The ransomware epidemic last year was one for the ages, and it’s not over yet. This cybersecurity attack vector took no prisoners and targeted a wide range of victims from individuals, governments, and both public and private companies. According to the Verizon Data Breach Investigation report, ransomware appeared in 10% of breaches, more than doubling in frequency year over year. In addition, the average ransomware demand for small and medium-sized enterprises (SMEs) in 2021 was $146,000. For cyber criminals, this is a lucrative business and it is not expected to disappear in 2022.

What is ransomware, how has it evolved, and what can you do to protect yourself?

Ransomware is a type of malware attack that encrypts valuable files on the affected device, rendering them inaccessible. The bad actors will then demand a ransom, typically in the form of cryptocurrency, to restore access to files, systems, or other data. If the ransom payment isn’t delivered, the bad actors will threaten to sell or publish the victim’s data on the dark web, release it publicly, or share it with competitors, all without providing a decryption key. Ultimately, this would leave the systems inaccessible.

Not only is the frequency of ransomware increasing, but so is its level of sophistication, making it impossible to ignore. Ransomware has evolved in the form of double extortion. This goes beyond a single encryption of data and ransom demand as the bad actors first exfiltrate the critical data to a separate storage location and then threaten to release it publicly. With the potential to quickly spiral out of control, this double extortion technique also opens the door for further ransom demands after the initial payment is resolved. This is due to the victim not knowing that the exfiltration occurred after decrypting the impacted devices or systems. As of June 2021, there have been 35 ransomware families deploying double extortion and that number continues to grow.

Despite the severe and often malicious nature of ransomware, there are proactive measures you can take to mitigate your risk. Cowbell has compiled a list of best practices you can employ right now to protect your organization’s most critical assets:

  • Enable Multi-Factor Authentication (MFA) – Common practice for an added layer of protection to keep accounts more secure and prevent unauthorized access. Consider a mix of elements like authenticator applications (ex. Google, Microsoft), secure ID tokens, and security questions.


  • Utilize endpoint detection and response (EDR) tools to identify ransomware behaviors and file-less malware on all endpoints. Employing this level of automation will enable for early detection and faster response to threats. Cowbell has a partner list of EDR vendors on our Cowbell Rx marketplace.

  • Develop an incident response plan (IRP) and conduct simulation exercises.

  • Patch management on both software and hardware. Activate automatic updates whenever possible.


  • Implement a zero-trust security environment to adapt to the changing landscape, cloud adoption, and hybrid workspace. This framework has a “never trust, always verify” mindset for both inside and outside the network, limiting the ability to move laterally without continuous verification.

  • Embrace cybersecurity awareness training and education – Conduct workshops and exercises to educate employees regularly given the evolving cybersecurity threat landscape. Cowbell offers free cybersecurity awareness training through our Cowbell Rx partner, Wizer.


  • Conduct regular backups that are stored both offline and on separate networks. Test restoring them regularly.


  • Robust password management policy – A strong password policy would include at least ten characters, combination of uppercase and lowercase letters, numbers, and symbols or special characters. Change passwords regularly.

  • Good email hygiene – Verify before opening suspicious emails, take caution with links/attachments/urls from unrecognized senders, and encourage employees to report suspicious activity to IT.