Why banning ransomware payments is only a limited fix

JumpCloud's Chief ISO explains how ransomware attacks are still a threat despite proposed legislation and discusses some key defence strategies

Ransomware payments saw a significant drop from an all-time high of $1.2 billion (£930 million) in 2023 to $813 million (£650 million) in 2024, thanks to law enforcement efforts.

A series of coordinated operations in Ukraine in 2024 led to the arrest of critical members of LockBit, a notorious ransomware group responsible for over 2,000 attacks across more than 70 countries, including the UK, where they extorted over £90 million in ransom.

While this progress reflects the effectiveness of law enforcement and international cooperation, and a growing resistance among victims to ransom demands, it’s not time to let our guard down. 

Despite the decline in high-profile attacks, smaller ransomware players are still active, and their numbers continue to grow. JumpCloud’s 2024 IT Trends report shows that over half of IT administrators surveyed still rank ransomware among their top three security threats, and with good reason.

The UK government is proposing legislation aimed at curbing ransomware payments with an aim to cut off the flow of money to criminals and discourage attacks on UK businesses. This would also help authorities disrupt and investigate ransomware activities more effectively by enhancing intelligence around the payment landscape.

While this is a positive step, focusing solely on banning payouts addresses the surface symptoms but does not solve the core issue. A more comprehensive approach that involves preventive technology to shield businesses from ransomware attacks is more essential.

Zero Trust: a proactive security strategy

Ransomware thrives on weak security practices. The most effective way to guard against it is through a proactive, multi-layered security strategy such as Zero Trust. This approach assumes that no user or device, whether inside or outside the company network, can be trusted by default.

At its foundation, Zero Trust calls for strict security measures like requiring multi-factor authentication (MFA) for every user account. This ensures that, even if credentials are stolen, there is another layer of defence in place and stolen credentials alone will not be usable. Implementing controlled, limited access to sensitive systems, based on device verification and location, also helps reduce risks. Enforcing Conditional Access Policies ensures that only authenticated users and trusted devices can reach business resources.

One key aspect of ransomware defence is safeguarding your backup data. Isolated, secure backups are crucial in ensuring that data can be restored after an attack, especially if ransomware tries to corrupt or delete backups. Testing these backups regularly and conducting ransomware simulation exercises can prepare companies for actual incidents, strengthening their response strategies.

Solid cyber hygiene across the entire organisation is equally important. Regularly applying patches to known vulnerabilities, continuously monitoring for suspicious activity, and reducing potential attack points can stop ransomware threats before they escalate.

Adopting a “Never Trust, Always Verify” mentality backed by strong access control policies, real-time monitoring, and cloud-based security management can significantly strengthen defences against ransomware. This proactive stance makes it harder for attackers to exploit weaknesses before they can launch their attacks.

The first line of defence is your team

Even the best technology can only do so much. Your team is an essential part of your defence strategy. Training employees on recognising phishing and social engineering techniques can drastically reduce the likelihood of falling victim to ransomware. Regular training on best practices, like avoiding suspicious downloads and reporting unusual activity, can heighten awareness across the organisation. Empowering employees to stay vigilant helps close security gaps and lowers the chances of a successful attack.

Although global efforts to crack down on ransomware groups and legislative measures to restrict ransom payments are making headway, the threat is not going away. However, by adopting stronger technology solutions and creating a culture of cybersecurity awareness within your organisation, you can play an active role in reducing ransomware risks worldwide.

Robert Phan is the chief information security officer (CISO) at JumpCloud. 

Read more

What should companies do to respond to ransomware attacks? – When it comes to mitigating the dangers of ransomware attacks to your organisation, a strong security solution that fits your operations needs to be in place

The increasing impact of ransomware on operational technology – Dragos research has found a surge in ransomware attacks on operational technology, disproving that such threats only target IT

Related Topics

Cyber Defence
Ransomware