Ransomware is no longer simply an IT problem. It is a business continuity problem, a reputational problem and, in some cases, an existential one.
In the latest episode of Cyber Fusion’s Life’s a Breach videocast, Steve sat down with Andy Grant from BullWall and Trudy Palmer from Unifi to discuss the changing ransomware landscape, why traditional security layers are no longer enough on their own, and how partners can help customers build greater resilience against one of the most persistent threats facing organisations today.
Ransomware has changed: And so must the response.
For many organisations, ransomware protection still begins with prevention: firewalls, antivirus, endpoint detection, email filtering and wider perimeter controls. These remain important, but as Andy Grant explained, they are no longer enough in isolation.
The reality is that organisations have invested heavily in preventative security for decades, yet successful ransomware attacks continue to rise. High-profile incidents affecting major brands have shown that even organisations with mature security programmes and significant budgets are not immune.
The issue is not whether preventative tools matter. They do. The issue is what happens when something gets through.
That is where BullWall’s approach is different. Rather than relying solely on identifying and blocking threats before they land, its ransomware containment technology works on an “assume breach” basis. It is designed to monitor for active encryption and respond rapidly when ransomware begins targeting data.
In practice, this means isolating the affected user, device or process quickly enough to prevent widespread damage.
The cost of downtime is often underestimated
One of the most striking points from the discussion was the true cost of a ransomware incident. The ransom itself is only part of the story.
Operational downtime, lost productivity, recovery costs, reputational damage, legal fees, regulatory implications and customer trust all need to be factored in. For some organisations, the disruption can last weeks or months. In severe cases, businesses do not recover at all.
BullWall’s downtime calculator was highlighted as a useful tool for partners and customers, helping organisations model what an attack could actually cost them. It allows businesses to consider factors such as number of employees, proportion of the organisation affected, downtime and restoration costs.
This kind of exercise is particularly valuable because ransomware resilience is often treated as unbudgeted spend. By connecting the risk to cyber insurance, compliance, business continuity and infrastructure planning, organisations can build a stronger commercial case for investment.
Why layered security still needs a containment layer
A key theme of the conversation was that ransomware containment is not about replacing existing tools. It is about filling a gap.
Many organisations already have multiple security layers in place, but few have tested what would happen if a zero-day ransomware attack began encrypting files inside their environment.
BullWall’s assessment process is designed to show exactly that. Customers can run controlled tests against a test server or file share, first observing how their existing tools respond, then seeing how ransomware containment reacts when active encryption begins.
For partners, this creates a clear and practical way to demonstrate risk. Rather than leading with fear or theory, the conversation becomes evidence-led: here is what happens today, here is the gap, and here is how quickly it can be contained.
The blind spots attackers are exploiting
The discussion also covered BullWall’s newer modules: Server Intrusion Protection and Virtual Server Protection.
These address areas that are increasingly being targeted by attackers. Virtual Server Protection focuses on the hypervisor layer, including VMware environments, where attacks can have devastating consequences if the underlying virtual infrastructure is compromised.
Server Intrusion Protection is designed to help prevent lateral movement across servers. It introduces lightweight multi-factor authentication on server logins and monitors changes to processes such as scheduled task manager, which attackers often use to stage or trigger ransomware attacks at times when organisations are least prepared, such as weekends or bank holidays.
This matters because ransomware rarely begins and ends at the point of encryption. Attackers often spend time moving through an environment, escalating privileges, finding critical systems and preparing the attack. Protecting those middle stages is becoming increasingly important.
Why this matters for partners
For resellers, MSPs and MSSPs, ransomware remains one of the clearest and most urgent customer conversations.
Andy noted that BullWall is entirely channel-focused globally, and that the technology is straightforward for partners to add to their portfolio because it does not displace existing security investments. Instead, it adds a further layer of resilience.
The conversation also touched on sales cycles. While many enterprise security technologies can involve long procurement processes, BullWall often resonates quickly once customers see the live demo or assessment. In some cases, opportunities can move from first demo to purchase order in days rather than months.
For partners, the value is twofold. It creates an opportunity to add value to existing customers, while also acting as a door opener into new accounts. Around a third of BullWall’s channel deals are net-new logos for the partner, making it a useful proposition for both customer retention and growth.
A full-service vendor approach
One of the reasons Cyber Fusion and Unifi have built such a strong relationship with BullWall is the quality of support behind the technology.
As Steve and Trudy discussed, the live demo is consistently one of the strongest in the market. BullWall’s engineers run live attacks in studio-style environments, showing customers exactly how the technology responds in real time.
That matters. In a market full of security claims, seeing the impact live cuts through the noise.
The full-service vendor approach also makes life easier for partners. Where a partner wants to open a door and make an introduction, BullWall can support the opportunity from demo through to close, while the partner maintains the customer relationship.
The human side of cybersecurity
The episode also explored the role of the Unified Cyber Fusion Alliance, created by Cyber Fusion and Unifi to provide a more relaxed, human environment for senior security professionals, CISOs and cyber leaders.
In a sector where events can often feel overly sales-driven, the Alliance aims to create a safe, informal space for people to connect with peers, share experiences and build trusted relationships.
As Trudy explained, many people in cybersecurity are under pressure, isolated or simply in need of a space where they can talk openly. The quarterly events are built around genuine connection rather than hard selling, with carefully selected vendors and attendees who share that ethos.
It is a reminder that cybersecurity is not just about technology. It is also about trust, relationships and people having each other’s backs.
The takeaway
Ransomware is not going away. It is evolving, becoming more targeted, more disruptive and more damaging to organisations of every size and sector.
The organisations best placed to withstand it will be those that move beyond prevention alone and build resilience into their security strategy. That means understanding where the blind spots are, testing assumptions, and preparing for the moment an attacker gets through.
For partners, this creates a valuable opportunity to help customers have better, more practical conversations about ransomware risk.
For customers, the message is simple: the question is no longer just how to stop an attack. It is how quickly you can contain one when it happens.