Why Ransomware Remains One of Cybersecurity’s Most Persistent Threats
Why Ransomware Remains One of Cybersecurity’s Most Persistent Threats
https://www.infosecurity-magazine.com/news-features/why-ransomware-remains/
Publish Date: 2026-02-17 05:00:00
Source Domain: www.infosecurity-magazine.com
Ransomware is a cybersecurity issue that refuses to disappear. If anything, attacks are becoming more disruptive, difficult to fix and financially costly.
The average ransom demand in 2025 was $1.3 million and over half of payments cost over $1 million. A stark contrast compared with ransomware attacks a decade ago which saw average ransom demands of under $1000 according to a Symantec report published in 2016.
Even when victims refuse to pay a ransom in return for a decryption key, ransomware attacks are still costly. You just have to look at the long-term operational and financial impact ransomware attacks had on organizations like Jaguar Land Rover, Marks & Spencer and Asahi in 2025.
In 2026, there has already been several high-profile ransomware incidents, indicating the problem shows no signs of abating.
The uncomfortable truth is that ransomware has been known to be significant cybersecurity risk to organizations for at least a decade, but it’s also more disruptive than ever before. So, why is this the case?
Criminal Hackers Monetize Poor Cyber Hygiene
While the many successful ransomware groups are well-resourced and can resort to sophisticated social engineering techniques to infiltrate their target, most of the time, it’s the same old cybersecurity vulnerabilities and exposures which provide them with unauthorized network access.
“Ransomware attacks are happening at scale and targeting every type of organization, causing a significant amount of business disruption. CISOs are very much focused on trying to mitigate the threat of ransomware, but unfortunately, it’s just the monetization of poor cyber hygiene,” Gavin Millard, VP of product at Tenable told Infosecurity.
Cybercriminals continue to use unpatched software vulnerabilities, phishing attacks and the exploitation of weak or re-used passwords to access networks.
This is compounded with a lack of basic cybersecurity protections like multi-factor authentication (MFA).
In…
