While traditional defences like firewalls, antivirus software, and employee training remain essential, the surge in ransomware incidents highlights a critical truth; when an attack hits, the difference between recovery and ruin often comes down to the strength of an organisation’s backup strategy. That’s why more defenders are turning to a powerful yet often overlooked approach in the age of always-online systems, secure offline storage and device-level encryption. By keeping data physically disconnected and cryptographically protected, organisations can dramatically reduce the impact of even the most sophisticated ransomware attacks.
The Evolving Ransomware Landscape
According to Zscaler ThreatLabz, ransomware attempts blocked in their environment rose by 146% year over year; one of the sharpest spikes in recent memory. ZeroFox also recorded nearly 1,961 ransomware and digital extortion incidents in Q1 2025 alone, marking the highest quarterly total on record. This trend is consistent across the board. ThreatDown reported a 25% increase in ransomware attacks between mid 2024 and mid 2025, with many new groups entering the field and adopting more aggressive tactics. Even industrial sectors aren't immune. Honeywell’s cybersecurity research found a 46% jump in ransomware attacks targeting industrial operators in a single quarter, highlighting that operational technology (OT) and ICS environments are now squarely in the crosshairs.
Ransomware tactics are also evolving beyond simple file encryption. Increasingly, attackers are turning to double, and even triple-extortion, stealing sensitive data before encrypting it and then threatening to leak or sell the information if a ransom isn’t paid. In Q2 2025, Coveware reported that 74% of ransomware cases involved data exfiltration, with average ransom demands exceeding $1.13 million in some cases. Phishing has become the dominant entry point for these attacks. SpyCloud’s 2025 Identity Threat Report revealed that phishing-based incidents now account for 35% of ransomware infections, up 10 percentage points from the previous year. Attackers are also leveraging AI-enhanced phishing, polymorphic malware, and account takeover techniques to bypass traditional security tools and impersonate internal stakeholders in a very convincing manner.
At the same time, known vulnerabilities in enterprise software remain an open door for attackers. For instance, Oracle’s E-Business Suite recently had a remote code execution flaw exploited by ransomware groups, a reminder that unpatched systems continue to be low-hanging fruit for cybercriminals.
Ransomware in the Headlines
In April 2025, DaVita Inc., one of the largest providers of kidney dialysis services in the United States, experienced a significant ransomware incident that affected approximately 2.7 million individuals. The attackers encrypted certain elements of DaVita’s internal network and gained unauthorised access to a laboratory database containing sensitive personal and medical information. The exposed data included clinical details related to dialysis treatment, laboratory results, and identifiable personal information, raising serious concerns about patient privacy and regulatory compliance. Although essential dialysis services reportedly continued without interruption, the company launched a comprehensive remediation effort. In its second quarter financial results, DaVita reported incurring 13.5 million US dollars in costs related to the cyber incident. Of this amount, 12.5 million dollars was attributed to general and administrative expenses, including forensic investigation, cybersecurity upgrades, legal support, and customer assistance. An additional one million dollars was allocated to patient care, such as providing identity protection services and other support measures for affected individuals.
Asahi Group Holdings experienced a cyberattack in September 2025 that disrupted production at its six Japanese beer plants. The Qilin ransomware group claimed responsibility for the breach, stating they had stolen over 9,300 files, totalling approximately 27 gigabytes of data, including financial documents and employee information. The attack caused significant operational disruptions, resulting in a nationwide shortage of Asahi products. Analysts estimated losses between 1.5 and 2 billion yen per day during the peak of the disruption. Production partially resumed within days, and the company is working to restore full operations. The incident highlights the importance of robust cybersecurity measures to protect critical infrastructure.
In the same month, Kido, a UK-based international nursery chain, suffered a cyberattack that exposed the personal data of approximately 8,000 children. The breach involved highly sensitive information, including children’s photographs, medical records, personal details, and contact information for parents and guardians. The attackers infiltrated Kido’s systems and extracted this data before deploying ransomware to encrypt critical files and disrupt operations. The cybercriminals demanded a ransom of £100,000 in Bitcoin and threatened to release the stolen information publicly if the demands were not met. When Kido refused to pay, some of the data was leaked online. The attack caused significant operational disruption and raised serious concerns about data privacy. The incident also attracted scrutiny from UK data protection authorities and highlighted the risks faced by organisations handling highly sensitive personal information, especially those serving children.
The Escalating Consequences
Ransomware has become one of the most financially damaging and operationally disruptive threats facing organisations today. Despite the rising cost of ransom payments, recovery is far from assured. According to TechRadar, only 32 per cent of organisations that paid a ransom in 2024 successfully recovered their data, a steep drop from 54 per cent the previous year. This highlights a critical reality: paying criminals does not guarantee data restoration and often only serves to fund further attacks. Meanwhile, costs associated with investigation, legal action and reputational management continue to rise, even in cases where ransoms are not paid.
The impact is especially severe in sectors such as healthcare, manufacturing and logistics, where downtime can have life-threatening or widespread economic consequences. Even when critical services remain operational, the costs of remediation, regulatory compliance and stakeholder communication can be substantial. Projections from QBE Europe suggest that ransomware incidents will rise by another 40 per cent by 2026 as attackers become more organised, better funded and increasingly sophisticated. New tactics such as data exfiltration, targeted extortion, AI-powered phishing and social engineering are making traditional perimeter defences increasingly ineffective.
Beyond business disruption, the human cost of ransomware is becoming more apparent. Attacks on organisations that store sensitive personal data, such as nurseries or healthcare providers, have caused significant emotional distress and reputational harm. In many cases, stolen data has been leaked publicly or used to pressure victims directly. These consequences are avoidable. Strong device-level encryption and secure offline backups can prevent attackers from accessing usable data, even if systems are breached. Without such measures, organisations not only risk financial loss but also the trust and safety of the people they serve.
Government Measures and Stronger Defences Against Ransomware
Governments worldwide are increasingly stepping in to help combat the rising threat of ransomware, recognising that stronger legal frameworks are needed to protect critical services and reduce the financial incentives for cybercriminals. In the UK, the government is proposing new legislation to tackle ransomware by banning ransom payments within certain sectors. These proposals, developed by the Home Office in collaboration with the National Cyber Security Centre and other agencies, focus on preventing public sector bodies such as local councils, schools and NHS trusts, along with owners and operators of Critical National Infrastructure, from paying ransoms. For organisations outside this ban, a payment prevention regime would require notifying the government and possibly seeking guidance before making any payments. In addition, mandatory incident reporting would require victims to disclose ransomware attacks within a specified timeframe to improve law enforcement’s and government agencies’ ability to respond and understand the threat landscape.
The primary aim of this legislation is to reduce the financial incentives for cybercriminals by making ransomware payments less viable and deterring attacks on vital public services. It also seeks to improve national cybersecurity resilience through better data collection and threat intelligence sharing. However, while these goals are important, the proposals face several significant shortcomings. A strict ban on ransom payments may not always be practical, especially where backup systems fail or offline data archives are inadequate, potentially leading to prolonged service outages and harm to the public. Enforcement could prove difficult, and there is concern that attackers may escalate their tactics by leaking sensitive data or sabotaging systems if they cannot obtain payments. Furthermore, some organisations might attempt to make payments unofficially, undermining the law’s effectiveness.
Additional challenges arise around the scope and definitions within the legislation, such as which organisations qualify as Critical National Infrastructure and whether private companies providing essential public services would be included. The impact on the cyber insurance industry is also uncertain, as many policies currently cover ransom payments and may require revision, potentially affecting premiums and coverage. With the proposals still under public consultation as of late 2025, feedback remains mixed, reflecting support for stronger regulation but also concern over implementation difficulties, resilience gaps and unintended consequences that could arise without sufficient safeguards.
Secure encryption technology plays a crucial role in reducing the impact of ransomware attacks. By encrypting sensitive data at the device or file level, organisations can ensure that even if attackers gain access to systems, the stolen data remains inaccessible and unusable. This limits the attackers’ leverage, reduces the likelihood of extortion and supports compliance with data protection regulations. It also helps maintain trust with customers and stakeholders by safeguarding information from unauthorised access.
Offline data storage provides another vital line of defence. Maintaining backups that are physically separated from network-connected systems prevents ransomware from encrypting or deleting backup copies during an attack. This enables rapid recovery without relying on ransom payments and ensures business continuity in the event of an incident. Offline archives also serve as a trusted source for restoration in cases of hardware failure or malicious data loss. Together, encryption and offline backups form a powerful and practical defence strategy that complements legal measures and strengthens overall resilience.
The importance of these defences is recognised at the highest levels. In 2021, the White House issued a memo titled “What We Urge You To Do To Protect Against The Threat of Ransomware”, which offered clear guidance to business leaders on protecting against ransomware threats. Signed by the Deputy National Security Advisor for Cyber and Emerging Technology, the memo underscored that ransomware is not just an IT issue but a critical risk to business continuity and national security. It strongly recommended that organisations implement robust data encryption and secure offline backups to limit the damage of attacks and ensure faster recovery. The guidance highlighted that encrypted data holds little value for attackers, and that offline backups provide a reliable pathway to recovery without having to negotiate or pay ransoms.
Although the memo originated in the United States, the strategies it outlines are highly relevant to organisations around the world. They reflect internationally recognised best practice and align closely with the direction of current UK policy. The message is clear and urgent: encryption and offline storage are not optional enhancements but essential safeguards. Organisations that invest in these defences are not only better protected against ransomware but also better equipped to comply with regulation, defend public trust and ensure long-term operational stability.
Stronger Defences Beyond the Law
While legislation is an important step towards addressing the ransomware crisis, it alone will not deter determined cybercriminals. Criminal groups operate across international borders, often in jurisdictions where enforcement is limited or non-existent. They continuously adapt their tactics to bypass legal restrictions and exploit new vulnerabilities. Even with bans on ransom payments, attackers can resort to more aggressive methods such as data leaks, sabotage or targeting smaller organisations less able to resist. This means that relying solely on legal measures leaves organisations vulnerable and underscores the need for robust technical defences.
Secure encryption technology plays a crucial role in reducing the impact of ransomware attacks. By encrypting sensitive data at the device or file level, organisations can ensure that even if attackers gain access to systems, the stolen data remains inaccessible and unusable. This greatly diminishes the attackers’ leverage, reducing the likelihood of extortion or public data exposure. Encryption also supports compliance with data protection regulations and builds trust with customers and stakeholders by safeguarding their information from unauthorised access.
Offline data storage solutions provide another vital layer of protection. Maintaining backups that are physically disconnected from the network prevents ransomware from encrypting or deleting backup copies during an attack. This ensures that organisations can restore their systems and data quickly without succumbing to ransom demands. Offline archives also provide a reliable source for recovery in the event of malware or system failure, enabling business continuity and minimising operational disruption. Together, secure encryption and offline storage form a resilient defence that complements legal efforts, empowering organisations to withstand ransomware threats more effectively.
We have a wide range of products that can suit those on a budget, with some of our hardware encrypted products starting at only £49, to desktop drives holding up to 30 TB to store both your personal and company’s most vital data in an ultra-secure, offline device.
Our datAshur PRO+C flash drive holds the distinction of being the world’s sole flash drive that has received the FIPS 140-3 Level 3 certification! It is a user-friendly USB 3.2 (Gen 1) Type-C flash drive (Type-C to Type-A adapter included) that combines ease of use with top-level security measures. It employs PIN protection and hardware encryption to safeguard your data to military-grade standards. Available in various capacities ranging from 32GB to 512GB, this innovative device ensures your information remains secure.
Our diskAshur3 range boasts the most advanced security features, recently passed the CAVP (Cryptographic Algorithm Validation Program) testing as part of the FIPS 140-3 Level 3 validation scheme that the products are currently being evaluated against. This includes three encryption modes (patent pending), and user-configurable PINs ranging from 8 to 64 digits. The new range incorporates all the essential features of other iStorage products such as ease of use, platform independence and tamper-proof sleek designs.
Our latest products from Kanguru deliver a wide range of flash drives, hard drives, SSDs, NVMe and other ideal data storage products. Whether you are looking for the best military NATO grade, FIPS Certified, TAA Compliant, GDPR hardware encryption products and remote management for your high security organisation, or just a simple data storage solution for the home, Kanguru has many flexible options to choose from. Kanguru also specialises in duplicators for Hard Drives, SSD, NVMe, DVD, Blu-ray and USB duplication for all types of cloning jobs whether extensive, simple one-offs, or with secure erase for meeting GDPR standards.
If you are looking to take control of your data, speak to one of our company representatives now to see what would be best for you.
