backups, but as Williams said, backups do not typically survive these kinds of ransomware breaches. “According to our own research, “ Williams said, “93% of cyber events involve targeting of backup repositories, and 80% of data thought to be immutable does not survive.
” Regardless of the ransomware actor and the ransomware malware deployed, the foundational controls still matter. “Knowing your total attack surface, testing your environment with an eye toward efficient remediation is key,” Trey Ford, chief information security officer at Bugcrowd, said. Enterprise controls, including visibility, hardening, and MFA for domain admin and remote access, are paramount.
“There is a strong correlational reason cyber insurance underwriters care about those key controls and coverage in the application process,” Ford concluded. If those controls are not adequate, cyber insurance underwriters might have to pay out. Do not let the ransomware rampage swallow your data whole in the coming year; take heed of the warnings and act now to defend your enterprise.
.
