899 views2 Upvotes11 Comments

Founder/Chairman/CTO in Telecommunication, 201 - 500 employees
The second act tactic that's starting to reveal itself a lot more in ransomware campaigns is the disclosure of proprietary information. That might be damaging to a company from an extortion standpoint, so they’ll pay to prevent that. As a bad actor, I would double down on that because it makes sense. When you think about it as a business model and a way to make money, it's amazing that it hasn’t happened more prior to this. But now that they're doing this, ransomware operators will double down and reinvest their profits into finding ways to do it better. As an entrepreneur, I try to put myself in the shoes of the criminal and that's exactly what I would do, so that's what I expect.
Director of IT in Software, 51 - 200 employees
Ransomware attacks have evolved as threat actors continually seek ways to expand the scope of their operations and increase profitability. The ransomware-as-a-service (RaaS) model became popular because the use of affiliates enables ransomware operators to attack more victims with little effort. 
VP in Software, 10,001+ employees
Understanding user, application, and service behavior with advanced ML algorithms are what the attackers or defenders are using. It will be a race between who (defender or attacker) creates a better algorithm to train ML.
CISO in Banking, 10,001+ employees
I think ransomware will change from pure encrypting of files, to an extortion to prevent release of PII and the resulting regulatory fines, we are seeing this evolving currently in recent attacks.  More insidious is the infecting of system and lying dormant for some considerable time before activation to ensure backs and air gapped copies of data are also infected. We have also seen a a rise in Ransom as a service and this will only grow, and can potentially be used to manipulate markets at key times such as takeovers, mergers and IPO's.
SVP - Software Engineering in Finance (non-banking), 201 - 500 employees
ML / AL advancement plus the growing “ransomeware as a service” market will make it easier for hackers to find vulnerabilities in the system. But, I suspect mane ransomware will still be deployed in the same transitional ways via phishing attacks, stealing pw, etc through people who might not be tech savvy in a organization.
Director in Healthcare and Biotech, 201 - 500 employees
In the short term ransomware engineers may take a break to retool their software with the price of Bitcoin ;-). Seriously though, we all know the speed of technology and rapid advancements make for many loopholes and exploits. The virtual war attack/defend is a daily event. I am hopeful the market supports not necessarily defense code creation but retaliation against would be hackers. The but is that it must be worth the effort.    
Director, Information Technology in Transportation, 201 - 500 employees
I believe ransomeware will become more targeted towards individual users as opposed to company resources such as a file server.  The prospect of paying a smaller ransom to quickly unlock files for an executive requires less discussion and coordination than doing so for an entire organization.  This approach is more efficient for the criminal organization and will allow them to execute a greater number of smaller transactions with less risk.
Director ERP Management in Travel and Hospitality, 1,001 - 5,000 employees
In most cases, the bad actors to launch ransomware seek short term gains from the victims. Never ever make any payments to bad guys. This short term fix opens up door for hackers to come back and attack more and more networks for financial gains. Ransomware has impacted victims pretty badly in the short terms. Recently our school district systems were attacked by ransomware like threat and recovery took several days before students were able to get back in normal routine.
IT Operating Unit Director in Education, 10,001+ employees
I expect (and have observed) attacks becoming more targeted at specific users that are likely to have elevated credentials and/or access to financial information. Basically the attackers are trying to increase their ROI, and in many cases they are probably succeeding. 
Senior Director, Information Technology in Services (non-Government), 501 - 1,000 employees
I agree with others that the threat to keep data encrypted isn't likely to keep malicious actors motivated going forward, as more and more businesses protect appropriately against the data loss. Threatening to release PII and/or proprietary secrets will apply in some situations, but I could see releasing embarrassing or incriminating documents or conversations happening as well.

Content you might like


Yes, but third & Nth parties are still a concern39%



Don't know1%



CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
47k views133 Upvotes324 Comments

First day on the job10%

Sometime during their first week52%

Sometime during their first month26%

2-3 months after their hiring date6%

It depends on their role/level3%

Other (explain in the comments section)1%