Following a record-breaking ransomware payout of $75 million this year, industry cloud security leaders warn that other ransomware attackers may become emboldened by other groups’ successes.
The payout made by an undisclosed victim accompanies a steep rise in ransomware attacks, according to a recent Zscaler ThreatLabz report which showed that attacks in the United States have been rising by 93 percent year-on-year.
The previously largest known ransomware payout was in 2021 when CNA Financial paid $40 million to Russian hacktivist group Phoenix, according to Varonis.
“Ransomware defense remains a top priority for CISOs in 2024. The increasing use of ransomware-as-a-service models, along with numerous zero-day attacks on legacy systems, a rise in vishing attacks and the emergence of AI-powered attacks, has led to record breaking ransom payments,” said Deepen Desai, the chief security officer at Zscaler.
The United States accounts for almost half of all ransomware attacks, with the U.K. and Germany following behind. The manufacturing industry is the most targeted industry along with healthcare, technology, and education, said the researchers.
Companies that are victims of data leak sites also saw increases, growing nearly 58 percent since last year’s report.
“Organizations must prioritize Zero Trust architecture to strengthen their security posture against ransomware attacks,” said Desai.
Nineteen new ransomware families – groupings assigned by attack style and tactics – were discovered within the last year, totaling 391 families overall. ThreatLabz said that LockBit and BlackCat are the two most active ransomware families and are respectively the second and third most dangerous. Dark Angels, responsible for the record-breaking payout, is listed as the most dangerous.
The Dark Angels has conducted some of the “largest ransomware attacks” while attracting “very minimal attention,” according to the researchers. The group has recently attacked large industrial, technology, and telecommunication companies. Their strategies include targeting one large company at a time, selectively encrypting the company’s files, and often stealing 1-100 TB of data.
Recently, the group has also targeted a “small number of high-value companies for large payouts.” ThreatLabz researchers warned that other ransomware groups will likely “take note” of successes and “may adopt similar tactics.”
Recommendations made by the researchers to prevent ransomware attacks include conducting regular and secure data backups, conducting regular software updates, enabling multifactor authentication, developing consistent corporate security policies, bolstering application security, and enforcing least-privileged access.
