Ransomware Threat

William Ekiss | October 15th, 2021


SpearTip consistently looks for experts in the St Louis region to add to our list of technical capabilities. This month, SpearTip’s very own William (Billy) Ekiss wanted to bring to light the many changes happening with the ransomware threat. Billy Ekiss puts his years of cybersecurity knowledge to use at SpearTip as he oversees the Incident Response Practice. Billy has a strong desire to continue training and educating himself, adding to his Master of Science degree in cybersecurity. Billy also holds the industry-recognized Magnet Certified Forensics Expert (MCFE) certification. He dedicates himself to improving SpearTip’s security services to save businesses and ultimately allow them to fulfil their own missions.

With years of cyber counterintelligence experience, our firm understands how critical it is for organizations to protect their assets against threat actors. With the growing number of devices connected to the internet, the risk of an incident occurring is swiftly growing and becomes a matter of when rather than if.

Understanding Ransomware Threats

The ransomware threat landscape can be difficult to navigate, but there are trends we continually analyze to save businesses and prevent breaches. If your organization has never dealt with a breach, it can be hard to understand the risks, so our job is to explain what usually happens during an incident and what you can do to prevent ransomware threats.

The methods used by threat actors continuously change over time, but lately, we’ve observed threat actors using these tactics to maximize the profit they can extort from a business.


After gaining initial access to an organization, threat actors move throughout networks, looking for the most important data to steal and encrypt. Sometimes they will do this immediately, and sometimes they’ll lurk in your network for weeks planning out their attack. Once data is encrypted, you won’t be able to access it without a key provided by the threat actor, which is how the ransomware extortion process begins.

SpearTip’s Security Operations Center monitors networks 24/7, so any unauthorized logins or unwarranted privilege escalation will be detected by our engineers and responded to if we are hired to monitor.

Data Theft

After encryption, threat actors will likely leave a ransom note or a link to contact them. This message usually provides notice of data being stolen and a timeline of when your stolen data will be published if payment is not received. Now, threat actors have your company’s data, usually targeting any financial, personal, or internal documentation depending on their motives. These documents usually trigger the quickest payments, so it makes sense they’ll target your high-value data first.

This, in turn, forces your company to notify every customer who has been impacted by the breach. Even if the threat actors have not published your data on dark websites, the fact that they’ve accessed it already creates issues of trust between you and your clients or customers. Prevent data theft with SpearTip’s ShadowSpear platform and Security Operations Center as a Service. Then, this issue can be an afterthought.


The last attempt in many cases at getting victims to pay for ransomware attacks comes in the form of leaking data. Not only did cybercriminals have access to your data, but now they’re offering it on dark websites for other malicious actors to use against your organization, or worse, your customers. Typically, the threat actor will publish the most confidential data first, whether this is private company data, employee data, or financial data.

If SpearTip is contacted in this stage of an incident, we can still scan the dark web and investigate exactly what information was stolen and where it was leaked. All of this, while restoring your network and getting your business back up and running as quickly as possible.

When managing a security operations center and leading Incident Response cycles, it’s crucial to be able to delegate cases to experienced engineers with knowledge in diversified areas of cybersecurity. SpearTip has recruited incredible talent from the bottom up, and this allows our team to thrive when providing for partners. I collaborate with extremely intelligent minds to be able to protect businesses daily and keep their businesses from facing the worst. From identifying zero-day vulnerabilities within environments to understanding the methods of threat actors, our team can protect and respond to keep organizations operating as they should.

The decision to invest in cybersecurity can seem difficult for a high-level executive, but if I had one recommendation, it would be to operate proactively when it comes to ransomware threats. It’s always better to be in front of ransomware threats instead of behind them.


Connect With Us

Featured Articles

Cybersecurity Health Checks
Cybersecurity Health Checks: Why Companies Need Them
22 April 2024
New Loop DoS Attack
New Loop DoS Attack Affecting Linux Systems
19 April 2024
Possible Cyberattack
Possible Cyberattack During 2024 Summer Olympics
15 April 2024
Tabletop Exercises
Tabletop Exercises: Transformative Impact on Companies
12 April 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Frequently Asked Questions

What specific actions can individuals and organizations take to protect themselves from ransomware attacks?

Individuals and organizations can take several steps to protect themselves from ransomware attacks. Firstly, they should regularly back up their data to an external device or cloud-based service. They should also keep their operating systems, software, and antivirus programs up to date. It is recommended to use strong and unique passwords and enable two-factor authentication. Additionally, they should be cautious while clicking on links or downloading attachments from unknown sources.

Are there any particular industries or types of businesses that are more vulnerable to ransomware attacks?

Although any organization can be a target of ransomware attacks, there are some industries that are more vulnerable. For instance, the healthcare industry is often targeted as they deal with sensitive patient data. Similarly, educational institutions, financial services, and government agencies are also at high risk due to the critical data they handle.

How are law enforcement agencies and governments working to combat the evolving threat of ransomware?

Law enforcement agencies and governments are working to combat the evolving threat of ransomware by taking several measures. They are conducting awareness campaigns to educate individuals and organizations about the risks of ransomware attacks and how to prevent them. They are also collaborating with private organizations to share information and resources to combat the threat. Additionally, they are enforcing strict laws and regulations to prosecute the attackers and deter others from committing similar crimes.

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.