In the ever-evolving landscape of digital threats, Anti-Ransomware Day 2025 serves as a critical reminder of the ongoing battle against one of the most insidious cyber risks facing organizations today. As ransomware attacks continue to grow in sophistication and potential for damage, leading cybersecurity experts are sounding the alarm and sharing pivotal strategies for protection, detection, and recovery.
This roundup brings together insights from top industry professionals, offering a 360-degree view of the current ransomware threat landscape and the most effective approaches to safeguarding digital assets in an increasingly complex technological ecosystem.
++
Kern Smith, VP of Global Solutions at Zimperium
As ransomware threats evolve, mobile devices have become the next frontier. Cybercriminals are increasingly targeting smartphones and tablets with mishing (mobile-targeted phishing) attacks, and exploiting vulnerabilities in apps and operating systems. Yet, many organizations still overlook mobile as a critical attack vector.
Traditional security tools aren't enough. Real-time, on-device protection designed for mobile threats is essential. It's no longer just about protecting desktops—securing mobile environments is key to staying ahead of today’s ransomware tactics.
++
Saeed Abassi, Manager, Vulnerability Research at Qualys Threat Research Unit
In this rapidly evolving cybersecurity environment, understanding the nuances of ransomware attacks and the underlying vulnerabilities they exploit is crucial for building robust defense strategies. Anti-Ransomware Day is an important reminder of the urgent need to stay ahead of these advancing threats. Today’s ransomware attacks are more diverse than ever, impacting everything from operating systems to web applications and networking infrastructure. In recent years, genAI has accelerated this shift, lowering technical barriers and enabling cybercriminals to discover and exploit vulnerabilities more easily, leading to more frequent and sophisticated attacks.
The recent leak of internal communications from the ransomware group Black Basta provided a rare inside look at the layered techniques these actors employ, from credential theft and exploitation of exposed services to the use of legitimate platforms for payload hosting and voice phishing. Ransomware groups are moving faster than ever, often escalating from initial access to full network compromise within hours, leaving defenders little time to respond.
To defend against these accelerating threats, organizations must adopt a proactive and informed cybersecurity strategy. Immediate patching of known exploited vulnerabilities is critical. Patch management must be treated not just as a maintenance function but as a frontline defense mechanism that closes vulnerabilities before attackers can gain a foothold. A high patch rate ensures quick and efficient response, significantly reducing the risk of breach, while a low patch rate leaves organizations exposed. Beyond routine patching, organizations should adopt risk-based prioritization, proactively address vulnerabilities with known exploitation histories, eliminate common misconfigurations, and maintain continuous visibility into all internet-facing assets. Implementing multi-layered defense strategies that address each stage of an attack, from initial access to data exfiltration, is now essential for building resilience against ransomware.
In summary, ransomware is a digital pandemic—traditional defenses are just masks, not armor. To fight back, we need to be proactive and utilize risk-based prioritization; it isn’t a defense—it's a counterstrike. By embracing this mindset and implementing the above mentioned strategies, organizations can strengthen their defenses and stay ahead of the ever-evolving ransomware threat.
++
Heath Renfrow, Co-founder and CISO at Fenix24
While encryption algorithms and file recovery often steal the spotlight in ransomware discussions, the real impact goes far deeper. Ransomware is not just a data issue—it’s a full-scale business operations crisis with consequences that extend well beyond the digital domain.
If your backup system isn’t isolated, monitored, and tested against ransomware, it’s not a backup—it’s a liability. Ransomware exploits operational silos, making rapid detection, coordinated response, and intelligent recovery essential. Only through integrated cybersecurity frameworks and real-time threat intelligence can organizations truly defend and recover.
Anti-Ransomware Day is a powerful reminder: the focus must shift from prevention alone to resilience. Modern recovery requires more than incident response—it demands resilient infrastructure, automated failover, strong restoration capabilities, and speed. The goal isn’t just avoiding ransom payments—it’s minimizing downtime, protecting reputation, and ensuring operational continuity.
++
John Anthony Smith, Founder and CSO at Fenix24
On Anti-Ransomware Day, it's crucial for organizational leadership to recognize that traditional disaster recovery plans, procedures, and technical measures often fail in the face of ransomware attacks. Fenix24’s research has found that 84% of critical backups do not survive threat actors’ behavior. Why? Because these systems and plans are frequently destroyed by the mass destructive behaviors of threat actors.
While there are practice environments security teams can administer, like tabletop exercises, they typically do not prepare organizations for the realities of mass destruction. These exercises often make flawed assumptions about the survivability of recovery systems and are based on limited contexts, leaving organizations unprepared for the complete destruction of all systems.
Without understanding the breach context, specifically what and how threat actors operate, it is impossible to harden, manage, and maintain backup systems that are both survivable and timely recoverable. While most organizations are over-investing in prevention, they largely ignore recovery. The ultimate determinant of survival hinges not on avoiding the initial breach but on the speed and efficacy of restoring operations. The chosen recovery strategy, assuming backup and recovery methods survive, is the single most important decision leadership will make during a mass destruction event.
Let Anti-Ransomware Day serve as an urgent reminder for leaders to prioritize the development and implementation of robust recovery strategies. Ensuring our organizations are thoroughly prepared is paramount in mitigating the potentially devastating impacts of ransomware attacks.
++
Chad Cragle, CISO at Deepwatch
Ransomware remains one of the most disruptive threats to modern institutions, whether you’re running a business, a hospital, a school, city infrastructure or anything in between. Anti-Ransomware Day reminds us of past crises like WannaCry, but the stakes have only grown. Today’s attacks are faster, more calculated, and built to cause maximum disruption. It’s not just about encrypting data, it’s about shutting down operations and exploiting any opportunities. That’s why modern defense strategies must include always-on visibility, rapid containment, and tested recovery protocols. Services like Managed Detection and Response play a central role in that strategy, providing 24/7 threat monitoring and expert-led action when every second counts.
This isn’t just about awareness; it’s about readiness. Ransomware is a business risk, a public safety issue, and a critical infrastructure threat all rolled into one. And it doesn’t care if you’re understaffed, underfunded, or still waiting on that “next quarter” security upgrade. Anti-Ransomware Day should serve as more than a reminder, it’s a prompt to ask whether your organization is ready to respond today, not someday.
++
Stephen Kowski, Field CTO at SlashNext Email+ Security
Ransomware attacks almost always start with a sneaky message-like a fake email, text, or even a voice call-that tricks someone into clicking a link or opening an attachment. Today’s scammers use advanced tricks, including AI-generated messages and deepfakes, to make these scams look and sound real. That’s why it’s so important to stop these threats before they ever reach your team. Using security that can spot and block phishing across email, mobile apps, and even messaging platforms is one of the smartest moves you can make.
On top of that, teaching everyone what these scams look like helps people think twice before clicking. If you combine smart technology with good training, you can stop most ransomware attacks before they even start. In the end, it’s about making sure your defenses work where the attacks begin-right at the first message. That way, you can spend less time worrying and more time getting things done.
++
Sam Peters, Chief Product Officer, ISMS.onlineRansomware continues to be one of the biggest cybersecurity threats organisations face today. Take the recent attack on M&S. The retailer suffered an alleged DragonForce ransomware attack in April resulting from a social engineering tactic. The incident has caused severe disruption impacting contactless payments, online orders, and its Click & Collect service. The attack has not only affected services, but it has also had a colossal effect on the company’s share price and its valuation.
The M&S attack demonstrates that ransomware attacks are becoming more sophisticated than ever before, with hackers increasingly adopting social engineering, double extortion and artificial intelligence-based tactics to inflict greater damage on victims and scale their nefarious activities.
On Anti-Ransomware Day, we are urging organisations to adopt a layered cybersecurity approach but also a company-wide co-ordinated defence strategy. The dynamic nature of current ransomware threats means organisations can’t expect to tackle this threat by investing in a single cybersecurity application.
They need to design and implement a multi-layered, company-wide cybersecurity strategy that provides effective solutions for tackling each step of the ransomware process. This should include cybersecurity awareness training to ensure employees spot phishing and social engineering attack attempts early, the use of a managed detection and response solution and data backups to enable organisations to recover quickly after a ransomware attack.
Industry standards such as ISO 27001 can also play a part in a company-wide defence strategy, guiding risk assessments so businesses understand the impact of ransomware. It supports incident response planning from detection to recovery. It ensures that back-ups are in place and regularly tested. It promotes ongoing staff training to reduce phishing and social engineering risks and helps organisations stay aligned with privacy regulations if personal data is stolen or exposed. In short, ISO 27001 turns ransomware planning from an ad-hoc IT task into a company-wide, coordinated defence strategy.
++
Jeff Gray, Americas Operations VP – XalientThis Ransomware Awareness Day, we are focusing on the risks it poses to digital transformation.
A diverse range of sectors such as Finance, Healthcare, Retail, and Manufacturing are searching for ways to drive innovation, increase connectivity, and gain a competitive advantage. With global networks and an increased capacity to collect and share an influx of fresh data, organizations can enjoy faster connectivity, agility, and responsiveness.
However, no growth comes without risk. As an organization becomes more connected, its network becomes more complex, posing significant challenges to identity and cybersecurity measures. Adopting new technologies such as APIs, LLMs, and the Cloud increases an organization’s attack surface. Across a vast network, their individual machine identities can be a challenge to monitor for anomalies. When considering threats, organizations must also take stock of the risk of human error. In modern work employees operate in a blended environment, moving seamlessly between work applications and personal apps. This can result in a lot of freely available open-source data, or OSINT, which cybercriminals use for social engineering purposes to customise phishing attacks. All it takes is for one employee to click a link in a phishing email, or one machine identity to be exploited, and a bad actor can potentially have access to an organization’s entire database. The results from a ransomware attack can have a devastating effect on business, daily operations, and consumer trust – not to mention the costs incurred from downtime, disruption, and potentially paying the ransom.
If the risk in digital transformation is deemed too high to invest in, organizations can potentially become outdated, which not only poses cybersecurity risks but can also lead to them stagnating and falling behind their competition. As such, organizations should strike a balance between digital transformation and improving their cybersecurity posture, without measures that restrict and slow their workflow. In this instance, a zero-trust framework is an invaluable solution. Zero-Trust strategies practically apply identity and access management capabilities to continuously assess the risk every time resources are accessed within an environment by both employee and machine identities. It only grants access for the right reasons, to the right person, for the right amount of time. In turn, this can prevent employees and threat actors from accessing an entire database and enables a stronger security posture, where keeping personal and sensitive data secure has no impact on productivity or business agility. If a breach occurs, security teams are immediately notified and can respond and resolve the issue.
As the technological landscape continues to develop, driving digital transformation and giving cybercriminals access to new tools and information, organizations must strike a balance between adopting new technologies and improving their cybersecurity measures. To stay ahead, organizations should implement Zero-Trust strategies to support growth, workflow, and keep important data safe and secure.
##