r/LastPassOfficial

Ransomware attacks cost businesses millions every year, and they're getting more sophisticated. Attackers encrypt your files and demand payment for their return. Sometimes they threaten to leak sensitive data if you don't pay up.

Key takeaways:

• Ransomware attacks typically begin with phishing emails, stolen credentials, or unpatched software vulnerabilities. 

• Regular offline backups are your best recovery option if an attack succeeds, since attackers can't encrypt what they can't reach. 

• Multifactor authentication blocks most credential-based attacks, even when passwords are compromised. 

• LastPass helps protect against ransomware by securing credentials with AES-256 encryption and enforcing strong password policies. 

• An incident response plan prepared in advance can significantly reduce damage and recovery time during an attack. 

Steps to protect your company from ransomware attacks:

1. Back up critical data regularly and store copies offline.

2. Keep all software and systems updated with security patches.

3. Train employees to recognize phishing and suspicious attachments.

4. Use multifactor authentication on all accounts.

5. Limit user access to only what each employee needs.

6. Protect credentials with a secure access solution.

7. Segment your network to contain potential breaches

8. Create an incident response plan before you need one

You may read more on this topic within our

I have a premium subscription I am looking to cancel because I don’t really use last pass and only upgraded when I had hired help. I since no longer have the help. I submitted a case for cancellation and they said before moving forward, last pass wanted to know about the decision and if they can give a discount instead of cancelling. I responded requesting to move forward with a cancellation before my renewal in May. They since have not responded one peep. I’ve emailed them four times looking for a follow up and confirmation regarding cancelling.

I don’t know how to get through to them at this point.

What do I do next? Call my bank and tell them about the situation and to not allow last pass to charge me any further?

Key takeaways: Shadow IT revealed your gaps. Shadow AI widens them unless you do this in 2026:

• Shadow AI widens security gaps by creating unmanaged access paths, with credentials, integrations, and agent connections that persist without clear ownership or centralized control. 

• Shadow AI increases risk faster than traditional Shadow IT because it embeds access directly into everyday workflows, where credentials are created and reused outside IT visibility. 

• Most Shadow AI risk doesn’t come from new exploits but from identity misuse: weak authentication, missing MFA, reused credentials, and overlooked access points. 

• Policies and periodic audits can’t keep up with Shadow AI; effective SaaS risk management in 2026 requires continuous discovery paired with real‑time access visibility.

• LastPass Business Max surfaces Shadow AI and SaaS usage at the point of login, helping lean IT teams identify and reduce unmanaged access before it becomes an incident. 

You can read all about this topic on