Share this article on:
Powered by MOMENTUMMEDIA
Breaking news and updates daily.
Rapid7’s senior director of threat analytics, Christiaan Beek, has some thoughts about ransomware’s continuing and growing threat and how many organisations are unwittingly aiding the criminals.
Speaking at the recent RSA Conference in San Francisco, Rapid7’s Christiaan Beek shared some uncomfortable truths about ransomware.
Asking the simple question, “Why is ransomware still a thing in 2025?” Beek put it pretty plainly: we’re making things too easy for the hackers.
“Ransomware remains a crisis because we are still giving attackers the upper hand,” Beek said in a follow-up blog post.
“To regain control, we need to understand how we’ve made it so easy for them, and what we can do to change that.”
Part of the problem is that ransomware users and developers are evolving at the same scale and speed as the network defenders trying to stop them and raking in tens of millions of dollars while they do so. These profits not only line the pockets of cyber criminals but also get reinvested into their own operations.
They buy zero-day exploits, invest in new infrastructure and tooling and offer bonuses to their best affiliates. With more money and reliable ransomware tools, they can switch to ransomware-as-a-service and offer top-line criminal services to entry-level hackers.
And, as Beek points out, as more companies take the route of paying up, some operations raise their ransom demands even higher.
However, for all of this apparent evolution and innovation, many organisations are offering the hackers an inadvertent helping hand.
“A dozen years after attacks like CryptoLocker set the trend for modern ransomware, it remains a critical threat as attackers continue exploiting the same gaps repeatedly. Weak credentials, unpatched vulnerabilities, and poor incident response planning are all maintaining ransomware’s status as a reliable moneymaker,” Beek said.
“Enterprises must get their fundamentals right to break the cycle of attacks.”
Attack surface visibility remains an issue across many organisations, and without knowing what exactly they’re defending, security teams are hamstrung. Multifactor authentication (MFA) is not nearly as widely adopted as it should be, and even when it is, it’s often misconfigured or not comprehensively rolled out.
Patching known vulnerabilities is similarly problematic, and slow patching can give quick-thinking hackers easy access to a company’s crown jewels.
Having access to threat intelligence about how ransomware operators are gaining access to networks is one step towards addressing this problem, while understanding the response capabilities of an organisation in the wake of an attack – when it inevitably happens – is another. For Beek, red teaming and regular tabletop exercises are an essential part of testing assumptions regarding response time and establishing business continuity.
“While a lot of companies have this down on paper, they may not have gone into enough depth for the real thing,” Beek said.
“What if an attack strikes and the main decision-maker is on vacation and they didn’t bring their cell to the beach? Who’s the replacement, what happens next? All these things need to be planned out and tested in detail.”
So, yes, Beek said, answering his own question: ransomware is still a thing in 2025 because not enough businesses are taking the right stops to stop the opportunistic nature of the threat.
“To start winning this battle, organisations don’t need to take drastic measures,” Beek said.
“They need to get the basics right and take back control. No more giving the adversary easy wins.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.