Ransomware is a topic that regularly comes up when I speak to CISOs and information security leaders, understandably so as recent reports have highlighted two growing themes. Firstly, Covid-19 has resulted in an uptick in campaigns dropping ransomware and secondly, the direction has shifted to more targeted campaigns against larger organizations (both per the NTT 2020 Global Threat Intelligence Report).
There is no denying the impact a successful ransomware attack can have on an organization, not only in terms of the financial and reputation hit but also the effects of service disruption. If you consider some of the organizations across the globe that have fallen victim to ransomware, it is not difficult to understand the real-world implications a successful ransomware attack can have on customers and citizens.
Increasingly, ransomware is one of a number of modules being dropped by other malware, such as Emotet, which was the most prevalent malware variant of 2019 (per the 2020 Cyber Security Report from Checkpoint Research). However, if it is true for Emotet, it is also true for other malware variants which use similar techniques to progress through the typical attack lifecycle, including execution, discovery, persistence, lateral movement, etc. So once initial access is gained, it becomes a question of how robust your internal security controls are against the techniques employed throughout that attack lifecycle.
Blog
Ensuring Security Against Ransomware Threats
Ransomware resilience depends on whether your controls can stop the attack techniques that happen before encryption. Continuous validation helps security teams find those gaps early and reduce the chance of real disruption.
Continue Reading
Pentera at $100M ARR – A CEO Reflection
06 Jan 2026
When I joined forces with our Founder and CTO, Dr. Arik Liberzon, and stepped into the CEO role back in 2018, $100M ARR felt like a number reserved for big, mature companies.
Read more
Cyber in the Board Room: From Security Findings to Business Action
20 Oct 2025
I’ve seen too many good findings die in bad presentations. I’ve watched technical teams do heroic work, only to have their insights lost in translation. I’ve also been that person, walking into a board meeting armed with risk data and walking out with silence.
Read more
How to Win Cybersecurity Budget Approval with Continuous Validation
25 Sep 2025
It’s budget season. Once again, security is being questioned, scrutinized, or deprioritized. If you're a CISO or security leader, you've likely found yourself explaining why your program matters, why a given tool or headcount is essential, and how the next breach is one blind spot away.
Read more
AI Is Transforming Cybersecurity Adversarial Testing – Pentera Founder’s Vision
06 Aug 2025
In 2015 I founded a cybersecurity testing software company with the belief that automated penetration testing was not only possible, but necessary. At the time, the idea was often met with skepticism, but today, with 1200+ of enterprise customers and thousands of users, that vision has proven itself.
Read more
They’re Out to Git You: How to Find Exposed Repos Before Attackers Do
29 Jul 2025
While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems
Read more
Jen Easterly’s Xposure Keynote: How to Use KEV and AI to Stay Ahead of Cyber Threats
23 Jul 2025
I’ve spoken with plenty of cybersecurity leaders in my time, but hosting Jen Easterly at Pentera’s National Xposure 2025 summit felt different. As a former Director of CISA, she’s got that rare blend of battlefield grit, boardroom poise, and TED Talk charisma.
Read more