{"id":188112,"date":"2026-02-17T05:00:00","date_gmt":"2026-02-17T10:00:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/17\/why-ransomware-remains-one-of-cybersecuritys-most-persistent-threats\/"},"modified":"2026-02-17T05:10:08","modified_gmt":"2026-02-17T10:10:08","slug":"why-ransomware-remains-one-of-cybersecuritys-most-persistent-threats","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/17\/why-ransomware-remains-one-of-cybersecuritys-most-persistent-threats\/","title":{"rendered":"Why Ransomware Remains One of Cybersecurity\u2019s Most Persistent Threats"},"content":{"rendered":"

Why Ransomware Remains One of Cybersecurity\u2019s Most Persistent Threats<\/a><\/p>\n

https:\/\/www.infosecurity-magazine.com\/news-features\/why-ransomware-remains\/<\/a><\/p>\n

Publish Date: 2026-02-17 05:00:00<\/a><\/p>\n

Source Domain: www.infosecurity-magazine.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. Ransomware is a cybersecurity issue that refuses to disappear. If anything, attacks are becoming more disruptive, difficult to fix and financially costly.<\/p>\n

The average ransom demand in 2025 was $1.3 million and over half of payments cost over $1 million. A stark contrast compared with ransomware attacks a decade ago which saw average ransom demands of under $1000\u00a0according to a Symantec\u00a0report published in 2016.<\/p>\n

Even when victims refuse to pay a ransom in return for a decryption key, ransomware attacks are still costly. You just have to look at the long-term operational and financial impact ransomware attacks had on organizations like Jaguar Land Rover, Marks & Spencer and Asahi in 2025.<\/p>\n

In 2026, there has already been several high-profile ransomware incidents, indicating the problem shows no signs of abating.<\/p>\n

The uncomfortable truth is that ransomware has been known to be significant cybersecurity risk to organizations for at least a decade, but it\u2019s also more disruptive than ever before. So, why is this the case?<\/p>\n

Criminal Hackers Monetize Poor Cyber Hygiene<\/p>\n

While the many successful ransomware groups are well-resourced and can resort to sophisticated social engineering techniques to infiltrate their target, most of the time, it\u2019s the same old cybersecurity vulnerabilities and exposures which provide them with unauthorized network access.<\/p>\n

\u201cRansomware attacks are happening at scale and targeting every type of organization, causing a significant amount of business disruption. CISOs are very much focused on trying to mitigate the threat of ransomware, but unfortunately, it\u2019s just the monetization of poor cyber hygiene,\u201d Gavin Millard, VP of product at Tenable told Infosecurity.<\/p>\n

Cybercriminals continue to use unpatched software vulnerabilities, phishing attacks and the exploitation of weak or re-used passwords to access networks.<\/p>\n

This is compounded with a lack of basic cybersecurity protections like multi-factor authentication (MFA).<\/p>\n

In addition, excessive and unnecessary user permissions remain a major risk. When accounts have access to systems or data they don\u2019t actually need, attackers who compromise those accounts can quietly move laterally across the network, escalate privileges and expand their reach without being detected.<\/p>\n

\u201cThe problem isn\u2019t ransomware itself, the problem is everything before that,\u201d Etay Maor, VP of threat intelligence at Cato Networks told Infosecurity.<\/p>\n

\u201cWe\u2019re still failing with basic stuff. If you ask detection and response team, they\u2019ll tell you that over 80% of attacks are because of a misconfigured security system or an unpatched system.\u201d<\/p>\n

More Complex IT Environments, More Entry Points<\/p>\n

Enterprise networks have become larger and more complex to manage compared with just a decade ago, making the attack surface exponentially larger.<\/p>\n

For instance, cloud infrastructure has become core to how organizations operate. Meanwhile businesses are rapidly rolling out artificial intelligence (AI) tools like chatbots and AI agents as part of their infrastructure.<\/p>\n

These deployments are made with efficiency in mind, but if they\u2019re not configured correctly, they can expand the attack surface. Cloud suites which allow employees to be productive from anywhere can also be exploited by cybercriminals.<\/p>\n

For ransomware actors, abusing legitimate accounts makes it harder for their targets to detect malicious activity. Organizations can monitor the context of how an account is being used, such as it being used at unusual times of day, or engaging in activity not regularly associated with the account, but even then, it may be too late.<\/p>\n

Cybersecurity personnel have limited time windows to fix problems, especially if activities like applying software patches or operation system updates can\u2019t take place during peak business hours. That can easily result in known security issues not being fixed.<\/p>\n

\u201cBehind everything you don\u2019t have fixed, is effort.\u00a0 You\u2019ve only got a finite amount of effort that you can apply to problem. We know that if you have good cyber hygiene for these issues go away. But finding the right things to fix or finding where you could fix things faster is a tough job, especially in a complex environment,\u201d said Millard.<\/p>\n

Social Engineering Users to Bypass Cybersecurity Controls<\/p>\n

Cybercriminals don\u2019t even have to take over accounts themselves: they use social engineering to trick employees into unwittingly compromising networks on their behalf.<\/p>\n

Selena Larson, senior threat intelligence analyst at Proofpoint told Infosecurity, \u201cSocial engineering has always been a part of the overall delivery for cybercrime. But now we\u2019re seeing things like ClickFix, which is absolutely taking over the landscape in terms of initial access.\u201d<\/p>\n

ClickFix is a social engineering technique that uses dialogue boxes containing fake error or verification messages to lure people into copying, pasting and running malicious content on their own computer.<\/p>\n

\u201cIt\u2019s pretty unique, because by convincing users to run a script themselves, they\u2019re getting users to bypass security controls. The threat actor doesn\u2019t really have to do anything except convince somebody to follow these instructions,\u201d Larson added.<\/p>\n

AI Supercharges Ransomware Attacks<\/p>\n

AI has also opened new avenues for attackers, who can now exploit LLMs and other AI tools to help produce customized, bespoke lures, emails and other content, no matter where in the world they\u2019re looking for victims.<\/p>\n

They can also use deepfake audio or video calls to pose as IT support staff or senior executives to manipulate users into performing actions which provide or escalate network access.<\/p>\n

\u201cThey have completely ramped up their operational tempo and their ability to customize and specifically target users in geographical regions with specific lures for the people they\u2019re targeting,\u201d said Larson.<\/p>\n

While the most lucrative ransomware attacks are concentrated around operations by highly organized cybercriminal gangs, the rise of AI-assisted ransomware kits and tactical playbooks means lower-level threat actors are capable of causing big problems for victims.<\/p>\n

Maor noted that AI makes things quicker for attackers and it lowers the bar of what it takes to deploy attacks.\u00a0<\/p>\n

\u201cIn 2016, if you wanted to deploy ransomware, you needed to know things. Now, it can all be taken over by AI: if you want to write some code you can use prompts to get an AI to write it,\u201d he said.<\/p>\n

Why Paying Ransoms Just Means More Ransomware<\/p>\n

Security vulnerabilities, social engineering, AI tools which make it easier for attackers to build and distribute ransomware: these are just some of ways cybercriminals can infiltrate networks, encrypt files and demand a ransom.<\/p>\n

But ultimately, ransomware continues to be an active threat because some victims are paying that ransom. As long as payments to cybercriminals are made, ransomware attacks will continue.<\/p>\n

Tenable\u2019s Millard urged for a different approach to ransomware to be taken.<\/p>\n

\u201cYou should not pay your way out of the fact you didn\u2019t have a robust incident and response or disaster recovery plan,\u201d he said. \u201cBecause all you\u2019re doing is enabling attackers to invest more money into making ransomware faster and more scalable.\u201d<\/p>\n

Conclusion: Stronger Security Cuts Ransom Risk <\/p>\n

Putting robust security controls in place to prevent attackers from accessing an organization\u2019s network is a key step\u00a0in avoiding ever having to consider paying a ransom.<\/p>\n

Maor quipped, \u201cThere\u2019s a quote from Pirates of the Caribbean, Jack Sparrow says \u2018The problem is not the problem, the problem is your attitude about the problem\u2019. The problem isn\u2019t ransomware itself; the problem is everything before that.\u201d<\/p>\n

\u201cIt\u2019s the way we detect, mitigate and prevent all the steps that lead to the actual doom of the ransomware itself,\u201d he added.<\/p>\n

By applying security patches and updates, by enforcing multi-factor authentication on user accounts, by ensuring that the security team is well-resourced and has enough time to detect and examine potential red flags which might indicate there might be a problem, it can help to disrupt ransomware attacks before they happen.<\/p>\n

It can be difficult to encourage boards to invest in these things. But the cost of prevention is far cheaper than the cost of dealing with a ransomware attack.<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Why Ransomware Remains One of Cybersecurity\u2019s Most Persistent Threats https:\/\/www.infosecurity-magazine.com\/news-features\/why-ransomware-remains\/ Publish Date: 2026-02-17 05:00:00 Source…<\/p>\n","protected":false},"author":1,"featured_media":188113,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/76085d95-1e66-4640-9d3a-4dee111fb6ce.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,24,31,25,34],"class_list":["post-188112","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-cybersecurity","tag-exploit","tag-phishing","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/188112"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=188112"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/188112\/revisions"}],"predecessor-version":[{"id":188114,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/188112\/revisions\/188114"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/188113"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=188112"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=188112"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=188112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}