With a deep background in artificial intelligence, machine learning, and blockchain, Dominic Jainy has dedicated his career to understanding how advanced technologies are reshaping industries, particularly in the realm of cybersecurity. As ransomware attacks surge, growing 45% in the last year alone, his expertise provides a critical lens through which to view this evolving threat. Today, we sit down with Dominic to dissect the latest research and explore why certain sectors are falling victim, what the true costs are, and how organizations can begin to build a more resilient defense.
Manufacturing now leads as the top ransomware target, with incidents up 32%. Beyond immediate production halts, what are the cascading supply chain effects of these attacks, and what specific, practical steps can manufacturers take to build resilience against them? Please elaborate with some examples.
The 32% jump in attacks on manufacturing is truly alarming, and the impact goes far beyond a single factory floor. When a major producer like Jaguar Land Rover is forced to halt operations for over a month, it creates a massive shockwave. Think about it: their suppliers of raw materials and components suddenly have nowhere to send their goods, logistics partners see their schedules thrown into chaos, and dealerships can’t get new vehicles. This single point of failure ripples outward, causing financial strain and operational paralysis across the entire value chain. The $2.5 billion cost to the British economy from that one attack paints a very stark picture of this interconnected risk. To build resilience, manufacturers must move beyond just protecting their front office. They need to implement rigorous network segmentation to isolate their operational technology from their IT systems, conduct continuous vulnerability assessments on production line equipment, and, crucially, develop a collaborative incident response plan that includes their key supply chain partners.
Ransomware incidents in healthcare can have life-or-death consequences. Can you describe the unique pressures medical providers face when deciding whether to pay a ransom, and outline a step-by-step crisis communication plan for a hospital whose patient data systems are locked down?
The pressure on healthcare providers is immense and profoundly different from any other sector. When systems are locked down, it’s not about profit loss; it’s about patient care. Imagine a doctor unable to access a patient’s medical history, allergies, or critical test results. We saw the tragic potential in Germany, where a patient died after being rerouted from a hospital under attack. This creates an excruciating ethical dilemma. Do you pay the criminals to potentially restore services quickly and save lives, or do you refuse and risk patient harm while you try to recover? It’s an impossible choice. For a crisis communication plan, the first step is immediate, transparent acknowledgment to staff and emergency services. Second, they must establish alternative, manual processes for patient care and communication—runners, whiteboards, paper charts. Third, a clear, empathetic message must be delivered to patients and the public, explaining the situation without causing panic, emphasizing that patient safety is the absolute priority, and providing guidance on where to seek emergency care. Finally, they need to maintain a regular cadence of updates to all stakeholders, even when there’s no new information, to maintain trust.
Firms in the legal and professional services sectors hold troves of sensitive client information. What makes this data so valuable to attackers, and how should these organizations balance client confidentiality with the need for transparent breach notifications when an attack occurs?
This data is a goldmine for attackers because of its leverage. Think about a major law firm like Campbell Conroy & O’Neil, which represents Fortune 500 companies. The data they hold isn’t just personal information; it’s privileged legal strategies, confidential M&A details, and intellectual property worth billions. Attackers know that the firm—and its powerful clients—will do almost anything to prevent that information from being leaked. This creates incredible pressure to pay the ransom. Balancing confidentiality with transparency is a tightrope walk. The key is preparation. Organizations must have pre-approved communication templates and a clear protocol. When an attack happens, they should immediately engage outside counsel to manage notifications under legal privilege, notify affected clients directly and discreetly before any public announcement, and then provide a broader notification that is honest about the breach without revealing specific client data. The goal is to control the narrative and show you are taking responsible, decisive action, which helps preserve trust even in a crisis.
When an IT provider is hit by ransomware, it creates a significant ripple effect for its customers. How do attackers leverage a single breach in the IT sector to compromise multiple downstream clients, and what are the top three preventative measures that technology firms should implement?
Attackers view the IT sector as a force multiplier. Breaching a single managed service provider or a technology firm like Ingram Micro gives them a trusted pathway into the networks of hundreds, or even thousands, of downstream clients. They exploit the inherent trust and network connectivity between the IT provider and its customers, essentially using their keys to unlock many doors at once. This is precisely what the REvil gang did in a famous attack a few years ago, turning a trusted software update into a widespread ransomware deployment. The top three preventative measures are non-negotiable. First, implement multi-factor authentication across all systems, especially for administrative access, to make stolen credentials useless. Second, enforce the principle of least privilege, ensuring that accounts and systems only have the absolute minimum access required to function. And third, they must have robust network segmentation to contain a breach, preventing an intruder from moving laterally from their own network into a client’s environment.
The financial services industry faces warnings that a major attack could trigger a crisis. Can you walk me through the potential systemic risks of a successful attack on a major financial institution and what regulators and companies are doing to mitigate this threat?
The New York Department of Financial Services wasn’t being hyperbolic when it warned of “the next great financial crisis.” A successful, prolonged attack on a major bank or a key payment processor wouldn’t just be an isolated incident. It could freeze transactions, halt access to funds for millions of people and businesses, and shatter consumer confidence in the entire system. We saw a small-scale preview with the Travelex attack, which left travelers and banks stranded for weeks and ultimately contributed to the company’s insolvency. Now, imagine that on a global scale. The systemic risk is that one institution’s failure could trigger a cascade of defaults and a complete loss of faith in the market’s stability. In response, regulators are mandating much stricter cybersecurity standards, requiring things like regular penetration testing, detailed incident response plans, and greater information sharing about threats between institutions. Companies are also investing heavily in threat intelligence and building “digital war rooms” to run simulations of these catastrophic scenarios, preparing for a crisis they hope never comes.
With exploited vulnerabilities being a common entry point for attacks in the retail sector, what are the most overlooked security gaps you see? Please detail a few proactive measures a retailer could implement tomorrow to significantly harden their defenses against ransomware.
In retail, the most overlooked gaps are often at the edges of the network—the point-of-sale systems, the connections to third-party logistics partners, and the web-facing applications for e-commerce. These are prime targets. Attackers know that retailers are under constant pressure to innovate and connect new systems, and security can become an afterthought. We saw this with Marks & Spencer, where an attack caused massive operational disruption and cost an estimated $402 million. A retailer could take proactive steps tomorrow to make a real difference. First, they could implement an aggressive patch management program, ensuring that all known vulnerabilities are addressed within a strict timeframe, not just on servers but on every device connected to the network. Second, they can conduct a thorough review of all third-party vendor access, revoking any unnecessary permissions. Finally, they should deploy advanced endpoint detection and response (EDR) tools on all their systems to spot the unusual activity that often precedes a full-blown ransomware deployment.
What is your forecast for ransomware trends in the coming year?
I expect to see ransomware become even more targeted and more ruthless. The 45% overall increase in attacks last year shows the business model is thriving. Gangs will continue to focus on critical industries like manufacturing and healthcare where downtime is intolerable, giving them maximum leverage to demand higher ransoms. We’ll also likely see attackers increasingly using AI to craft more convincing phishing emails and to identify vulnerabilities in networks faster than human defenders can patch them. The most concerning trend, however, is the move toward “destruction-ware,” where the attack isn’t just about encryption for a ransom but about causing permanent, irreparable damage to data and systems. This changes the game from a financial negotiation to an act of pure sabotage, underscoring the critical truth that no organization, in any sector, can afford to be complacent.