ThreatLabz Ransomware Report: Unveiling a $75M Ransom Payout Amid Rising Attacks

Ransomware has been a daunting threat to organizations worldwide for decades. Recent trends show that ransomware attacks continue to grow more advanced and persistent. It’s become increasingly clear that no one is spared as cybercriminals carry out attacks that even target the children of corporate executives to force ransom payments. Despite the high-profile takedowns of criminal ransomware networks in “Operation Endgame” and “Operation Duck Hunt,” the most notorious ransomware groups remain tenacious, quickly regrouping after disruptions and aggressively launching new attacks.

The Zscaler ThreatLabz team has just released its latest research on this critical ransomware threat landscape in the ThreatLabz 2024 Ransomware Report, shedding light on new data and trends. ThreatLabz analyzed 4.4 million ransomware attacks blocked by the Zscaler cloud, amounting to a 17.8% year-over-year increase, and conducted extensive analysis of ransomware samples and attack data. The report offers valuable insights into primary attack targets, the most dangerous ransomware families, and the evolving tactics and demands of ransomware threat actors. Most shockingly, it reveals that ThreatLabz uncovered a record-breaking USD$75 million ransom payment.

This blog post will summarize select findings from the report. For a comprehensive understanding of the ransomware landscape and how to strengthen your organization’s defenses against this pervasive threat, download the Zscaler ThreatLabz 2024 Ransomware Report.
 

5 key ransomware findings

The ThreatLabz team tracks ransomware activity extensively to identify and understand how these threats are evolving. The following subset of findings highlight some of the most prominent trends and targets.

Top ransomware trends

1. The number of extorted companies based on analysis of malicious data leak sites grew by 57.8% year-over-year, despite law enforcement actions that include criminal arrests, indictments, and seized infrastructure. The report breaks down the most significant law enforcement operations against ransomware groups and initial access brokers over the past year.

2. The use of voice-based social engineering to gain entry into networks is on the rise—a technique made popular by Scattered Spider and the Qakbot threat group.

3. The exploitation of vulnerabilities continues to be a prevalent attack vector for ransomware, emphasizing the critical need for measures like prompt patching and unified vulnerability management, reinforced by a zero trust architecture.  

Top ransomware targets

4. The manufacturing, healthcare, and technology sectors were the top targets of ransomware attacks between April 2023 and April 2024, while the energy sector experienced a 527.27% year-over-year spike.

5. The United States, United Kingdom, Germany, Canada, and France were the top five countries targeted by ransomware in the same time period.

Delve into these findings and more data in the full report.

$75M ransom payment uncovered

ThreatLabz identified 19 new ransomware families this year, increasing the total number tracked to 391 over the past decade, as cataloged in the ThreatLabz GitHub repository.

With new and emerging ransomware groups come new and ever-evolving methods to maximize their operational impact and financial gains. This was evidenced by the record-breaking $75 million ransom payment uncovered by ThreatLabz. The report discloses the threat group behind this unprecedented payment—also named by ThreatLabz as one of the top five ransomware families that will be a big threat to businesses in the year ahead. Learn about their strategic approach and why ThreatLabz predicts similar strategies will gain traction among other threat actors.

The report also shares comprehensive insights into the tactics, potential impacts, and recent activities of other ransomware families that ThreatLabz has identified as high-risk and noteworthy for 2024-2025.

Stopping ransomware starts with zero trust

The growing volume and cost of ransomware attacks found in this year’s report is a stark reminder that organizations must prioritize robust ransomware defenses. The Zscaler Zero Trust Exchange™ platform addresses this challenge by offering a holistic approach to stopping ransomware.

The Zscaler ThreatLabz 2024 Ransomware Report provides essential guidance to this end, including:

• Fighting AI with AI: Learn about Zscaler’s AI-powered cyberthreat protection capabilities needed to combat AI-driven threats.
• Zero trust architecture advantages: Learn how the Zero Trust Exchange stops ransomware at every stage of the attack cycle:
  • Minimize the attack surface: By replacing exploitable VPN and firewall architectures with a zero trust architecture, it hides users, applications, and devices behind a cloud proxy, making them invisible and undiscoverable from the internet.
  • Prevent compromise: The platform uses TLS/SSL inspection, browser isolation, advanced sandboxing, and policy-driven access controls to prevent access to malicious websites and detect unknown threats before they reach the network, reducing the risk of initial compromise.   
  • Eliminate lateral movement: Leveraging user-to-app (and app-to-app) segmentation, users connect directly to applications, not the network, eliminating lateral movement risk. It can also help find and stop possible attackers from moving around through identity threat detection and response (ITDR) and deception capabilities. 
  • Stop data loss: Inline data loss prevention measures, combined with full inspection, effectively thwart data theft attempts. 
• Ransomware prevention checklist: Access the latest best practices to mitigate ransomware risk and protect your organization from existing and emerging threats.

Get your copy of the Zscaler ThreatLabz 2024 Ransomware Report today. As ransomware threats persist, understanding the latest trends and potential implications of these attacks and assessing your risk will help your organization protect itself against ransomware in 2024 and beyond.