In 2024, the FBI’s IC3 (Internet Crime Complaint Center) reported a total loss of $16.6 billion due to cyber-related scams. In the same year, the largest known cyber ransom in history, $75 million, was paid for an extortion attack on a Fortune 50 company.

This growing security concern was the topic of FirstBank’s recent “Decrypting Ransomware: Paying Attention, Not Ransoms” webinar featuring some of FirstBank’s own principal and information security analysts, hosted by Ramiro Jimenez, Treasury Management Senior Vice President.

Here’s what we learned about ransomware attacks and how to protect your business.

What are ransomware attacks?

Ransomware attacks are malware that encrypts a victim’s data or locks their device, making it inaccessible until a ransom is paid. The ransomware actor typically demands payment for the access key to the affected files/data. These fraudsters not only extort businesses for access to data and money but also threaten public shame. Here are two common forms of ransomware attacks to look out for:

  • Phishing emails: Ransomware is typically conducted through phishing emails to businesses or vendors. That’s why it’s important to never click on suspicious links and always forward suspicious emails to your company’s IT department to review.
  • Artificial Intelligence (AI): Beyond impersonation and voice cloning, fraudsters are leveraging AI to identify new entry points into a company’s network. Once inside, attackers can launch ransomware campaigns or other malicious activities, making AI-driven threats not only about deception but also about enabling broader network intrusions.

What’s the future of ransomware attacks?

When asked where they think ransomware is headed in the next two to three years, Josh and Rami believe AI will become more prevalent, even bypassing antivirus software. As deepfake technology becomes more advanced, it will be harder to detect.

So, how can you protect your business?

Ransomware actors may target one company, but the attack affects thousands of organizations, creating a domino effect. To protect your business, you should:

1. Implement defense technology: Introducing various types of technology will help safeguard your security systems.

  • High-fidelity alerts: Consider these alerts like car dashboard warning lights that only come on when something is wrong. Instead of alerting you to 100 login attempts, it only warns you when unique login attempts are threatening (e.g., someone from outside the company trying to download sensitive information).
  • Canaries: This tactic is like leaving a fake wallet on your desk to see if someone will take it. For example, some companies will put a phony document titled “Top Secret” on the server, and if anyone opens it, an alert is immediately sent to security.
  • Tripwires: These work like an invisible string across a doorway that rings a bell if someone walks through. They are often used in convenience stores or boutique stores. By setting digital tripwires on sensitive files or programs, you can spot break-ins in real time.

2. Stay one step ahead: Attackers will try to outsmart your defenses, so it’s crucial to stay up to date on new technology and fraud trends.

3. Create a playbook: Security plans are imperative to helping detect and respond to ransomware attacks. All security playbooks, plans, or insurance policies should be saved offline, away from the company network. Whether it’s a physical copy or saved on a cloud server, this prevents ransomware actors from knowing your next move.

“Even safes are graded on how long it takes for someone to break in,” said Josh Pierce, Principal Security Analyst. “So you should treat your company the same. They’re not impenetrable, but you should do your best to put a plan in place to help detect and prevent attacks.”

4. Explore cyber insurance: While cyber insurance is more of a safety net, rather than a plan, it can help cover financial losses and recovery costs, such as ransom payments, data breach notifications, and legal fees.

5. Analyze least privileges: Your company should always analyze vendor privilege requests. The principal of least privilege gives individuals or companies limited access to your system. For instance, if a vendor only needs to upload files to your system for a project, they should have upload-only access, not the ability to view, edit, or delete other files.

6. Train employees: Ensure employees know your organization’s security principles, especially when onboarding vendors or using SaaS tools like Slack, Google Drive, or Zoom. For instance, it may seem harmless to use ChatGPT to make work more efficient. However, when using these apps/programs, you’re giving that vendor access to the company’s network and/or data, effectively putting your organization’s security infrastructure at risk for direct and indirect ransomware attacks.

“When you handle it [ransomware attacks] right, it becomes yesterday’s news. When you handle it wrong, it’s in the news for a long time,” said Josh Pierce.

The bottom line.

Ransomware attacks aren’t just technology risks; they’re business risks and should be handled by the entire organization. When not addressed correctly or timely, these attacks can extend unnecessary downtime, but more importantly, they can damage your company’s reputation.

Watch the full “Decrypting Ransomware: Paying Attention, Not Ransoms” webinar below.

For more Fraud Prevention tips and Business Success resources, visit efirstbankblog.com.

“This page may contain links to external websites. These links are displayed for your convenience. FirstBank does not manage these sites and assumes no responsibility for the content, links, privacy policy, or security policy.”

Related Posts

Published: August 26, 2025