Ransomware Attacks Have Surged by 40% Since 2022, Report Finds

A recent report by Zscaler has revealed that ransomware attacks have increased by almost 40 per cent this year with the average ransom payment exceeding $100,000 in 2023. 

This year’s 2023 ThreatLabz Ransomware Report traced the ongoing increase in complex ransomware attacks and highlighted recent ransomware trends, including the targeting of public entities and organisations with cyber insurance, growth of ransomware-as-a-service (RaaS), and encryption-less extortion. 

Since April 2022, ThreatLabz has identified thefts of several terabytes of data as part of several successful ransomware attacks, which were then used to extort ransoms. 

The manufacturing sector remains the most targeted industry of all sectors, according to the report, accounting for 15 per cent of all ransomware attacks in 2023. I

It is followed by the services sector, which experienced approximately 12% of the total quantity of ransomware attacks last year.

A decreased barrier to entry 

The report comes weeks after the hacktivist group Cl0p was able to steal sensitive data from hundreds of companies around the world by exploiting a vulnerability in the file transfer software MoveIT. 

The evolution of ransomware has been characterised by the inverse relationship between attack sophistication and the barrier of entry for new cybercriminal groups.

The barrier of entry has decreased, while cyberattacks have grown in sophistication, due to the prevalence of RaaS, a model where threat actors sell their services on the dark web for 70 to 80 per cent of ransomware profits. 

This business model has continued to increase in popularity over the last few years as evidenced by the frequency of ransomware attacks, which increased by nearly 40% over the last year. 

“Ransomware-as-a-Service has contributed to a steady rise in sophisticated ransomware attacks,” said Deepen Desai, Global CISO and Head of Security Research ar Zscaler. 

Ransomware authors are increasingly staying under the radar by launching encryption-less attacks which involve large volumes of data exfiltration. 

Deepen Desai, Global CISO and Head of Security Research ar Zscaler

“Organisations must move away from using legacy point products and instead migrate to a fully integrated zero trust platform that minimizes their attack surface, prevents compromise, reduces the blast radius in the event of a successful attack, and prevents data exfiltration.”

Encryptionless extortion

One of the most noteworthy trends that aligned with the rise of ransomware has been the growth of encryptionless extortion  – where hackers prioritise data exfiltration over disruptive encryption methods. 

While this threat is affecting organisations around the world Zscaler found The United States was the most targeted country by double-extortion ransomware attacks, account 40 per cent of all victims last year. 

The following three countries combined, Canada, the United Kingdom, and Germany, had less than half of the attacks that targeted U.S. entities. 

The reason these types of attacks are popular is that after they encrypt the stolen data, attackers threaten to leak the data online to further increase the pressure on victims to pay.

 The increasing popularity of Encryptionless Extortion attacks, which skip over the process of encryption, employs the same tactic of threatening to leak victims’ data online if they don’t pay. 

This tactic results in faster and larger profits for ransomware gangs by eliminating software development cycles and decryption support. 

These attacks are also harder to detect and receive less attention from the authorities because they do not lock key files and systems or cause downtime associated with recovery.

Read Zscaler's full report here