Incident response is changing. Just a few short years ago, cyber insurance was a get-out-of-jail-free card for organizations ensnared in serious incidents like ransomware attacks. Insurers were footing the bill for incident response services, negotiations with criminal organizations, and in some cases, paying ransoms to recover data and restore business operations. As costs started to pile up for the insurance companies and the status quo became increasingly unsustainable, western sanctions and other geopolitical factors started to complicate the previously straightforward ransomware economy.