Zscaler 2023 Ransomware Report Shows a Nearly 40% Increase in Global Ransomware Attacks

Zscaler, Inc., a San Jose-based cloud security vendor, has released its 2023 “ThreatLabz” Ransomware Report tracking the ongoing increase in complex ransomware attacks and spotlights recent ransomware trends, including the targeting of public entities and organizations with cyber insurance, growth of ransomware-as-a-service (RaaS), and encryption-less extortion. Since April 2022, ThreatLabz has identified thefts of several terabytes of data as part of several successful ransomware attacks, which were then used to extort ransoms.

The evolution of ransomware is characterized by the inverse relationship between attack sophistication and barrier of entry for new cybercriminal groups. The barrier of entry has decreased, while cyberattacks have grown in sophistication, due to the prevalence of RaaS, a model where threat actors sell their services on the dark web for 70-80% of ransomware profits, according to the report. This business model has continued to increase in popularity over the last few years as evidenced by the frequency of ransomware attacks, which increased by nearly 40% over the last year. One of the most noteworthy trends that aligned with this growth in 2023 has been the growth of encryption-less extortion, a style of cyberattack that prioritizes data exfiltration over disruptive encryption methods.

“Ransomware-as-a-Service has contributed to a steady rise in sophisticated ransomware attacks,” said Deepen Desai, Global CISO and Head of Security Research at Zscaler. “Ransomware authors are increasingly staying under the radar by launching encryption-less attacks which involve large volumes of data exfiltration.”

The United States was the most targeted country by double-extortion ransomware attacks, with 40% of all victims calling this region home. The following three countries combined, Canada, United Kingdom, and Germany, had less than half of the attacks that targeted U.S. entities. The most prevalent ransomware families that Zscaler ThreatLabz has been tracking include BlackBasta, BlackCat, Clop, Karakurt, and LockBit, all of which pose a significant threat of financial losses, data breaches, and operational disruption to individuals and organizations of all sizes.

The manufacturing sector remains the most targeted industry vertical, accounting for nearly 15% of total ransomware attacks. It is followed by the services sector, which experienced approximately 12% of the total quantity of ransomware attacks last year. Organizations in the arts, entertainment, and recreation industry experienced the largest surge in ransomware attacks, with a growth rate over 430%.

The ThreatLabz team evaluated data from the Zscaler security cloud, which monitors over 500 trillion daily signals and blocks 8 billion threats a day with over 250K security updates made daily. ThreatLabz analyzed a year’s worth of global phishing data from the Zscaler cloud from April 2022 to April 2023 to identify key trends, industries and geographies at risk, and emerging tactics. This year, the ThreatLabz team also supplemented its own analysis of ransomware samples and attack data with external intelligence sources.

Channel Impact^®
The annual ThreatLabz Ransomware Report helps partners to track trends and impacts of ransomware attacks, including encryption-less extortion and the growth of Ransomware-as-a-Service.