Listen, and understand! That Terminator is out there! It can’t be bargained with. It can’t be reasoned with. It doesn’t feel pity, or remorse, or fear. And it absolutely will not stop… ever!”

Time-travelling killer cyborgs. As far as we know, they’re not here… yet. But there is another Terminator-like cyber villain that is unrelenting in its targeting, infiltration, and attacks: It’s ransomware. Last year, 63 percent of organizations experienced an attempted ransomware attack, with 22 percent reporting these incidents occurred on a weekly basis.*

For many organizations, the rapid spread of WannaCry and NotPetya were a wake-up call from business as usual. The attacks were devastating – impacting critical services and costing organizations hundreds of millions of dollars in lost productivity and recovery efforts.

Our lives are dependent on trusted and untrusted networks of machines that do everything from the mundane to the critical. From controlling our smart lightbulbs to running hospital ICUs. The opportunity to spread ransomware is amplified by a growing number of BYOD workplaces, the rise of an AI-based and automated workforce, and self-driving everything. Any machine connected to the internet is an easy target. Even locked-down, non-public facing computers are comprised by the use of unmanaged mobile devices and laptops which connect to and from unsecured public networks. Infected endpoints let ransomware on to private networks at which point it spreads and encrypts data – making it extremely difficult to recover. 

“The Terminator’s an infiltration unit: part man, part machine. Underneath, it’s a hyper-alloy combat chassis, microprocessor-controlled. Fully armored; very tough. But outside, it’s living human tissue: flesh, skin, hair, blood — grown for the cyborgs.”

The recent attacks have weaponized known exploits for which update patches were available. Updates which may be delayed due to the effort required to perform testing or because of legacy systems that can’t be updated. And ransomware is expanding its scope and scale – seeking more targets such as Linux-based web servers.

Rapid weaponization of known and unknown exploits is just the beginning. As our collective ability to detect and defend against ransomware grows, the adversaries also push the envelope of innovation and survival – what we are up against is a constantly evolving strategy to remain undetected, infiltrate networks, and increase damage. There are memory attacks that leave no trace, attacks that target backups, and attacks that leverage built-in system tools.


You’ll learn the basics of data protection against ransomware attacks that Citrix customers are using today, including:

  • Publishing virtualized, sandboxed, and hardened browsers and email clients
  • Utilizing Hypervisor Introspection (HVI) to detect ransomware techniques
  • Protecting mobile devices against attacks with containerization
  • Providing a secure and robust enterprise data sync and sharing service

Ransomware will be back this year. Be ready by learning and incorporating solutions for protection today. As threats evolve, so can you.