Ransomware Resilience: You can’t afford _not_ to exercise!

January 17, 2024

At Gate 15, we have the privilege to plan and conduct a lot of exercises every year, and for the last several years, the preponderance of those have been focused on ransomware resilience. And for every exercise we get to do, we have a number of conversations with organizations – medium and large businesses and non-profits, Fortune 100 and 500 companies, and across the information sharing community – that say they want to do an exercise, but then decide it’s not in their budget. Some think they can’t afford to exercise. The reality is, no organization can afford not to exercise! 

Whether you bring in experts like Gate 15, or if you decide to plan and conduct exercises on your own, that every organization needs to prepare for ransomware is certain. According to Sophos, 66% of organizations were hit by ransomware last year

  • According to eCrime data, “in every month of 2023, incidents involving ransomware and data leaks have reached unprecedented levels compared to any previous year. Threat actors have been actively targeting thousands of organizations, schools, non-profits, and healthcare providers worldwide.”
  • Noting that there were 2,168 ransomware events in the USA last year, eCrime adds, “Cybercriminals frequently target the United States, the world’s largest economy, for ransomware attacks, taking advantage of its vast digital infrastructure and seizing opportunities to exploit valuable data and financial resources.”
  • Over 35 new ransomware groups have emerged since the end of 2022. There are now over 135 different threat groups using ransomware and extortion tactics against businesses of all sizes, across all sectors of critical infrastructure, non-profit and faith-based organizations.
  • According to “The State of Ransomware 2023” (and see Infographic) from Sophos: 
    • 76% of attacks resulted in data being encrypted.
    • $1.54M average ransom in 2023 (almost double the 2022 amount).

Last year, several organizations we work with were hit with ransomware. Their investment – taking the time to properly prepare for a ransomware attack – significantly helped their ability to effectively respond and recover from attacks. In some cases, exercises involved security teams, in others, we sat with leaders including CEOs and CFOs, and in others we involved non-security departments that may have to consider continuity of critical business functions during an ongoing ransomware attack. 

In other cases, we spoke with organizations that knew they needed to update plans and procedures and needed to exercise them, but that decided it wasn’t in the budget. Sadly, we saw one of those organizations have to deal with a ransomware attack in mid-December when the Hunters International ransomware group listed the prominent critical infrastructure entity on their leak site. With 66% of organizations hit with ransomware in 2023, and with new groups emerging every month, the odds of having to deal with a ransomware attack are increasing. If you know a car crash is coming, you’d make sure to buckle up. If you know a ransomware attack is coming, you want to properly protect yourself for that impact too.

To be strong and to be fast, we need to exercise and condition ourselves. To be an effective team, we need to practice and train together. To be resilient, we have to be able to take a hit, absorb it, and continue the fight. Preparing for ransomware is no different. It takes time, it takes effort, it takes exercising, drilling, and developing the muscles and teamwork needed for effective response and recovery.

Our team would love to help you design, develop, and conduct your exercises. But if you can’t bring in our experts, do it yourself. One way or another, organizations need to invest in themselves and take the necessary steps to build their ransomware resilience. Don’t wait. Take action today to prepare for tomorrow.


Gate 15 can help your team understand the threat of ransomware, work with you to develop your incident response plan and ransomware procedures, and can support your exercise needs – from workshops and tabletops to drills and more complex operational exercises. Additional services support all-hazards resilience, from cybersecurity challenges to active shooter, hurricanes to health threats. Please reach out for more information. 

Subscribe to eCrime! Gate 15 utilizes eCrime data on a daily basis to inform reports, analysis and preparedness. About eCrime: “We create action-able, near-real time threat and intelligence products, which allow you to protect your company assets and customer data in a fast, reliable way. Our services monitors over 90 actor-maintained ransomware and data leak sites. Intelligence analysts enrich actor data with geo- and sector-specific data points, attributing a cyber event to an entity anywhere in the world. Integrate our data feeds into your existing cyber-solutions and respond to cyber-attacks against your customers, peers or third-parties and protect your information.”


Understand the threats! Subscribe to the daily Gate 15 SUN and subscribe to our podcasts!

Take action! Our team specializes in intelligence and analysispreparedness activities to include the development of plans, training, and exercises, and we can help you build the relationships and capabilities you need for effective information sharing operations to support your ability to preventprotect against, mitigaterespond to, and recover from the threats and hazards that pose the greatest risk to your organization in our complex, all-hazards environment.

Related Posts