So far, 2025 is filled with … distractions for security leaders. Between scrambling to secure their organizations’ AI initiatives, staying on top of critical vulnerabilities (and the organizations delivering the CVE process), perpetually communicating and training to guard against human element breaches, and navigating yet another period of uncertainty and volatility, it’s tempting to take a “set and forget” approach to common attack scenarios such as ransomware.

Ransomware Is Not Going Away

Ransomware attack volume often dips when law enforcement activity or geopolitical tensions interfere with gang operations. For example, law enforcement actions in 2023 and 2024 disrupted some of the more notorious ransomware gangs, like LockBit and ALPHV/Blackcat, and their supporting infrastructure. In September 2024, German authorities seized 47 cryptocurrency exchanges used by various ransomware gangs for laundering illicit funds, disrupting a core component of the ransomware financial infrastructure. In February of this year, blockchain analytics firm Chainalysis reported a 35% year-over-year decrease in ransomware payments, with less than half of recorded incidents resulting in victim payments.

And yet, despite these bright spots, the number of ransomware victims appearing on data leak sites in 2024 rose to 5,243, a 15% increase over 2023 according to the Travelers Q4 2024 Cyber Threat Report, with new gangs and innovative tactics springing up faster than authorities and security leaders can thwart them.

According to Forrester’s Security Survey, 2024, 25% of CISOs cite preventing and protecting against ransomware as a top strategic priority for their organization. To do this, security leaders, their teams, and their IR services firms must continue to prioritize ransomware readiness. That’s where our newly published decision tool comes in. As a follow-up to our report The Ransomware Survival Guide, The Forrester Ransomware Readiness And Response Guide, a downloadable Excel-based tool, will help you and your team:

  • Understand the controls in place to prepare for, respond to, and recover from attacks.
  • Identify and close gaps that could worsen the impact of a ransomware attack.
  • Prioritize tactical steps to bolster organizational resilience against ransomware.

Read The Full Report Here: Prioritize Your Ransomware Readiness And Response Efforts

Recommended actions in the decision tool are aligned with the incident response stages included in the NIST SP 800-61 Computer Security Incident Handling Guide and the SANS Incident Handler’s Handbook, as well as Forrester’s Security Tools and Services Mapping, Zero Trust, and Information Security Maturity models. Avoid getting knocked out by ransomware by regularly reviewing and refining the people, processes, tech, and services required for optimal readiness. Forrester clients can:

  • Complete the Forrester Ransomware Readiness And Response Guide to assess your current state.
  • Align ransomware response strategies and priorities with Forrester’s recommended actions across the incident response lifecycle.
  • Schedule an inquiry or guidance session with us to discuss your ransomware preparedness plan.