The hard truth about ransomware: we aren’t prepared, it’s a battle with new rules, and it hasn’t near reached peak impact.

I’ve talked about ransomware and extortion attacks on organizations for about a decade. I recently spent a year at Microsoft in Threat Intelligence in Redmond, which included tracking ransomware gangs. I’ve been on the front lines of cybersecurity at the coal face — I am again now — for decades, and the reality is: Houston, we have a (big) problem.

We are rebuilding entire economies around technology, while having some fundamental issues reducing foundations to quicksand.

What we are seeing currently is a predictable crisis, which hasn’t yet near peaked. I’m not sure people generally understand the situation yet. The turning circle to taking action is large. With this post, I hope to lay out the reality, and some harsh truths people need to hear.

I also want to state upfront that I’ve seen some cybersecurity vendor industry people beating themselves up about the situation. My take: stop that. People have done amazing work over the years on this subject, and incredible amounts of attacks are stopped due to said work.

The reality is, however, the threat is becoming overwhelming and I believe an existential crisis for the security industry, and so their customers.

We are stuck in a self eating circle, and it’s time to ask for help.

What a modern ransomware attack means

Before I begin, I do specifically want to highlight this tweet for non-technical audience, to explain what the experience of an organization going through a ransomware attack is like:

I want to give a specific example. You’ve all heard of the pipeline attack, where panic buying lead to gas shortages.

I don’t want to talk about that one.

I want to talk about hospitals in Ireland. Here’s a photo, provided by one of the impacted hospitals in the past few days, with army officers drafted in to help restore Windows 7 PCs: