Ransomware will continue as long as businesses continue to make payments. Paying ransoms only emboldens cyber criminals and makes a company a continued target for future attacks. To avoid becoming a victim, carefully plan a defense in depth strategy to deter and detect threats before they can accomplish their final objectives. Ransomware threats most often start with access to an employee’s remote desktop login, or through malicious attachments sent via phishing email to employees, or unpatched servers connected to the Internet. First, ensure systems are updated with the latest security patches and ensure Multi Factor Authentication (MFA) is deployed and enforced within your organization so that stolen or weak passwords cannot be leveraged by attackers. Then, position security event monitoring solutions to give analysts the information they need to quickly detect and respond to threats that make it past other security controls. A 24/7 Security Operations Center is necessary to respond in time to stop threats that can strike at any time and which often operate on evenings and weekends. Overall, the cost of a strong security operation is much less expensive than paying ransom payments to criminals, the cost of lost productivity during an attack, and the cost of recovery after an attack.

Sources: https://www.bleepingcomputer.com/news/security/egregor-ransomware-bombards-victims-printers-with-ransom-notes/?&web_view=true

https://www.zdnet.com/article/why-ransomware-is-still-so-successful-over-a-quarter-of-victims-pay-the-ransom/?&web_view=true