Zscaler’s annual ThreatLabz Ransomware report reveals that ransomware attacks have increased by 80% yearly, with ransomware-as-a-service being used by eight of the top 11 ransomware families.
The report found that healthcare made the biggest jump in attacks, with an increase of nearly 650%, while the restaurant and food service industry saw a 450% increase. In addition, one in five ransomware attacks targeted manufacturing, making it the most targeted industry for the second year.
Zscaler says the most common ransomware trends in 2022 are:
Double extortion Supply chain attacks Ransomware-as-a-service Ransomware rebranding Geopolitical instigated ransomware attacks
The report analyzes more than a year of data from the largest security cloud in the world, which processes more than 200 billion daily transactions and 150 million daily blocked attacks on the Zscaler Zero Trust Exchange.
Zscaler CISO Deepen Desai says modern ransomware attacks require a single successful asset compromise to gain the first access, move laterally and breach the entire environment, leaving legacy VPN and flat networks extremely vulnerable.
“Attackers find success by exploiting weaknesses in corporate supply chains, as well as critical vulnerabilities such as Log4Shell, PrintNightmare, and others,” he says.
“And now that ransomware-as-a-service is available on the dark web, more and more criminals are turning to ransomware, realizing that the opportunity for a big reward is high.”
Zscaler says the tactics and scope of ransomware attacks are evolving steadily, but the end goal is to disrupt an organization and steal sensitive information for ransom.
It says that the size of the ransom often depends on the number of infected systems and the value of the stolen data: the higher the stake, the higher the payment.
In 2019, many ransomware groups updated their tactics to include data exfiltration, also known as double extortion ransomware. A year later, select groups added another layer of attack with distributed denial-of-service (DDoS) tactics that bombard the victim’s website or network, causing more business disruptions and pressuring the victim to negotiate.
Zscaler says the most dangerous ransomware trend this year involves supply chain attacks targeting a vendor’s business and using established connections and shared files, networks, or solutions to stage second-stage attacks on that vendor’s customers. ThreatLabz also noted a nearly 120% increase in victims of double extortion ransomware based on data published on threat actors’ data leak sites.
The company says that as governments worldwide are starting to take ransomware seriously, many threat groups have disbanded and reformed under new names.
For example, DarkSide was renamed BlackMatter, DoppelPaymer was renamed Grief, and Rook was renamed Pandora. But Zscaler says their threat has not diminished; instead, many are now offering their tools for sale on the dark web, increasing their scale through a ransomware-as-a-service business model.
“To minimize the likelihood of a breach and the damage that a successful ransomware attack can cause, organizations must employ in-depth strategies, including reducing the attack surface, adopting a zero trust architecture that can enforce access controls with minimal privileges, and continuously monitoring and inspecting data in all environments,” says Desai.
