Nearly 120% growth in double extortion ransomware attacks

Manufacturers most targeted

Zscaler, a leader in cloud security, has released the results of its annual ThreatLabz Ransomware report, which shows that ransomware attacks have increased by 80% year-over-year.

By 2022, the most common ransomware trends were double extortion, supply chain attacks, ransomware-as-a-service, ransomware rebranding, and geopolitical ransomware attacks. The report analyzes more than a year’s data from the world’s largest security cloud, which handles more than 200 billion daily transactions and 150 million daily blocked attacks from the Zscaler Zero Trust Exchange. The report highlights the sectors most targeted by cybercriminals, explains the damage caused by double extortion and supply chain attacks, and catalogs the ransomware groups that are currently most active.

“Modern ransomware attacks require a successfully compromised asset to gain initial access, move sideways, and thus access the entire environment, leaving older VPNs and flat networks extremely vulnerable,” said Deepen Desai, CISO of Zscaler. “Attackers are successful in exploiting vulnerabilities in the company’s supply chains, as well as critical vulnerabilities such as Log4Shell, PrintNightmare and others. Ransomware-as-a-service, available on the dark web, is turning more and more criminals into ransomware that the chance of a high reward is great. “

The tactics and scope of ransomware attacks are steadily evolving, but the ultimate goal remains the disruption of the affected organization and the theft of sensitive information to ransom. The size of the ransom often depends on the number of infected systems and the value of the stolen data: the higher the bet, the higher the payment. In 2019, many ransomware groups have updated their tactics to include data filtering, also known as “double-blackmail” ransomware. A year later, select groups added another layer of attacks using distributed denial-of-service (DDoS) tactics that bombarded the victim’s website or network, disrupted businesses, and forced the victim to negotiate.

The most dangerous ransomware trend this year is the supply chain attack, which targets suppliers and uses existing connections and shared files, networks or solutions for second phase attacks on that supplier’s customers. ThreatLabz also noted a nearly 120% increase in the number of victims of double-blackmail ransomware based on data published on the data breach sites.

For the second year in a row, manufacturers were the most targeted with almost every fifth ransomware attack targeting these manufacturing companies. Attacks on other sectors, however, are rising sharply. The growth rate of attacks on health facilities was particularly striking, with double extortion attacks growing by almost 650% compared to 2021. This was followed by the restaurant and food industry, which saw an increase of more than 450% in ransomware.

With governments around the world taking ransomware seriously, many attack groups have been disbanded and returned under new names. For example, DarkSide has become BlackMatter, DoppelPaymer has become Grief, and Rook has become Pandora. However, the threat has not diminished, although their tactics have changed. Instead, many now offer their tools for sale on the dark web, increasing their scale through a ransomware-as-a-service business model.

Earlier this year, the United States issued a statement warning of possible malicious cyber-activity against the United States in response to economic sanctions against Russia. The declaration called for immediate action to strengthen cyber security in both public and private organizations. Other countries that support Ukraine have issued similar warnings. To date, ThreatLabz has identified several attacks, such as the use of PartyTicket ransomware and HermeticWiper malware against Ukraine, and attacks by the Conti threat group against several government agencies. ThreatLabz continues to monitor geopolitical attacks.

Desai added: “To minimize the likelihood of a breach and the damage that a successful ransomware attack can cause, organizations must apply deep defense strategies, including reducing the attack surface and adopting a zero-trust architecture that supports access control with can enforce minimal privileges, and continuous monitoring and inspection of data in all environments remains important. “

How Zscaler Zero Trust Exchange can prevent ransomware attacks
The Zscaler Zero Trust Exchange integrates ransomware prevention controls into a holistic zero-confidence architecture that disrupts all stages of the attack and minimizes damage. The following best practices and advanced features can significantly reduce the risk of a ransomware attack:

  • Prevent breaches with a consistent security policy: With full-scale SSL inspection, browser isolation, inline sandboxing, and policy-driven access control to prevent access to malicious websites.
  • Eliminate lateral movement by removing applications from the Internet and implementing a Zero Trust Network Access (ZTNA) architecture: By connecting users directly to apps, not the network, to limit the explosion radius of an attack.
  • Eliminate compromised users and threats from within: By combining inline application inspection and integrated fraud features to detect, deceive and stop potential attackers.
  • Stop data loss: by keeping software and training up to date, as well as implementing inline prevention of data loss and inspection of data, both in motion and at rest, theft from threatening actors is prevented

Read the ThreatLabz State of Ransomware Report 2022 to learn more about ransomware and threat protection and develop an action plan.

Leave a Comment