Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of MSP Channel Insights is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The MSP Channel Insights Video magazine contains the latest Zoom interviews with experts in the industry.
A major shift is happening in the world of cybercrime, reshaping how organisations must think about digital threats. Cybercriminals continue to exploit organisations for financial gain using phishing, social engineering, malware attacks, and data theft to deploy ransomware. The UK’s National Crime Agency predicts that 2025 could be the worse year on record for ransomware attacks in the country, with the vector now viewed as a critical national security threat.
This presents a triple threat for organisations: exposure of confidential data, reputational damage, and escalating regulatory fines. However, ransomware has now evolved to the point that attackers no longer need to encrypt files to inflict crippling damage. As a result, organisations need to ensure that their internal IT and cyber security teams are aware of the consequences of encryption-less extortion.
Extortion Without Encryption
Instead of locking files, this allows attackers to prioritise data theft and the threat of public exposure. They are now focusing solely on exfiltrating sensitive information and using it as leverage to leak or sell data. This method is faster, stealthier, and exponentially more destructive, challenging not just IT departments but boardrooms and communications teams alike.
And it’s becoming increasingly popular. According to a recent Honeywell report, there was a 46% increase in ransomware extortion between October 2024 and March 2025.
A key element of double and triple extortion schemes involves attackers not only demanding a ransom for stolen data but also applying additional pressure through Distributed Denial-of-Service (DDoS) attacks, or by contacting the victim's customers and partners.
Instead of solely encrypting data and threatening leaks, attackers now aim to compromise broader networks, making the tactic faster and harder to detect, since data exfiltration is less likely to trigger security alerts than large-scale encryption. However, despite the pressure to pay the ransom, doing so may only encourage threat actors to attempt future attacks, and the return of stolen data is never guaranteed.
The New Cyber Arms Race
Threat actors are now weaponising AI to generate highly convincing phishing emails, map digital infrastructures, and pinpoint vulnerabilities with unprecedented speed and accuracy. AI allows ransomware to move faster and hit harder, stretching already pressured security teams to their limits. As these technologies become more accessible, the window to defend against them is narrowing.
What Every Organisation Must Do
To mitigate the risks associated with ransomware and other cyber threats, organisations must adopt a multilayered approach to resilience. A foundation of this strategy is the regular backing up of critical data and systems. These backups should be securely stored offline and encrypted to avoid risk of compromise.
By undertaking routine testing of both backup and restoration procedures, organisations can ensure they function reliably in real-world incident scenarios. By embedding these practices into an overarching cyber resilience framework, organisations can dramatically improve their ability to recover swiftly and securely from attacks.
Furthermore, organisations should create, maintain, and frequently exercise a cyber incident response plan that includes clearly defined procedures for responding to ransomware attacks. Regular testing of this plan helps to identify and address any potential gaps.
Identity and Access Management
The deployment of strong Identity and Access Management (IAM) solutions is fundamental to defending against ransomware attacks. This includes implementing multi-factor authentication (MFA) across all services, particularly for remote access points such as VPNs and webmail, as part of a multi-layered approach.
User and administrator privileges should be tightly controlled, granting access only to the resources necessary for each role. Adopting a Zero Trust architecture further reinforces this strategy by mandating continuous verification of every user and device, regardless of their location or level of access. This ensures that trust is never assumed, and security remains uncompromised.
Simultaneously, centralising all operating systems, software, and firmware up to date is essential to patch known vulnerabilities that cybercriminals often exploit. Network segmentation should also be prioritised to isolate critical systems.
By dividing the network into secure zones, organisations can limit the lateral movement of ransomware, reducing the risk of it spreading from an infected device to high-value infrastructure.
Employees On The Frontline
The human factor is crucial in any cyber security strategy. Employees serve as both the frontline defenders and the final safeguard against threats.
Organisations should therefore be prioritising training that helps employees to identify phishing attempts, social engineering tactics and unusual activities within the system. It has become a strategic necessity, far beyond simply ticking a compliance box, rather than an investment in organisational resilience and brand reputation.
Building Proactive Ransomware Defences
To stay ahead of ransomware threats, organisations need faster detection and response tools. Deploying Endpoint Detection and Response (EDR) tools is essential; these advanced systems catch suspicious behaviour that traditional antivirus often misses. By using real-time behavioural analysis, EDR helps teams spot and act on unusual activity before it spreads.
Once a threat is identified, speed is everything, therefore, organisations should isolate infected devices immediately and bring in internal or external incident response experts to contain and recover. Also, they should report the attack to the authorities, providing valuable intelligence that will help to disrupt the broader ransomware ecosystem.
As cyber threats grow in sophistication and scale, resilience must evolve beyond traditional system recovery. True cyber resilience encompasses more than technical defences; it demands proactive reputation management, clear and transparent communication, and well-coordinated response strategies.
By embedding resilience into the core of their cybersecurity frameworks, organisations can not only reduce the impact of cyber incidents but also preserve stakeholder trust and ensure business continuity. With foresight and preparation, leaders can outpace adversaries, positioning their organisations to respond swiftly, confidently, and effectively when it matters most.
