Ransomware is probably the most well known of the modern cyber security threats, regularly making the mainstream press when high profile organisations and/or large numbers of users are compromised by the actions of cyber-criminals (BBC News, 2025).
When ransomware began…
I can remember the first time we had to deal with an encryption ransomware attack, having to get to grips with what was going on whilst being under pressure from the client. In that case we fell back on the back-up we had been managing for the client and stripping down the infected machines. Interestingly the second ransomware attack we dealt with was for the same client – as even after training their staff were careless. We never got to fix any subsequent attacks as someone there decided our IT expertise and back-ups, that had saved their business twice, were too expensive and the new supplier said that an in-house nightly back-up would suffice… The company went out of business later that year!
Find out why a simple in-house back-up will not do, even if it is cheap, here.
But the ransomware game moves on…
Ransomware is constantly evolving and one of the first changes was the “double extortion” move. Before encrypting the data – exfiltrate a copy of the data and then not only extort the organisation for the decryption key – which may not work if they have a ransomware resilient backup – but extort them with the threat of releasing or selling their and their customers’ sensitive information onto the Dark Web or the internet.
You still need that backup for a working business continuity plan.
Ransomware – something new…
Ransomware makes cyber-criminals money, which has led “successful” cyber-gangs, following the real-world model, to offer their malicious software-as-a-service to less technically able “wannabe” criminal groups. The latest add-on option available for ransomware-as-a-service (RaaS) is the ability for the attackers to wipe data from the victims’ systems. (Toulas, 2025)
To quote the Trend Micro research team “What further sets Anubis apart from other RaaS and lends an edge to its operations is its use of a file wiping feature, designed to sabotage recovery efforts even after encryption”. It is also believed that threat actors believe this will put more pressure on the victim to pay early and more, rather than stall and negotiate.
Your Takeaway
You need a plan, cyber security tools and a team of professionals you can count on.
But…
There is more to this change in how you have to look at the ransomware threat. But that is for next week.
Clive Catton MSc (Cyber Security) – by-line and other articles
Summer Cyber Security Webinars
The summer webinar series has started. It is not too late to sign up for the rest of the series and then you can get access to the recording of the episodes you missed.
Hack Me If You Can! What’s your excuse? – Sign Up Here
References
BBC News. (2025, July 10). Schools affected by West Lothian cyber attack named. https://www.bbc.co.uk/news/articles/cdxl419eekxo
Toulas, B. (2025, June 17). Anubis ransomware adds wiper to destroy files beyond recovery. BleepingComputer. https://www.bleepingcomputer.com/news/security/anubis-ransomware-adds-wiper-to-destroy-files-beyond-recovery/
Further Reading
Photo by Pixabay
