6 steps to stop ransomware taking you hostage

Ransomware is defined as a malware designed to deny an organization access to files or data on their computer.

Ransomware is defined as a malware designed to deny an organization access to files or data on their computer. Image: Getty Images/iStockphoto

Itai Greenberg
Chief Strategy Officer, Check Point Software Technologies
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


This article is part of: Annual Meeting on Cybersecurity

Listen to the article

  • Ransomware is a growing threat, especially for US-based organizations.
  • Cybercriminals increasingly focus on "triple extortion" ransomware attacks, which target individuals' data.
  • Six simple actions can minimize potential exposure to and the impact of ransomware attacks.

According to Cybersecurity Ventures, ransomware will cost its victims around $265 billion by 2031. In the first half of 2023, Check Point Research’s 2023 Mid-Year Report found that 48 ransomware groups admitted breaching and publicly extorting more than 2,200 victims around the world. Forty-five per cent of the attacks were against US-based organizations – far and away more than any other country.

According to Verizon’s 2023 DBIR report, 24% of all cybersecurity breaches involved ransomware. And these ransomware attacks are disproportionally focusing on manufacturing, retail and software services. It’s interesting to note that while government, healthcare and education are the most attacked industries – they are not the main focus for ransomware.

Have you read?

Ransomware is defined as a malware designed to deny an organization access to files or data on their computer. Cybercriminals encrypt the data and demand a ransom payment for the decryption key, hoping the victim will pay to regain access.

In double extortion ransomware attacks, if the ransom isn’t paid, the bad actors will sell the stolen data or publish it in public forums. Increasingly, cybercriminals are resorting to triple extortion where they blackmail individual employees or victims into paying for their data. A recent example is from a plastic surgery clinic in which the clinic refused to pay the ransom, so the hackers contacted patients and threatened to release their health records if they didn’t pay up. At least 70 patients had their health data and photographs published, and one patient is now suing the clinic.


In order to prevent ransomware attacks, organizations need to exercise good security hygiene across on-premise, cloud and hybrid networks all the way up to the board level. There are several actions that leaders can take to minimize exposure to and the potential impacts of an attack.

1. Robust data back-up

The goal of ransomware is to force the victim to pay a ransom in order to regain access to their encrypted data. However, this is only effective if the target actually loses access to their data. A robust, secure data back-up solution is an effective way to mitigate the impact of a ransomware attack.

2. Cyber-awareness training

Phishing emails are one of the most popular ways to spread ransom malware. By tricking a user into clicking on a link or opening a malicious attachment, cybercriminals gain access to the employee’s computer and begin the process of installing and executing the ransomware on it. Frequent cybersecurity awareness training is crucial to protecting the organization against ransomware, leveraging their own staff as the first line of defence in ensuring a protected environment. This training should instruct employees on the classic signs and language that are used in phishing emails.

3. Up-to-date patches

Keeping computers up to date and applying security patches, especially those labeled as critical, can help to limit an organization’s vulnerability to ransomware attacks, as such patches are usually overlooked or delayed too long to offer the required protection.

4. Strengthening user authentication

Enforcing a strong password policy, requiring the use of multi-factor authentication, and educating employees about phishing attacks designed to steal log-in credentials are all critical components of an organization’s cybersecurity strategy.

5. Anti-ransomware solutions

These monitor programs running on a computer for suspicious behaviours commonly exhibited by ransomware; if such behaviours are detected, the program can take action to stop encryption before further damage can be done.

6. Utilize AI-powered threat prevention

Most ransomware attacks can be detected and resolved before it is too late. Automated threat detection and prevention can maximize your chances of protection, including scanning and monitoring of emails, and scanning and monitoring file activity for suspicious files. AI has become an indispensable ally in the fight against cyberthreats. By augmenting human expertise and strengthening defense measures, AI-driven cybersecurity solutions provide a robust shield against a vast array of attacks. As cybercriminals continually refine their tactics, the symbiotic relationship between AI and cybersecurity will undoubtedly be crucial in safeguarding our digital future.


How is the Forum tackling global cybersecurity challenges?

While ransomware attacks can indeed be scary, it is possible to prevent or at least lessen their impact by utilizing the six steps above. And before you pay a ransom, remember that there is no guarantee that you will get your data back or that the hacker will not release it publicly. In fact, by paying a ransom, you are funding the hackers’ efforts and letting other criminal efforts know that you are willing to pay. So focus on preventing the breaches in the first place.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

CrowdStrike content update causes global IT outage, and other cybersecurity news to know this month

Akshay Joshi

July 22, 2024

About Us



Partners & Members

  • Sign in
  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum