What is ransomware?
In 2025, ransomware is no longer just malicious software that encrypts your machines. It has morphed into something more dangerous: extortion built on stolen data. Attackers don’t stop at locking files; they now harvest sensitive information from SaaS platforms and internal networks, giving them leverage far beyond encryption keys. And their threats aren’t confined to dark web leaks. Increasingly, they pressure victims by threatening to expose data directly to regulators, insurers, or even customers. It’s not just about endpoint security anymore — it’s about protecting the entire cloud and network environment your business runs on.
So far this year, 4,441 organisations have been publicly listed as ransomware victims. More than 51% of those paid, according to Cybersecurity Ventures, resulting in roughly 2,268 ransom payments, with median payments averaging $1 million per breach. That puts ransomware payouts this year well into the multi-billion-dollar range.
And these attacks aren’t just hitting small or midsize companies. In July, global IT distributor Ingram Micro confirmed a ransomware-related incident that disrupted internal systems and order fulfilment. While the company quickly mobilised cybersecurity experts and notified law enforcement, the attack demonstrated a growing truth: no organisation is immune.
A Ransom Note… and a Checklist to Keep Them Away
The Akira ransomware gang doesn’t just extort. They operate with the polish of a support team and the gall to offer post-attack “advice”.
In a real negotiation transcript, Akira encrypted an organisation’s systems, demanded $600,000 and ultimately settled for $200,000. But their final message didn’t just include a decryption tool, it came with a security checklist.
“Don’t want us to hack you again? Here’s what you need to do”.
Their advice included:
- Don’t open suspicious emails or run unknown files
- Use strong passwords, changed monthly
- Enable 2FA
- Keep systems and software updated
- Monitor traffic and use antivirus
- Create VPN jump hosts with unique credentials
- Train your employees: “The human factor is your weakest point”.
They signed off with this unsettling note: “We wish you safety, calmness, and lots of benefits in the future”.
You Shouldn’t Need a Ransom Note to Discover What’s Broken
What’s most disturbing isn’t what Akira did, it’s that they’re right. Too many organisations only discover their security gaps after a breach. That needs to change.
Here’s what real cyber resilience looks like in 2025:
- Advanced Endpoint Detection and Response
Lock down apps, enforce endpoint firewalls, and automate patching with platforms like WatchGuard EPDR, so attackers can’t exploit known weaknesses. - Smarter MFA Everywhere
Strengthen authentication with custom MFA solutions like AuthPoint, designed to secure not only cloud apps and VPN access, but also device-level login like Windows. This closes a critical gap in most identity strategies. - ZTNA and SASE-Based Protections
Adopt Zero Trust Network Access (ZTNA) and SASE-based firewalls to filter cloud services (like Microsoft 365) and restrict access to only validated connections. This helps eliminate the common VPN jump host vector attackers rely on. - Segment Your Networks
Use your firewall to isolate sensitive systems. Separate user traffic from management networks with tools like WatchGuard FireCloud, keeping your most privileged controls walled off. - Keep Firewalls Current
A firewall isn’t a “set it and forget it” tool; it’s only as effective as its latest update. No matter which vendor you use, regularly updating firmware and security services ensures your defences evolve alongside attackers. Neglecting updates leaves cracks in the wall that adversaries are quick to exploit. Modern tabletop firewalls, for example, are built to deliver strong protection, but only when they’re kept current.
If you’re a managed service provider (MSP) or cybersecurity partner supporting customers through this evolving threat landscape, helping them mature across these areas is no longer optional, it’s your differentiator. Whether you’re building custom offerings or scaling a managed security practice, you shouldn’t have to do it alone.
What Real Security Looks Like
The Akira case is both a glimpse into the future and a warning about the present. You don’t just need better tools. You need a complete strategy that works in real life.
WatchGuard solutions help both organisations and partners deliver Real Security for the Real World, built for imperfect environments, tight budgets, and complex demands.
Our Unified Security Platform®, combined with 24/7 MDR services, helps you prevent, detect and respond before attackers make the first move. Don’t wait to learn from your attacker. Take the first step toward stronger cybersecurity – contact the Dolos team for more details.
