Zscaler's annual ThreatLabz Ransomware Report reveals ransomware attacks have increased by 80% year-over-year, with ransomware-as-a-service being used by eight of the top 11 ransomware families.
The report found the healthcare industry experienced the most significant jump in attacks with a nearly 650% increase, while the restaurant and food service industry saw a 450% increase. Additionally, one in five ransomware attacks targeted manufacturing, making it the most targeted industry for the second year in a row.
Zscaler says in 2022, the most prevalent ransomware trends include:
- Supply chain attacks
- Ransomware rebranding
- Geo-political incited ransomware attacks
Its report analyses over a year's worth of data from the largest security cloud in the world, which processes more than 200 billion daily transactions and 150 million daily blocked attacks across the Zscaler Zero Trust Exchange.
Zscaler CISO Deepen Desai says modern ransomware attacks require a single successful asset compromise to gain initial entry, move laterally, and breach the entire environment, making legacy VPN and flat networks extremely vulnerable,
"Attackers are finding success exploiting weaknesses across businesses' supply chains as well as critical vulnerabilities like Log4Shell, PrintNightmare, and others," he says.
"And with ransomware-as-a-service available on the dark web, more and more criminals are turning to ransomware, realising that the odds of receiving a big payday are high."
Zscaler says the tactics and scope of ransomware attacks have been steadily evolving, but the end goal is to disrupt an organisation and steal sensitive information for ransom.
It says the size of the ransom often depends on the number of systems infected and the value of the data stolen: the higher the stakes, the higher the payment.
In 2019, many ransomware groups updated their tactics to include data exfiltration, commonly referred to as a double extortion ransomware. A year later, select groups added another attack layer with distributed denial of service (DDoS) tactics that bombard the victim's website or network, creating more business disruption, thus pressuring the victim to negotiate.
Zscaler says this year the most dangerous ransomware trend involves supply chain attacks targeting a supplier's business and using established connections and shared files, networks, or solutions for second-stage attacks on that supplier's customers. ThreatLabz also noted nearly a 120% increase in double-extortion ransomware victims based on data published on threat actors' data leak sites.
The company says that as governments worldwide start to take ransomware seriously, many threat groups have disbanded and reformed under new names.
For example, DarkSide rebranded as BlackMatter, DoppelPaymer rebranded as Grief, and Rook rebranded as Pandora. But Zscaler says their threat has not diminished, instead, many are now offering their tools for sale on the dark web, increasing their scale through a ransomware-as-a-service business model.
"To minimise the chances of being breached and the damage that a successful ransomware attack can cause, organizations must use defense-in-depth strategies that include reducing the attack surface, adopting zero trust architecture that can enforce least-privilege access control, and continuously monitoring and inspecting data across all environments," says Desai.