The latest Zscaler 2023 Ransomware Report shows an almost 40 percent increase in global attacks. The annual ThreatLabz Ransomware Report tracks trends and impact of ransomware attacks including encryption-less extortion and growth of ransomware-as-a-service.
Findings from the 2023 ThreatLabz Ransomware Annual Report: This year's report tracks the continued growth of sophisticated ransomware attacks and highlights recent ransomware trends, including targeting public bodies and organizations with cyber insurance, growth of ransomware-as-a service (RaaS) and encryption-less extortion.
More attacks using ransomware-as-a-service (RaaS)
🔎 Multiple ransomware attack sequence for extortion (Image: Zscaler).
The development of ransomware is determined by the inverse relationship between the sophistication of the attacks and the barrier to entry for new cybercriminal groups. The barrier to entry dropped as cyberattacks became more sophisticated due to the proliferation of RaaS. In this business model, threat actors sell their services on the dark web for 70 to 80 percent of ransomware profits. This model has continued to gain popularity in recent years, which illustrates the frequency of ransomware attacks, which has increased by almost 40 percent. Another trend of cyberattacks in 2023 is the growth of encryptionless extortion, where stealthy data exfiltration is favored over disruptive encryption methods.
Top countries targeted by ransomware
The United States was the most common target of double ransomware attacks, with 40 percent of all victims located in this region. Canada, Britain and Germany combined had less than half the attacks compared to the US. The most prevalent ransomware families observed by Zscaler ThreatLabz include BlackBasta, BlackCat, Clop, Karakurt, and LockBit, all of which pose significant threats of financial loss, data breaches, and business disruption to employees and businesses of all sizes.
Over the past year, the most targeted industry globally has been manufacturing, known for its reliance on intellectual property and critical infrastructure, both attractive targets for ransomware groups. All of the ransomware groups tracked by Zscaler targeted companies in this industry, including those involved in the production of goods for the automotive, electronics, and textile industries. The BlackBasta ransomware family was particularly interested in manufacturing companies, targeting this industry for more than 26 percent of their attacks.
Ransomware Trends
In 2021, ThreatLabz observed 19 ransomware families using a dual or multiple ransomware approach in their cyberattacks. That number has now grown to 44 ransomware families observed. This type of attack is popular because once the stolen data is encrypted, the attackers threaten to release it to increase pressure on the victims.
The increasing popularity of encryption-free blackmail attacks that skip the encryption process relies on the same tactic. The companies concerned are threatened with publishing the stolen data online if they refuse to pay the ransom. This tactic brings faster and bigger profits to ransomware groups by eliminating software development cycles and decryption support. Additionally, these attacks are more difficult to detect and attract less attention from the authorities because they don't lock down critical files and systems or cause recovery-related downtime.
As a result, encryption-less extortion attacks typically do not disrupt their victims' business operations, which in turn results in a lower reporting rate. Initially, the encryption-less extortion trend started with ransomware groups like Babuk and SnapMC. Over the past year, a number of new families have adopted this tactic, including Karakurt, Donut, RansomHouse, and BianLian.
Report methodology
The ThreatLabz team analyzed data from the Zscaler Security Cloud, which monitors more than 500 trillion signals per day and blocks eight billion threats per day, with more than 250.000 security updates per day. ThreatLabz analyzed a year of global phishing data from the Zscaler cloud from April 2022 to April 2023 to identify key trends, vulnerable industries and regions, and new tactics. This year, the ThreatLabz team complemented their own analysis of ransomware samples and attack data with external security intelligence.
More at Zscaler.com
About Zscaler Zscaler accelerates digital transformation so customers can become more agile, efficient, resilient, and secure. Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting people, devices, and applications anywhere. The SSE-based Zero Trust Exchange is the world's largest inline cloud security platform, distributed across 150+ data centers around the world.