Ransomware isn’t going away. As noted by Infosecurity Magazine, European small and midsize businesses (SMBs) paid out almost $100 million last year to recover encrypted files. Meanwhile, Malwarebytes tracked a 90 percent increase in the number of detected ransomware attacks.

But it’s not all bad news. According to a new report from Datto, the state of ransomware is shifting. More companies are reporting attacks and fewer are paying ransoms. It’s a standoff: Ransomware-makers are doubling down on new attacks even as enterprises push back on payment.

The Current State of Ransomware

The Datto report pointed out that 4.5 percent of European SMBs fell victim to malware between 2016 and 2017. More telling, 78 percent said they experienced “business-threatening downtime” because of these attacks. Meanwhile, 97 percent of respondents said that ransomware attacks were on the rise, with 22 percent reporting multiple attacks in a single day.

What’s more, attackers are both persistent and pernicious. Eleven percent of SMBs said persistent ransomware was used to attack systems more than once, while 31 percent reported that ransomware also infected backups, making the road to remediation much more difficult. Given these startling numbers, it’s easy to see why the current state of ransomware has companies concerned.

Breaking the Feedback Loop of Fear

The ramp up of ransomware threats has created a kind of feedback-loop culture. Companies know that they shouldn’t pay the ransom and should report the attack, but standard operating procedure has become the opposite: Pay quickly to decrypt files and keep the breach under wraps.

As noted by the Datto report, however, attitudes are changing. More businesses are now reporting attacks to authorities and supplying them with relevant data, while just 21 percent of SMBs opted to pay the ransom in 2017. That’s a solid choice, since 18 percent of firms that came up with the cash didn’t get their data back.

So what’s the best way to push back and put enterprises ahead of malware-makers? It starts with recognizing origin points. According to Tech Republic, the root causes of most successful ransomware infections are user error and phishing attacks. Basic security hygiene, solid antivirus solutions and robust security training go a long way toward taking the bite out of ransomware threats.

Meanwhile, security firms are actively researching ransomware decryption tools, ZDNet reported. The Belgian National Police and Kaspersky Lab recently released a free solution for the prolific Cryakl ransomware strain.

The biggest shift, however, comes at a corporate level. Given the ability of ransomware threats to infect any operating system and any platform at any time, organizations often take on the mantle of helpless victim inevitably compromised by bad actors.

As a result, the threat of ransomware becomes just as terrifying as the infection itself, forcing employees and IT professionals into an infinite loop of fear and frustration. With the rise of reporting, proven effectiveness of basic security training and ongoing work by security experts, however, the state of ransomware becomes a driving force for security adaptation rather than harbinger of IT apocalypse.