Record-breaking $75 million ransom paid to cybercrime group
Ransomware attacks have reached new heights of ambition and audacity over the past year, marked by a notable surge in extortion attacks, according to a Zscaler.
The findings from the report uncovered a record-breaking ransom payment of $75 million to the Dark Angels ransomware group, which is nearly double the highest publicly known ransomware payout, and an overall 18% increase in ransomware attacks year-over-year. ThreatLabz believes Dark Angels’ success will drive other ransomware groups to use similar tactics, placing a higher need for organizations to prioritize protection against rising and ever more costly ransomware attacks.
“This is an alarmingly high figure, and most organizations would never believe cybercrime could cost them so much or that they would ever be in a position where paying millions to an attacker is even a possibility. But that’s the harsh reality of attacks today. Organizations can’t operate when they lose their digital access, so when they are infected with ransomware, they are forced to make one of two decisions – pay the attackers and hope the issue is resolved or accept the data losses and rebuild everything from scratch,” Ryan McConechy, CTO of Barrier Networks, told Help Net Security
Ransomware actors often beyond law enforcement reach
Despite law enforcement takedowns of multiple initial access brokers under special ops “Operation Endgame” and “Operation Duck Hunt,” many of the largest active ransomware families continue to rapidly regroup and launch new attacks while barely skipping a beat. Unfortunately, many ransomware actors are beyond the reach of law enforcement, making them virtually immune to criminal prosecution.
The rise in ransomware activity translates to significant disruptions and financial impacts to victim organizations of all sizes. These attacks often disrupt business operations, causing extended downtime, substantial data loss, and high recovery costs.
“Ransomware defense remains a top priority for CISOs in 2024. The increasing use of Ransomware-as-a-Service models, along with numerous zero-day attacks on legacy systems, a rise in vishing attacks, and the emergence of AI-powered attacks, has led to record breaking ransom payments,” said Deepen Desai, Chief Security Officer at Zscaler.
“Organizations must prioritize zero trust architecture to strengthen their security posture against ransomware attacks. This is where an AI-powered zero trust platform helps organizations fast track their segmentation journey, reducing the blast radius as well as shutting down unknown vectors for future AI-driven attacks,” Desai continued.
Top industries affected by ransomware
Ransomware attacks pose significant risks to businesses of all sizes and industries. The manufacturing industry was by far the most targeted, accounting for more than double any other industry.
Different industries face unique ransomware challenges based on how they operate, handle data, and their technology infrastructure. Despite the variables, ransomware extortion attacks have consistently surged, with the number of victim companies listed on data leak sites increasing by nearly 58% since last year’s report.
Most targeted industries in ransomware attacks:
- Manufacturing
- Healthcare
- Technology
- Education
- Financial service
The United States faced a markedly higher volume of ransomware attacks than any other country, accounting for about 50% of all incidents globally. In comparison, the United Kingdom was the second-most targeted nation, experiencing nearly 6% of ransomware attacks, followed by Germany (4.09%), Canada (3.51%), and France (3.26%).
When comparing year-over-year change in ransomware attacks, the US, Italy, and Mexico saw the highest increase in ransomware attacks, with staggering rises of 93%, 78%, and 58%, respectively.
Most active ransomware families
While ransomware and other cyberthreats continue to evolve in complexity and sophistication, staying informed about the most prevalent and dangerous ransomware families is crucial for maintaining an effective security posture.
ThreatLabz identified the most active ransomware families:
Predictions for 2025
- Ransomware threat actors will adopt highly targeted attack strategies.
- Targeted attacks will increasingly involve voice-based social engineering.
- Ransomware attackers will increasingly adopt GenAI to create more effective, personalized, and localized campaigns.
- More cybersecurity incidents will be reported in line with new SEC rules.
- High-volume data exfiltration ransomware attacks will be on the rise.
- Companies in the healthcare sector, especially, will continue to face persistent targeting by ransomware groups.
- International collaboration against cybercrime organizations will build upon existing efforts.