ransomware – CIO.works

Majority of Chief Information Security Officers (CISOs) Consider Paying Cybercriminals to End Ransomware Attacks, According to New Absolute Security Research

By CIO / Blog / ransomware, report, breach

A new Absolute Security report reveals that 58% of Chief Information Security Officers (CISOs) would consider paying cybercriminals to end ransomware attacks, with operational downtime ranked as the most significant impact. The study also found that ransomware attacks often originate on endpoint devices, recovery times can be extensive—some taking up to two weeks—and many organizations still lack remote recovery capabilities despite widespread availability.

https://www.businesswire.com/news/home/20260512727565/en/Majority-of-Chief-Information-Security-Officers-CISOs-Consider-Paying-Cybercriminals-to-End-Ransomware-Attacks-According-to-New-Absolute-Security-Research

Google Drive Ransomware Detection Now on by Default for Paying Users

By CIO / Blog / cybersecurity, ransomware, tools, google

Google has announced that its AI-powered ransomware detection feature for Google Drive is now generally available and enabled by default for all paying users with business, enterprise, education, and frontline licenses. The feature pauses file syncing upon detecting ransomware, alerts users and admins, and provides detailed file restoration instructions, significantly reducing ransomware impact on stored documents.

https://www.bleepingcomputer.com/news/security/google-drive-ransomware-detection-now-on-by-default-for-paying-users/

Ransomware and Phishing Still Drive Data-Security Incidents, But AI’s Shadow Looms

By CIO / Blog / phishing, AI, ransomware, threats

The 12th annual Data Security Incident Response Report by law firm BakerHostetler reveals that ransomware demands averaged $4.24 million last year, rising 70%, while phishing caused 30% of data-security incidents. The report highlights AI's growing role in cyberattacks, evolving beyond phishing enhancement to sophisticated social engineering and automated hacking, signaling a significant shift in the cybersecurity landscape.

https://www.digitaltransactions.net/ransomware-and-phishing-still-drive-data-security-incidents-but-ais-shadow-looms/

Ransomware’s New Era: Moving at AI Speed

By CIO / Blog / AI, cybersecurity, ransomware, threats

Ransomware attacks are accelerating in speed and sophistication, with threat actors increasingly using artificial intelligence to quickly exploit valid credentials and bypass traditional security tools like endpoint detection and response (EDR). Reports from Halcyon and Arctic Wolf highlight that ransomware tactics have evolved from encrypting data to multi-extortion schemes and direct victim targeting, while AI enables automated, high-fidelity social engineering, making defense more challenging and emphasizing the need for improved access management and transparency in cybersecurity efforts.

https://www.darkreading.com/endpoint-security/ransomware-new-era-moving-ai-speed

Crypto Ransomware: 2026 Crypto Crime Report

By CIO / Blog / cybersecurity, ransomware, report

Total ransomware payments dropped 8% to $820M in 2025 amid a 50% rise in attacks; median ransom rose 368% to nearly $60,000. Criminals and state-linked entities share infrastructure. Law enforcement disrupts enabling services rather than just targeting groups. Ransomware incidents increasingly affect critical infrastructure, and Initial Access Brokers facilitate these attacks. While revenue declines, the complexity and impact of attacks increase, necessitating robust defenses against evolving methods.

https://www.chainalysis.com/blog/crypto-ransomware-2026/

Hackers Increasingly Prefer Fast and Low-Complexity Attacks

By CIO / Blog / trends, threats, cybersecurity, ransomware

Hackers are increasingly favoring fast, low-complexity attacks over sophisticated exploits, prioritizing accessible entry points like phishing and remote access services. Many ransomware attacks utilize existing controls, exploiting vulnerabilities or stolen credentials to gain access and move quickly from breach to impact. Incident responders emphasize the importance of basic defenses such as vulnerability management, access controls, and monitoring, while also highlighting the persistence of configuration issues, including stale credentials and insufficient visibility into cloud identities.

https://www.databreachtoday.com/hackers-increasingly-prefer-fast-low-complexity-attacks-a-30787

2025 Cloud Threat Hunting and Defense Landscape

By CIO / Blog / cybersecurity, cloud, ransomware, threats

Extreme TLDR Summary:

Insikt Group's report highlights escalating cloud threats, focusing on exploitation, misconfiguration, and credential abuse. Attackers exploit weak cloud services and credentials for broad victim access, using built-in functions for malicious actions. Key trends include registered cloud resources for attacks, diminishing DDoS effectiveness, and targeting AI services. Cloud misconfigurations remain a significant risk. Prevention requires maintaining service inventories, enforcing access controls, and patching vulnerabilities, especially as cloud environments evolve rapidly, increasing potential entry points for attackers.

https://www.recordedfuture.com/research/2025-cloud-threat-hunting-defense-landscape

Please Don’t Feed the Scattered Lapsus ShinyHunters

By CIO / Blog / cybersecurity, ransomware, threats

Scattered Lapsus ShinyHunters (SLSH) extorts companies through harassment, threats, and media manipulation, often resulting in victims feeling pressured to pay. Unlike traditional ransomware groups, SLSH employs chaotic tactics, including physical threats to executives and their families, and lacks trustworthiness. Experts recommend against negotiating with SLSH, as involvement often escalates harm without guarantees of data recovery. The group thrives on media attention and psychological manipulation, making non-engagement the best strategy for victims.

https://krebsonsecurity.com/2026/02/please-dont-feed-the-scattered-lapsus-shiny-hunters/

The Case for a Ransom Payment Ban and When It Might Happen

By CIO / Blog / regulation, ransomware, payments

Jen Ellis, co-chair of the Ransomware Task Force, predicts a partial ransom payment ban in Britain. While not a perfect solution, it addresses the ethical concerns of funding cybercrime. The ban will likely follow the implementation of the revamped Cyber Action Plan and the Cyber Security and Resilience Bill.

https://www.bankinfosecurity.com/interviews/case-for-ransom-payment-ban-when-might-happen-i-5520

From Cipher to Fear: The Psychology Behind Modern Ransomware Extortion

By CIO / Blog / cybersecurity, ransomware, threats, psychology

Ransomware tactics have evolved from simple file encryption to complex extortion schemes, leveraging stolen data, legal threats, and psychological pressure. The ecosystem is fragmented, with various groups sharing tools and methods, making response and attribution difficult. Security strategies must adapt: prepare for reputation and legal risks, enhance cyber hygiene, focus on exploited vulnerabilities, and optimize configuration management. Today's ransomware operates on human and legal manipulation rather than just malware, necessitating a proactive approach to risk management.

https://www.bleepingcomputer.com/news/security/from-cipher-to-fear-the-psychology-behind-modern-ransomware-extortion/