Downtime from an ICS/OT ransomware attack can average $4.73 million, yet many organizations lack adequate incident response plans. SANS offers resources, including a white paper and training, to help organizations develop effective ransomware response strategies tailored to critical infrastructure, emphasizing life safety and operational continuity. Expert-led webcasts and courses further equip teams with the skills needed to protect industrial operations from cybersecurity threats.

Muddled Libra, a cybercrime group, has adapted its tactics in 2025, focusing on social engineering techniques such as vishing to gain access to organizations. Their operations have intensified, especially in sectors like government and retail, leveraging ransomware-as-a-service partnerships for extortion. Effective countermeasures include implementing conditional access policies and user awareness training to mitigate their impact.

A ransomware attack by Ignoble Scorpius utilized compromised VPN credentials to infiltrate a manufacturing company, leading to significant data exfiltration and the deployment of BlackSuit ransomware across their infrastructure. Unit 42 intervened, expanding the client's security measures and successfully negating a $20 million ransom demand while providing strategic recommendations for future protection against similar threats.

The article critiques common myths surrounding ransomware incidents, emphasizing that paying ransoms is often a frequent and misguided response that can lead to prolonged operational issues and further victimization by cybercriminals. It advocates for organizations to adopt robust containment measures and transparency regarding cyber incidents to effectively combat the growing ransomware threat.