New report tracks an 18% increase in ransomware attacks year-over-year

Ransomware insights:

• ThreatLabz tracked an 18% increase in ransomware attacks year-over-year.
• The manufacturing, health care and technology sectors were the top targets of ransomware attacks.
• The United States remains the top target of ransomware, experiencing nearly 50% of overall attacks, followed by the United Kingdom, Germany, Canada and France.
• ThreatLabz identified 19 new ransomware families during the analysis period, bringing the total number to 391 since tracking started.

Cloud security company Zscaler recently published its Zscaler ThreatLabz 2024 Ransomware Report, which analyzed the ransomware threat landscape from April 2023 through April 2024. The annual report details the latest ransomware attack trends and targets, ransomware families and effective defense strategies. Findings in the report uncovered an 18% overall increase in ransomware attacks year-over-year, as well as a record-breaking ransom payment of U.S. $75 million – nearly double the highest publicly known ransomware payout – to the Dark Angels ransomware group. ThreatLabz believes Dark Angels’ success will drive other ransomware groups to use similar tactics, reinforcing the need for organizations to prioritize protection against rising and ever-more costly ransomware attacks.

“Ransomware defense remains a top priority for CISOs in 2024. The increasing use of ransomware-as-a-service models, along with numerous zero-day attacks on legacy systems, a rise in vishing attacks and the emergence of AI-powered attacks, has led to record-breaking ransom payments,” said Deepen Desai, chief security officer at Zscaler. “Organizations must prioritize zero-trust architecture to strengthen their security posture against ransomware attacks.”

Top industries impacted by ransomware

Ransomware attacks pose significant risks to businesses of all sizes and industries. The manufacturing industry was by far the most targeted according to the report, facing more than twice as many attacks as any other industry.

Industries face unique ransomware challenges based on how they operate and handle data, as well as on their technology infrastructure. Despite the variables, ransomware extortion attacks have consistently surged, with the number of victim companies listed on data leak sites increasing by nearly 58% since last year’s ransomware report.

Most targeted industries in ransomware attacks

• Manufacturing
• Health care
• Technology
• Education
• Financial Services

United States remains the top target

The United States once again faced a higher volume of ransomware attacks than any other country, accounting for nearly half of all incidents globally.

Most targeted countries for ransomware attacks:

• United States (49.95%)
• United Kingdom (5.92%)
• Germany (4.09%)
• Canada (3.51%)
• France (3.26%)

When comparing year-over-year change in ransomware attacks, the U.S., Italy and Mexico saw the highest increase, with staggering rises of 93%, 78% and 58%, respectively.

Most active ransomware families

While ransomware and other cyber threats continue to evolve in complexity and sophistication, staying informed about the most prevalent and dangerous ransomware families is crucial for maintaining an effective security posture.

ThreatLabz most active ransomware families:

• LockBit (22%)
• BlackCat (aka ALPHV) (9%)
• 8Base (8%)

Top five ransomware families to watch in 2024-25:

1. Dark Angels
2. LockBit
3. BlackCat
4. Akira
5. Black Basta

Mitigate ransomware attacks with zero-trust security

From initial reconnaissance and compromise to lateral movement, data theft and payload execution, the goal is to stop ransomware at every stage of the attack cycle. Here are some effective methods:

• Minimize the attack surface: Hide users, applications and devices behind a cloud proxy where they are not visible or discoverable from the internet.

• Prevent initial compromise: Use TLS/SSL inspection, browser isolation, advanced inline sandboxing and policy-driven access controls to prevent users from accessing malicious websites as well as detect unknown threats before they reach your network.

• Eliminate lateral movement: Leverage user-to-app or app-to-app segmentation so that users connect directly to applications (and apps to other apps), not the network, eliminating the risk of lateral movement.

• Stop data loss: Inline data loss prevention measures, combined with full TLS/SSL inspection, can effectively thwart data theft attempts. Ensure that data is secured both in transit and at rest.

For a deeper dive into best practices for protecting your organization and the full findings, download the Zscaler ThreatLabz 2024 Ransomware Report.

Ransomware report methodology

The research methodology for this report is a comprehensive process that uses multiple data sources to identify and track ransomware trends. The report team collected data from a variety of sources between April 2023 and April 2024.

To identify and understand ransomware activity, Zscaler utilizes its global security cloud processing more than 500 trillion daily signals, blocking 9 billion threats daily and delivering 250,000+ security updates. The ThreatLabz Threat Intelligence team tracks ransomware families at scale through reverse engineering and automating malware analysis to develop effective response strategies. ThreatLabz also works closely with international law enforcement agencies and has played a significant role in recent actions, including Operation Duck Hunt and Operation Endgame.

Do you have experience and expertise with the topics mentioned in this article? You should consider contributing content to our CFE Media editorial team and getting the recognition you and your company deserve. Click here to start this process.