Winning the war on ransomware with multi-layer security

Following another year of widespread attacks across every industry, organizations cannot afford to ignore the threat posed by ransomware gangs. Ransomware gangs are constantly innovating, and traditional defense strategies are being outpaced by new threats such as fileless malware and AI-driven attacks.

If we want to protect our businesses, safeguard the economy and keep the lights on in our hospitals and critical national infrastructure, the cybersecurity industry needs to radically rethink its approach.

What can we expect from ransomware gangs in 2025?

Ransomware gangs have a way of coming back in one form or another. Given their track record as the world’s most prolific ransomware gangs, it would be wise to assume that LockBit, REvil, and Conti will all make an unwelcome comeback before long. Despite being taken down by the National Crime Agency (NCA) in February last year, unknown individuals claiming to represent the LockBit gang recently hinted at an impending release of a new locker malware, LockBit 4.0. It’s only a matter of time.

Elsewhere, RansomHub, Play and DragonForce are among several new ransomware groups quickly gaining notoriety within the cybersecurity industry. These new gangs share a common characteristic of attacking critical infrastructure. In the US, last year’s American Water shutdown was a catastrophic example of the growing threat ransomware gangs pose to critical infrastructure. In the UK, the impact has become so severe that the government has been pushed to ban local councils, schools and the NHS from making ransomware payments.

Ransomware gangs – old and new – chiefly rely on double extortion tactics, exploiting supply chain weaknesses and DDoS attacks. Organizations that continue to rely on reactive defenses or behavior-based detection are vulnerable to these tactics. Software defenses by themselves are too easily evaded. To truly combat the multi-faceted approach of ransomware gangs, organizations must integrate multi-layered approaches, combining advanced software solutions with proactive hardware defenses, robust backup strategies and rigorous employee training.

The limitations of software

The tools and tactics used by cybercriminals are advancing at such a pace that even today’s most advanced software-based cybersecurity will eventually become obsolete. Reliance on security software by itself depends on continual updates and vigilance. It also places the burden of cybersecurity on users, who must always be on alert to detect and respond to threats such as phishing attacks. This is worrying given that human error persists as the leading cause of security lapses.

What’s more, AI has greatly improved the social engineering capabilities of ransomware gangs. Previously, phishing emails could be detected by tells such as poor spelling or unnatural phrasing. Now, advanced AI chatbots can write more fluently than most humans and deepfake technology can produce convincing audio and visual communications. We need to remove humans from the equation which just isn’t possible when relying on software alone.

A further issue for businesses relying on software security is that it is interconnected with their wider digital ecosystem, which makes it inherently vulnerable to attackers. The trouble with software security is not that it doesn’t work, but that it only works up to a point. Since many businesses assume that software is the only game in town for cybersecurity, ransomware gangs will continue to thrive by exploiting its limitations. It’s time for businesses to change this narrative and embrace multi-layer security solutions.

Rethinking ‘zero trust’ from hardware up

Hardware-based solutions should be a non-negotiable for modern cybersecurity. By integrating a hardware layer alongside software, businesses ensure that their security remains intact, even if their software layer fails. Hardware security can also incorporate proactive security driven by AI. This means that businesses have an additional round-the-clock security team that can pre-empt attacks before they have a chance to cause harm. Moving from reactive to proactive defenses will be a critical step towards stopping ransomware gangs in their tracks.

When it comes to zero trust security – the cybersecurity approach that assumes no one inside or outside a network should be trusted by default – the concept is extremely valuable, but it often falls short in practice. Humans must put together the underlying IT infrastructure and make judgements where an exception may be needed.

This brings us back to the innate risk of relying on human beings. The way to build true zero trust is to incorporate new tools that are embedded within endpoint hardware. Features like hardware-verified boot, firmware integrity checks and automatic recovery ensure that security is built directly into the hardware itself.

To further mitigate human error, AI-driven policy engines can be used to enhance hardware-based security. AI analyses data from trusted hardware components to enforce zero trust. By combining AI with hardware security, businesses can automate policies, detect threats in real time and minimize software vulnerabilities.

There’s no time to wait

Ransomware gangs show no signs of slowing down. The unfortunate corollary of AI development is that bad actors are exploiting this advancing technology to increase the scope and power of their attacks. Traditional cybersecurity methods are not equipped to combat the rising tide of AI-powered attacks, and security teams must adopt a multi-layer approach to break the grip of ransomware gangs.

We feature the best endpoint protection software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro