Key takeaways from Zscaler's report include:
- Ransomware attacks increased by more than 37% between April 2022 and April 2023.
- The average enterprise ransom payment totaled $100,000, with a $5.3 million average ransom demand.
- The most common ransomware attack targets were businesses in the manufacturing, services and construction sectors.
- Nearly half of all ransomware targets were based out of the United States.
- Twenty-five new ransomware families were identified as using double-extortion or encryption-less extortion attacks in 2023.
Ransomware-as-a-Service (RaaS) Spurs More Cybercrime
With the RaaS business models, cybercriminals can sell their services on the dark web for 70-80% of ransomware profits, Zscaler noted. This model has become popular over the last few years, and cybercriminals are likely to continue to use it to launch ransomware attacks in the foreseeable future.
Deepen Desai, Zscaler's CISO and head of security research, commented on RaaS and why organizations need zero trust protection to guard against ransomware attacks moving forward:
"Ransomware-as-a-service has contributed to a steady rise in sophisticated ransomware attacks. Ransomware authors are increasingly staying under the radar by launching encryption-less attacks which involve large volumes of data exfiltration. Organizations must move away from using legacy point products and instead migrate to a fully integrated zero trust platform that minimizes their attack surface, prevents compromise, reduces the blast radius in the event of a successful attack and prevents data exfiltration."
Tips to Help Organizations Protect Against Ransomware Attacks
Along with using zero trust security solutions, Zscaler offered the following recommendations to help organizations reduce their risk of falling victim to a ransomware attack:
- Develop consistent security policies. Use SSL inspection capabilities, browser isolation, inline sandboxing and policy-driven access controls to prevent threats from reaching end-users.
- Protect against internal and external threats. Combine inline application inspection and identity threat detection and response (ITDR) with deception capabilities to detect, deceive and stop internal and external threats.
- Limit lateral movement. Disconnect applications from the internet and establish a zero trust network access (ZTNA) architecture to minimize an organization's attack surface.
- Stop data theft. Implement inline data loss prevention (DLP) measures with full TLS inspection and inspect data while in transit and at rest to protect against data theft. Also, install security software updates regularly and provide security training to employees.
By using these recommendations, organizations can reduce their risk of being targeted by ransomware and minimize the impact of a ransomware attack if one occurs, Zscaler stated.