From corporate insiders to elite professionals — cybersecurity expert reveals the alarming anatomy of ransomware groups and their growing threat
Ransomware attacks nearly doubled in the first half of 2025, revealing an alarming surge in cybercriminal activity and exposing widespread corporate security vulnerabilities. Vakaris Noreika, a cybersecurity expert atNordStellar, a threat exposure management platform, explains that these attacks are carried out by highly organized and structured organizations that often seek out the best talent — and underestimating this threat could cause a business’ downfall.
According to data from NordStellar, ransomware cases surged in the first half of 2025, with a 49% increase compared to the same period in 2024. US companies suffered the most, with small and medium-sized enterprises and those in manufacturing becoming prime targets for ransomware.
High requirements behind devastating attacks
According to Noreika, NordStellar has identified over 200 ransomware groups and currently, over 60 of them are active. In addition to the usual updates about successful attacks, they sometimes also publish recruitment announcements, and their high-level requirements should ring alarm bells.
“These groups are mostly looking for top talent in cybersecurity — their requirements tend to consist of wanting an individual with an experienced background in specific fields and a proven track record,” says Noreika. “According to them, cybercriminals must undergo meticulous screening before they can join the group, minimizing the risk of their being compromised, while some ransomware groups don’t accept outsiders in general, and members can only be invited by already established individuals.”
Screenshot from a ransomware group posting.
Scaling operations and maximizing profits
He explains that individuals unfamiliar with the inner workings of ransomware groups are often under the false impression that these hackers are just lone wolves or kids with some hacking skills following a get-rich-quick scheme. However, the opposite is true — the efficiency of ransomware attacks lies in the operation’s high organizational aspect.
“Ransomware groups are organized crime, and it’s extremely dangerous to underestimate how equipped they are to carry out their attacks. They function like a corporation, with different individuals assigned to specific tasks so that the operation runs smoothly,” says Noreika. “They also train their members, sharing knowledge and ensuring their expertise meets their requirements. Some even have insiders in the company they’re targeting, granting them easy access to sensitive resources.”
Screenshot from a ransomware group posting.
According to Noreika, besides new member recruitment, these groups also offer ransomware-as-a-service (RaaS). This model lowers the entry barrier to cybercrime, allowing even amateur hackers to partake.
“With RaaS, ransomware can scale even more exponentially, allowing more individuals to carry out ransomware attacks and maximizing the ransomware group’s profits. Some ransomware groups even use RaaS themselves as a means to scale their operations without the need for additional human resources,” says Noreika.
Primary targets — critical infrastructure
According to Noreika, ransomware groups have a strategic and calculated approach to selecting their targets. As a result, critical infrastructure organizations often become the prime targets.
“Companies in the healthcare sector cannot afford any downtime, and losing access to patient medical records can sometimes literally be a matter of life or death. As a result, they could be more inclined to give in to ransomware demands to restore their operations,” says Noreika. “On the other hand, manufacturing businesses operate on tight schedules, and setbacks could result in severe financial losses. Consequently, they could also be more predisposed to do whatever it takes to resume operations quickly.”
However, he emphasizes that any business could fall victim to ransomware. According to Noreika, relying on passwords as the only means for user authentication, using outdated systems and applications, and prior credential leaks on the dark web are some of the main cybersecurity gaps that make enterprises more vulnerable.
“Ransomware groups operate with meticulous organization and expertise, making any security gap a dangerous liability. Effective protection demands continuous monitoring of the company’s attack surface and prompt identification and patching of vulnerabilities. Anything less leaves your organization unnecessarily exposed,” says Noreika.
He emphasizes that promoting a cyber-aware culture also significantly reduces the risk of experiencing a successful ransomware attack. Employees who have received cybersecurity training are less likely to hand over their credentials to hackers, minimizing the possibility of them gaining access to the network due to user error.
ABOUT NORDSTELLAR
NordStellar is a next-generation threat exposure management platform that enables companies to detect and respond to cyber threats before they escalate. NordStellar offers visibility into how threat actors work and what they do with compromised data. NordStellar was created by Nord Security, a globally recognized company behind one of the world’s most popular digital privacy tools, NordVPN. For more information, visit nordstellar.com.
NordStellar has achieved SOC 2 Type II compliance, completing security certification across all Nord Security Business Suite products
The next-generation threat management platform NordStellar has announced that it achieved System and Organization Controls (SOC) 2 Type II compliance. It’s the third and final product of theNord Security Business Suite to have successfully concluded this audit.
NordStellar enables businesses to detect and respond to cyber threats before they escalate, empowering them to stay ahead of threat actors. It was launched in 2024 and is the newest addition to the Nord Security Business Suite, alongside NordLayer, the toggle-ready platform for business, andNordPass, a password manager. Both are SOC 2 Type II compliant.
SOC 2 is a security framework developed by the American Institute of Certified Public Accountants (AICPA) to ensure service providers securely manage customer data. SOC 2 compliance is achieved by undergoing independent audits assessing data management based on five criteria: security, availability, processing integrity, confidentiality, and privacy.
All three Nord Security Business Suite products passed the SOC 2 Type II audit with no exceptions.
The number of ransomware attacks in 2025 has almost doubled compared to last year, with US organizations and SMBs as the primary targets
The latest data compiled byNordStellar, a threat exposure management platform, reveals that the number of ransomware incidents has almost doubled compared to last year. In January-June of 2025, 4,198 ransomware cases were exposed on the dark web, highli
“We’re only halfway into the year, but the number of ransomware attacks has already doubled, signifying that these attacks remain effective and profitable enough for cybercriminals to ramp up their efforts,” says Vakaris Noreika, a cybersecurity expert at NordStellar. “Some factors that could contribute to the growth in ransomware attacks include the rise in ransomware-as-a-service (RaaS), expanded attack surfaces from remote or hybrid work models, and economic uncertainty that could encourage more people to seek illegal income and turn to cybercrime.”
Main targets in 2025 Q2
In April-June 2025, 1,758 ransomware cases were exposed on the dark web, a 19% increase compared to the same period in 2024 (1,483 cases). Of the 1,205 ransomware incidents traced to specific victim countries, US businesses took the most brutal hit, accounting for 49% of cases (596 incidents). Germany holds the second spot with 84 cases, followed by Canada (74), the United Kingdom (40), and Spain (37).
“Not only is the US home to many profitable businesses, but the companies also have a higher profile. As a result, they’re more likely to give into ransomware demands to reduce the impact of the reputational damage resulting from an attack”, says Noreika. “Strict regulations are also a significant factor to consider — laws on data protection and operational uptime can urge companies to resolve ransomware incidents quickly and not risk the fines or loss of their clients and partners’ trust.”
Ransomware data from April to June 2025 revealed that the manufacturing industry was most affected, with 229 recorded cases. The construction industry came in second with 97 cases, followed closely by information technology (88 incidents).
The data also revealed that small and medium-sized businesses (SMBs) were the prime target for ransomware in 2025 Q2. Organizations with 51–200 employees and revenues between $5 million and $25 million faced the most ransomware attacks.
“The victim profile mirrors the data from 2025 Q1 – SMBs and companies in the manufacturing industry remain the prime targets. This is a significant cause for concern because bad actors continue successfully exploiting preventable security vulnerabilities,” says Noreika.
He explains that companies in the manufacturing industry face challenges enforcing and centralizing security across all geographically dispersed locations and often rely on outdated and unpatched systems. SMBs, like manufacturing companies, often rely on third-party IT providers and lack comprehensive cybersecurity measures due to limited budgets, exposing them to greater risk.
Who’s responsible?
The ransomware group Qilin was responsible for the most attacks in 2025 Q2, with 214 incidents. Safepay holds the second spot with 201 incidents, followed closely by Akira (200 incidents).
According to Noreika, Safepay is the newest of the three, with NordStellar first detecting their activity in Fall 2024. Their attacks significantly increased in Q2 and spiked in May, with 158 incidents alone.
Building a ransomware-resistant business
Noreika explains that employees are the first line of defense against ransomware. Cybersecurity training on phishing scams, the importance of multi-factor authentication, and password management are essential to minimize the risk of bad actors gaining access to sensitive data or infiltrating the network.
“Aside from raising cybersecurity awareness, companies should also build a comprehensive cybersecurity strategy to detect threats before they escalate. This includes implementing endpoint protection, monitoring the dark web for potential data leaks, and keeping a close eye on the company’s attack surface for unpatched security vulnerabilities,” says Noreika.
To minimize the impact of a potential ransomware incident, Noreika recommends that businesses stay two steps ahead, implement recovery plans, and always back up critical data.
Disclaimer: While the total number of 1,758 ransomware attacks in Q2 2025 is accurate, the figures presented for each category (industry, company size, and country) may be slightly higher. This is because a number of incidents were missing data needed for categorization and thus were omitted.
ABOUT NORDSTELLAR
NordStellar is a next-generation threat exposure management platform that enables companies to detect and respond to cyber threats before they escalate. NordStellar offers visibility into how threat actors work and what they do with compromised data. NordStellar was created by Nord Security, a globally recognized company behind one of the world’s most popular digital privacy tools, NordVPN. For more information, visit nordstellar.com.
Business email compromise is the second most expensive cybercrime — expert explains how hackers impersonate bosses and what companies can do to protect themselves
Cybercriminals are constantly searching for more effective attack methods. While cyber-aware employees can spot the red flags in basic, award-promising email scams, most won’t think twice about clicking on a link sent by their boss. Vakaris Noreika, a cybersecurity expert at NordStellar, a threat management platform, explains how hackers exploit employee trust in their colleagues to infiltrate business networks and inflict multi-million dollar damage.
Business email compromise is a sophisticated social engineering attack meant to deceive victims by impersonating trusted individuals — their colleagues. Unlike traditional phishing scams, these attacks are highly targeted and personalized, relying on broader research about the company, its employees, and even conversations within the organization.
According to the FBI Internet Crime Report, business email compromise was the second most expensive cybercrime by experienced loss, amounting to over $2.7 billion. It’s held this title for three consecutive years, and the reported losses haven’t gone under the $2.7 billion mark.
Noreika explains that business email compromise attacks are financially devastating because they provide a direct entry point to infiltrate a company’s network by targeting employees.
“From a technical standpoint, business email compromise is a very effective attack because it doesn’t require the use of malware, which makes them easier to deploy and they can go undetected by standard cybersecurity tools,” says Noreika. “They’re a more sophisticated version of common phishing scams. However, the reason for their efficiency lies in the target — a single compromised account is enough for cybercriminals to access internal networks or gather more information and prepare to strike when the opportunity arises.”
How do they work?
According to Noreika, cybercriminals typically carry out business email compromise attacks using data available online: they research the company, its departments, and its employees using platforms like LinkedIn. Afterward, they create look-alike domains to impersonate authority figures in the company, such as managers, and craft convincing emails asking for credentials, sensitive data, or wire transfers.
“Attacks that utilize data available online are more standard, resembling basic social engineering scams. However, since they’re targeting companies — not individuals — they usually carry the potential of more significant monetary gain for cybercriminals. Even without gaining access to the network, hackers can trick employees into transferring company funds to their controlled accounts, get their hands on confidential data that they can sell to competitors or publish on the dark web, or gather sensitive personal information on employees or clients, resulting in a data leak”, says Noreika.
He explains that in more advanced cases, cybercriminals utilize the dark web to search for previously leaked employee credentials and use them to access business accounts. Once they have access, they monitor daily conversations, gather more context, and wait for the right time to strike — once the stakes are high or the target is more likely to fall for their scam.
“If they manage to infiltrate an account to collect intelligence, hackers could be waiting for the perfect opportunity to request a wire transfer by impersonating a vendor or re-direct employee salary payments. However, business email compromises are often a gateway to deploy more damaging attacks,” explains Noreika. “Once inside the network, cybercriminals can facilitate a ransomware attack, spread malware to employees, clients, and partners, and deploy supply chain attacks.”
Prevention and defense
Noreika emphasizes that the first step companies should take to safeguard against business email compromise attacks is to build a comprehensive security strategy and raise employee cybersecurity awareness.
“Even the most cyber-aware user can fall victim to business email compromise attacks because they exploit the added layer of trust that comes with impersonating a person of authority in the organization. As a result, businesses should educate their employees on this specific type of attack — what constitutes suspicious activity and how to adopt a better-safe-than-sorry approach,” says Noreika. “Reinforcing policy and procedures requiring written documentation and dual approvals where sensitive data or wire transfers are involved also help to reduce the possibility of employees falling victim to scams.”
Noreika advises companies to monitor the dark web for potential employee data leaks to prevent cybercriminals from infiltrating the network using leaked or stolen credentials. He explains that adopting a proactive approach enables companies to receive an early warning and deploy swifter mitigation measures.
“The quicker security teams can spot a cybersecurity incident, the less damage it can cause. Once the organization is aware of any leaked credentials associated with its employees, it can take appropriate actions, such as preparing for a potential data breach and informing the affected users to stay on high alert,” says Noreika.
If employee credentials have been compromised and published on the dark web, Noreika advises companies to monitor the affected users for suspicious activity, such as unusual log-in attempts. Enforcing multi-factor authentication and resetting the passwords of compromised users can also prevent hackers from infiltrating the network.
ABOUT NORDSTELLAR
NordStellar is a next-generation threat exposure management platform that enables companies to detect and respond to cyber threats before they escalate. NordStellar offers visibility into how threat actors work and what they do with compromised data. NordStellar was created by Nord Security, a globally recognized company behind one of the world’s most popular digital privacy tools, NordVPN. For more information, visit nordstellar.com.
Insights from the dark web reveal that the price cybercriminals need to pay to cause a devastating company data breach could be as low as $100
A cyberattack can cost companies millions as well as customers’ trust, which may have taken years to build. However, according to Vakaris Noreika, a cybersecurity expert at NordStellar, bad actors can buy leaked data that can cause a devastating, million-dollar security breach for as low as $100.
In 2024, the average data breach cost was $4.88M, an increase of 10% since 2023. As the financial ramifications of confidential information leaks have reached record highs since the height of the pandemic, Noreika says that businesses should be especially vigilant about the looming infostealer threat.
Infostealers are malware designed to infiltrate systems and devices and steal personal data. They can collect various information, including credentials, cookies, credit card details, and even miscellaneous files on a compromised device, like photos or documents.
“Infostealers have been a significant cybersecurity concern for years due to the impact of their attacks. They’re quick, easy to spread, and highly efficient, and anyone can become a target,” says Noreika. “Usually, their attacks are random, but in some instances, cybercriminals can also use infostealers for targeted strikes.”
The low cost of infostealers for cybercriminals
Noreika explains that infostealers are spread through phishing emails, malicious advertisements, and other scams that involve a victim accidentally downloading malware. Once the infostealer has access, it collects all available data and compiles it into a stealer log, which houses emails, passwords, credit card details, and other valuable information. These stealer logs are sold on the dark and deep web as well as Telegram channels.
“Dark web users can purchase stealer logs by subscribing to a private channel. The average price for a weekly subscription is around $81, and the monthly subscription is about $200,” explains Noreika. “Typically, cybercriminals can buy 16 gigabytes of personal information for just $1.”
How hackers use infostealers to target companies
According to Noreika, the stealer logs contain the personal information of all individuals compromised by infostealer attacks, indicating that the victims are a broad mix of users rather than specific individuals. Bad actors buy these stealer logs to commit identity theft, empty bank accounts, or use the obtained personal information to carry out more personalized scams against the victims for financial gain. However, finding credentials linked to a business is the ultimate hacker jackpot.
“If an employee’s credentials happen to end up in a stealer log, hackers can easily identify the company by checking the email domain and use those credentials to infiltrate an enterprise’s network,” says Noreika. “Once the cybercriminals are inside the network, they can steal more valuable data, like personal client information, company secrets, and other confidential documents, or shut down their operations and ask for hefty payouts to get them running again.”
Alternatively, hackers can purchase infostealers as a service. Instead of buying confidential information that was previously stolen by other infostealers, cybercriminals purchase notorious malware like RedLine or LummaC2 to use at their own disposal.
“The subscription fees for infostealers as a service vary — they can be as low as a couple of hundred dollars or cost over $1,000. The end price depends on the functionality, efficiency, and complexity of the infostealer,” says Noreika. “By purchasing infostealers as a service, cybercriminals gain full control over how and where the malware is deployed, enabling them to conduct highly targeted attacks. This poses a serious risk to businesses, which are much more attractive targets than individuals as successful attacks can lead to significantly higher financial gains.”
To safeguard against infostealers, Noreika suggests businesses focus on their first line of defense — their employees — and build a comprehensive cybersecurity strategy that can prevail if they make a mistake.
“It’s necessary to ensure that employees are aware of how infostealers are distributed and refrain from interacting with suspicious emails, visiting malicious websites, or downloading unauthorized files that can contain malware,” says Noreika. “However, some user error is inevitable. If an employee slips up, a strong cybersecurity foundation, consisting of an antivirus solution, multi-factor authentication, strict network segmentation policies, and active dark web monitoring for company or employee data leaks, will ensure the business stays protected.”
ABOUT NORDSTELLAR
NordStellar is a next-generation threat exposure management platform that enables companies to detect and respond to cyber threats before they escalate. NordStellar offers visibility into how threat actors work and what they do with compromised data. NordStellar was created by Nord Security, a globally recognized company behind one of the world’s most popular digital privacy tools, NordVPN. For more information, visit nordstellar.com.
Enterprises are dragging their feet with migrating to Windows 11, leaving millions of devices exposed to more effective infostealer attacks
Windows 10 will reach end of life on October 14, 2025, creating a critical security inflection point for businesses delaying migration to Windows 11. Findings from NordStellar, a threat exposure management platform, reveal that 59% of systems affected by infostealers in December 2024 still run Windows 10 — putting a large pool of machines at greater risk of effective attacks as the operating system eventually ceases to receive technical support.
“The number of systems affected by infostealers closely mirror the overall operational system market share — Windows 10 has been heavily targeted for years due to its popularity. However, it will have an even bigger target on its back in the wake of its end of life, which will eventually create new vulnerabilities,” says Vakaris Noreika, a cybersecurity expert at NordStellar. “Once an operational system reaches this deadline, it no longer receives any security updates, vulnerability patches, or support from the software creator. These vulnerabilities are widely known and often exploited — infostealers can be coded to target these weaknesses more efficiently, resulting in more effective attacks against outdated systems.”
Businesses aren’t migrating fast enough
Market share data and NordStellar findings on systems affected by infostealers reveal that the Windows 11 adoption rate has been increasing since November 2024. Noreika points out that despite the growing numbers, the adoption rate is still too low at this point, meaning many enterprises are still at risk.
“Migrating to a new operational system takes time — based on the current adoption rate, we estimate that approximately 30-40% of systems may still be running Windows 10 when it reaches end of life in October, creating a substantial attack surface for cybercriminals,” says Noreika. “We saw a similar pattern of delayed migration with Windows 7. Six months until the operational system’s end of life, it held a 23% market share. When the deadline finally arrived in July 2020, its market share dropped by just 3%, lowering its dominance to 20%.”
Noreika says that almost five years later, Windows 7 holds a 2% market share and is still being targeted by infostealers, which successfully exploit the operational system’s vulnerabilities to compromise user devices and steal data.
The hefty hidden price of delayed migration
According to Noreika, infostealers are just the tip of the iceberg regarding threats emerging from outdated operational systems vulnerabilities. Malware and new data exfiltration and exploitation techniques are some of the concerns enterprises should bear in mind if they’re still dragging their feet to migrate to Windows 11.
“Considering just how many enterprises might still be running Windows 10 after its end of life, there’s a high possibility that we’ll see a growth in various cybersecurity incidents if businesses continue to delay migration. Outdated operational system vulnerabilities will act as a helping hand in increasing the effectiveness of cyberattacks that can result in data leaks. Taking into account the financial and reputational losses that come with a data breach, delaying migration can be a decision that eventually costs the company millions of dollars and their client’s trust, which will take years to regain,” Noreika says.
Aside from accelerating migration efforts, Noreika highlights investing into cybersecurity awareness training for employees, building a comprehensive cybersecurity strategy, and keeping a close eye on the company’s attack surface and the dark web for potential data leaks as the key components in safeguarding the enterprise from cyberattacks.
ABOUT NORDSTELLAR
NordStellar is a next-generation threat exposure management platform that enables companies to detect and respond to cyber threats before they escalate. NordStellar offers visibility into how threat actors work and what they do with compromised data. NordStellar was created by Nord Security, a globally recognized company behind one of the world’s most popular digital privacy tools, NordVPN. For more information, visit nordstellar.com.
A vulnerable attack surface exposes a company to cyberattacks. However, constantly monitoring and assessing its condition requires a great deal of time and human resources. To help security teams be more efficient,NordStellar, a next-generation threat exposure management platform, has introduced attack surface management (ASM) — a feature designed to automatically discover security gaps by constantly monitoring and evaluating all of the organization’s internet-exposed assets.
The ASM consists of two modules: automatic asset discovery and external vulnerability management. Automatic asset discovery maps infrastructure by running various domain enumeration processes that allow it to automatically identify and catalog all internet-exposed assets associated with the organization, such as web servers, applications, and other network-connected devices. External vulnerability management monitors and scans the discovered assets for known vulnerabilities, providing vulnerability intelligence for more efficient recovery efforts.
“ASM helps to reduce companies’ attack surface by identifying and mitigating vulnerabilities, minimizing the potential for successful attacks. It also offers enhanced visibility into shadow IT so the security team can discover and manage unauthorized IT resources that pose security risks,” says Noreika. “The feature increases operational efficiency because attack surface management tasks are automated, and the risks are prioritized in order to focus remediation efforts on the most critical cases.”
How it works:
Implements automatic asset discovery using various techniques, including DNS enumeration, web crawling, and other OSINT techniques to identify all internet-exposed assets associated with the organization.
Conducts vulnerability assessments by scanning the discovered assets for known vulnerabilities using passive service fingerprinting.
Prioritizes identified vulnerabilities by evaluating them according to their severity, exploitability, and potential impact.
Provides real-time alerts about new vulnerabilities and changes to the attack surface to the organization’s security team and comprehensive reports for a detailed overview of the company’s attack surface and associated risks.
ASM is now available to all NordStellar users. More information here.
Guest Post – Alarmingly organized criminal enterprises: Who’s behind devastating ransomware attacks?
Posted in Commentary with tags NordStellar on August 12, 2025 by itnerdFrom corporate insiders to elite professionals — cybersecurity expert reveals the alarming anatomy of ransomware groups and their growing threat
Ransomware attacks nearly doubled in the first half of 2025, revealing an alarming surge in cybercriminal activity and exposing widespread corporate security vulnerabilities. Vakaris Noreika, a cybersecurity expert at NordStellar, a threat exposure management platform, explains that these attacks are carried out by highly organized and structured organizations that often seek out the best talent — and underestimating this threat could cause a business’ downfall.
According to data from NordStellar, ransomware cases surged in the first half of 2025, with a 49% increase compared to the same period in 2024. US companies suffered the most, with small and medium-sized enterprises and those in manufacturing becoming prime targets for ransomware.
High requirements behind devastating attacks
According to Noreika, NordStellar has identified over 200 ransomware groups and currently, over 60 of them are active. In addition to the usual updates about successful attacks, they sometimes also publish recruitment announcements, and their high-level requirements should ring alarm bells.
“These groups are mostly looking for top talent in cybersecurity — their requirements tend to consist of wanting an individual with an experienced background in specific fields and a proven track record,” says Noreika. “According to them, cybercriminals must undergo meticulous screening before they can join the group, minimizing the risk of their being compromised, while some ransomware groups don’t accept outsiders in general, and members can only be invited by already established individuals.”
Screenshot from a ransomware group posting.
Scaling operations and maximizing profits
He explains that individuals unfamiliar with the inner workings of ransomware groups are often under the false impression that these hackers are just lone wolves or kids with some hacking skills following a get-rich-quick scheme. However, the opposite is true — the efficiency of ransomware attacks lies in the operation’s high organizational aspect.
“Ransomware groups are organized crime, and it’s extremely dangerous to underestimate how equipped they are to carry out their attacks. They function like a corporation, with different individuals assigned to specific tasks so that the operation runs smoothly,” says Noreika. “They also train their members, sharing knowledge and ensuring their expertise meets their requirements. Some even have insiders in the company they’re targeting, granting them easy access to sensitive resources.”
Screenshot from a ransomware group posting.
According to Noreika, besides new member recruitment, these groups also offer ransomware-as-a-service (RaaS). This model lowers the entry barrier to cybercrime, allowing even amateur hackers to partake.
“With RaaS, ransomware can scale even more exponentially, allowing more individuals to carry out ransomware attacks and maximizing the ransomware group’s profits. Some ransomware groups even use RaaS themselves as a means to scale their operations without the need for additional human resources,” says Noreika.
Primary targets — critical infrastructure
According to Noreika, ransomware groups have a strategic and calculated approach to selecting their targets. As a result, critical infrastructure organizations often become the prime targets.
“Companies in the healthcare sector cannot afford any downtime, and losing access to patient medical records can sometimes literally be a matter of life or death. As a result, they could be more inclined to give in to ransomware demands to restore their operations,” says Noreika. “On the other hand, manufacturing businesses operate on tight schedules, and setbacks could result in severe financial losses. Consequently, they could also be more predisposed to do whatever it takes to resume operations quickly.”
However, he emphasizes that any business could fall victim to ransomware. According to Noreika, relying on passwords as the only means for user authentication, using outdated systems and applications, and prior credential leaks on the dark web are some of the main cybersecurity gaps that make enterprises more vulnerable.
“Ransomware groups operate with meticulous organization and expertise, making any security gap a dangerous liability. Effective protection demands continuous monitoring of the company’s attack surface and prompt identification and patching of vulnerabilities. Anything less leaves your organization unnecessarily exposed,” says Noreika.
He emphasizes that promoting a cyber-aware culture also significantly reduces the risk of experiencing a successful ransomware attack. Employees who have received cybersecurity training are less likely to hand over their credentials to hackers, minimizing the possibility of them gaining access to the network due to user error.
ABOUT NORDSTELLAR
NordStellar is a next-generation threat exposure management platform that enables companies to detect and respond to cyber threats before they escalate. NordStellar offers visibility into how threat actors work and what they do with compromised data. NordStellar was created by Nord Security, a globally recognized company behind one of the world’s most popular digital privacy tools, NordVPN. For more information, visit nordstellar.com.
Leave a comment »