Understanding the Urgency of Today’s Most Disruptive Cyber Threat

Ransomware attacks have continued to plague businesses throughout 2025. In 2025, the surge in ransomware attacks continues to expose even the most well-resourced organisations, turning operational resilience and cyber maturity into a boardroom conversation.

Marks & Spencer faced a ransomware attack that went viral earlier this year. The attack was pervasive, affecting the company’s IT systems and operations. The disruption meant that they were unable to accept online orders and they are now reporting that they estimate the attack will cost them £300 million.

After the viral Marks & Spencer’s attack, Harrods and Co-op were targeted with other ransomware attacks. Their online and onsite services were impacted with Co-op having to shut down parts of its IT system. These aren’t isolated incidents; they reflect a sustained and calculated assault on businesses, both private and public.

Public bodies face similarly persistent cyber-attacks. Though we are aware of many ransomware attacks on public bodies, we rarely learn the full details of the attack, but this is set to change. The introduction of the Cyber Security and Resilience Bill introduces tougher regulations on reporting cyber incidents to the government.

The rise of ransomware

More than 40% of UK organisations experienced a cyber security breach or attack in the last 12 months. The profitability of ransomware attacks makes them highly attractive to cyber criminals. When a business’s operations halt, many choose to pay ransoms in exchange for quick restoration of services, reinforcing the incentive to continue these attacks. Even when companies refuse to pay ransoms, attackers can profit by selling stolen data or offering access to other malicious actors.

Sophisticated groups like REvil, DarkSide, and Conti have refined tactics like double extortion, where data is not only encrypted but also exfiltrated, with the threat of public release if the ransom is not paid. This has hit large organisations hard, with Maze ransomware making waves by targeting businesses like Canon and LG Electronics using this method.

The Ransomware-as-a-Service (RaaS) model further increases accessibility for less experienced hackers by allowing them to “rent” ransomware tools. This is something Conti famously used during its 2021 attack on Ireland’s Health Service Executive (HSE), which crippled healthcare services across the country.

While attacks result in ransomware payments, they are going to continue to increase. Attackers don’t need to be especially technical and benefit from anonymity while they can hide behind their screens. They can also send out a high volume of ransomware emails, increasing the likelihood that someone will fall for the attack by mistakenly clicking a malicious link.

This has solidified the existence of ransomware groups such as LockBit, Conti, DragonForce and Clop. All have taken responsibility for some of the biggest ransomware attacks within the last few years. Their targets have included government organisations, large technology companies, and manufacturing operators.

The Ripple Effect of Ransomware

Ransomware attacks are among the most disruptive and financially damaging threats that an organisation faces. As their sophistication and frequency increase, organisations across sectors are being forced to reckon with the far-reaching consequences. These extend beyond the direct victims, impacting entire supply chains, stakeholders, and even national security. Understanding these ramifications is crucial for organisations aiming to bolster their cyber resilience.

Despite increasing awareness, and the devastating impact of ransomware attacks, effective and foolproof protection remains elusive. The challenges are multifaceted, encompassing technical, strategic, and human factors.

Multi-layered Defences

For organisations seeking to further strengthen their defences, advanced anti-ransomware solutions provide additional safeguards. Our partner, Halcyon’s anti-ransomware solution provides an intelligent agent that captures the encryption event, shuttles the keys into a secure enclave and, after the malicious process is blocked, automatically decrypts any impacted files on the endpoint. This eliminates any need for your organisation to even consider paying a ransom.

Importantly, such platforms are designed to integrate with existing endpoint security solutions, offering additional layers of defence without requiring wholesale changes to security architecture.

Cyber criminals target everyone either directly or indirectly. By creating a multi-layered defence, you will build a truly secure security infrastructure.

Cyber criminals don’t discriminate every organisation, directly or indirectly, is a potential target. Building a multi-layered defence strategy is essential to ensuring resilience, continuity, and trust. For IT leaders, this means investing not just in technology, but in people, processes, and partnerships that elevate organisational security maturity.