Cloud Security company, Zscaler published its annual ThreatLabz Ransomware Report. The report revealed an 80% increase in ransomware attacks year-over-year. The ThreatLabz team evaluated and analyzed a year’s worth of global ransomware data from the Zscaler Zero Trust Exchange, along with intelligence from external sources.
New target: Healthcare industry
The report also shows which industries are the victims of cybercriminals. Manufacturing companies were the primary target of ransomware attacks with approximately 20% of all attacks for the second year in a row. But ransomware gangs also turned their eyes to new sectors. Double-extortion attacks targeting healthcare companies increased by approximately 650% compared to 2021. Another new sector that gained popularity among ransomware gangs is the restaurants and food services industry, which experienced a more than 450% increase in ransomware attacks.
Ransomware gangs are also evolving. Since 2019, gangs improved their methods to include data exfiltration, also known as double extortion ransomware. Some groups are also enhanced their attacks with DDoS attacks to disrupt the victim’s business, pressuring them to negotiate sooner. According to the report, double extortion ransomware attacks were increased by 120%. Another new trend is ransomware-as-a-service, which allows users to hire ransomware gangs to attack a specific target. Zscaler also stated that the following best practices and advanced capabilities can significantly reduce the risk of a ransomware attack.
- Preventing compromise with consistent security policies: With full SSL inspection at scale, browser isolation, inline sandboxing, and policy-driven access control to prevent access to malicious websites.
- Eliminating lateral movement by removing applications from the internet and implementing a zero-trust network access (ZTNA) architecture: By connecting users directly to apps, not the network, to limit the blast radius of an attack.
- Shutting down compromised users and insider threats: By combining inline application inspection and integrated deception capabilities to detect and trick, and stop would-be attackers.
- Stopping data loss: By keeping software and training up-to-date, as well as deploying inline data loss prevention and inspecting data both in motion and at rest will prevent theft by threat actors.
Deepen Desai, CISO of Zscaler said,
« Modern ransomware attacks require a single successful asset compromise to gain initial entry, move laterally, and breach the entire environment, making legacy VPN and flat networks extremely vulnerable. Attackers are finding success exploiting weaknesses across businesses’ supply chains as well as critical vulnerabilities like Log4Shell, PrintNightmare, and others. And with ransomware-as-a-service available on the darkweb, more and more criminals are turning to ransomware, realizing that the odds of receiving a big payday are high.
To minimize the chances of being breached and the damage that a successful ransomware attack can cause, organizations must use defense-in-depth strategies that include reducing the attack surface, adopting zero trust architecture that can enforce least-privilege access control, and continuously monitoring and inspecting data across all environments. »