Skip to content Skip to footer

Loading Results

Ransomware: four things you need to know about the new dangers — and what you should do

Ransomware attacks are becoming more common, more effective and more costly. Has your company studied the threats, strengthened its defenses and made a plan in case an attack succeeds?

Ransomware attacks are seizing headlines, but the reality is even darker. Most victims never appear in the media, since they quietly pay to make the problem go away. The danger is intensifying as threats multiply, their sophistication rises, and the ransoms hackers demand become higher and higher.

What would you do if tomorrow hackers breach your systems and lock you out of your own data and systems? They can hold hostage assets such as your customers’ credit card numbers, or critical business processes on which your operations depend, or sensitive data that you are bound by law to protect. The hackers have increasingly used a 1-2 punch by saying: pay up to get your data unlocked and/or pay up or we release all your data on the internet. A permanent lockout could cripple your operations. A public release could harm your customers, poison your brand and provoke regulatory scrutiny and heavy fines.

The four new dangers

You can reduce the risks, but you need to act now. Here are four things you need to know about the new dangers.

Protecting against these costly, sophisticated ransomware schemes

Your first defense: be better than your peers.

Ransomware criminals will choose the most lucrative and softest targets, so it’s wise to harden your defenses and encourage hackers to look elsewhere. Make your cybersecurity top-notch, with multi-factor authentication on all accounts (including VPN access), robust patching and vulnerability management, up-to-date antivirus and intrusion detection systems, and remote desktop protocols (RDP) that are either disabled or not accessible from the internet. 

Understand where your critical data is located, the implications (including regulatory requirements) of any breach, and what you would need to recover in order to create a ‘minimum viable company.’ Create and check offline backups, along with a robust restore procedure. Define and test how much disruption you can tolerate, so if an attack does succeed, you can make the right decision about paying ransom.

Plan now to recover from an attack.

If you are hit, having a plan ready can cut your losses and get you back up and running quickly. Having segregated full and incremental backups available to restore can help you get back in business and reduce operational impact. Otherwise, even if you pay a ransom, recovery may be slow and costly, since IT environments are complex and information about critical systems may be unclear. After ransomware criminals return data and provide decryption keys, it’s all too common for companies that lack a plan to face a long and slow recovery: ransomware tools may have corrupted data and IT teams may not have the needed decryption skills.

Develop and exercise today incident response and crisis plans. Test these plans for a catastrophic ransomware scenario, where common security and IT tools may be unavailable and recovery efforts could require weeks or months. Make sure you have the technical expertise to respond to the attack by determining its cause, investigating its extent, containing the breach and expelling the attacker from your environment.

Bottom line

Ransomware is a major and growing danger, against which you must strengthen defenses and develop a response plan, right now. Ransomware criminals are multiplying, attracting new cyber talent, innovating malware, and acting with impunity. To reduce the risks, your defenses and incident response plan must be both top-notch and continually evolving. The right defense plan will also be unique to your organization: it will consider your critical needs, your current and potential defenses, your vulnerabilities and your organizational ethos.


Contact us

John Boles

Principal, Cybersecurity and Privacy, PwC US

Joseph Nocera

Cyber & Privacy Innovation Institute Leader, PwC US

Matt Gorham

Senior Fellow, Cyber & Privacy Innovation Institute, PwC US

Sean Joyce

Global Cybersecurity & Privacy Leader, US Cyber, Risk & Regulatory Leader, PwC US

Follow us

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.