Speaking at the recent RSA Conference in San Francisco, Rapid7’s Christiaan Beek shared some uncomfortable truths about ransomware.
Asking the simple question of “Why is ransomware still a thing in 2025?”, Beek put it pretty plainly…
You’re out of free articles for this month
We’re making things too easy for the hackers.
“Ransomware remains a crisis because we are still giving attackers the upper hand,” Beek said in a follow-up blog post.
“To regain control, we need to understand how we’ve made it so easy for them, and what we can do to change that.”
Part of the problem is that ransomware users and developers are evolving at the same scale and speed of the network defenders trying to stop them, and raking in tens of millions of dollars while they do so. These profits not only line the pockets of cyber-criminals, but also get reinvested into their own operations.
They buy zero-day exploits, invest in new infrastructure & tooling, and offer bonuses to their best affiliates. With more money and reliable ransomware tools, they can switch ransomware-as-a-service and offer top-line criminal services to entry-level hackers.
And, as Beek points out, as more companies take the route of paying up, some operations raise their ransom demands ever higher.
But for all of this apparent evolution and innovation, many organisations are offering the hackers an inadvertent helping hand.
“A dozen years after attacks like CryptoLocker set the trend for modern ransomware, it remains a critical threat as attackers continue exploiting the same gaps repeatedly. Weak credentials, unpatched vulnerabilities, and poor incident response planning are all maintaining ransomware’s status as a reliable moneymaker,” Beek said.
“Enterprises must get their fundamentals right to break the cycle of attacks.”
Attack surface visibility remains an issue across many organisations, and without knowing what exactly they’re defending, security teams are hamstrung. MFA is not nearly as widely adopted as it should be, and even when it is it’s often misconfigured or not comprehensively rolled out.
Patching known vulnerabilities is similarly problematic, and slow patching can give quick thinking hackers easy access to a company’s crown jewels.
Having access to threat intelligence about how ransomware operators are gaining access to networks is one step toward addressing this problem, while understanding the response capabilities of an organisation in the wake of an attack – when inevitably happens – is another. For Beek, red teaming and regular tabletop exercise are an essential part of testing assumptions regarding response time and establishing business continuity.
“While a lot of companies have this down on paper, they may not have gone into enough depth for the real thing,” Beek said.
“What if an attack strikes and the main decision-maker is on vacation and they didn’t bring their cell to the beach? Who’s the replacement, what happens next? All these things need to be planned out and tested in detail.”
So yes, Beek said, answering his own question: ransomware is still a thing in 2025, because not enough businesses are taking the right stops to stop the opportunistic nature of the threat.
“To start winning this battle, organisations don’t need to take drastic measures,” Beek said.
“They need to get the basics right and take back control. No more giving the adversary easy wins.”