2022 ThreatLabz State of Ransomware Report

If it feels like ransomware is always in the news, it isn’t just media bias: the Zscaler ThreatLabz research team has found that ransomware attacks increased by yet another 80% between February 2021 and March 2022 compared to the previous year, setting new records for both the volume of attacks and the cost of damages.

Ransomware is more and more attractive to attackers, who are able to wage increasingly profitable campaigns based on three major trends:

• Supply chain attacks that exploit trusted vendor relationships to breach organizations and multiply the damage of attacks by enabling threat actors to hit multiple (sometimes hundreds or thousands) of victims at the same time.
• Ransomware as a service that uses affiliate networks to distribute ransomware on a wide scale, allowing hackers who are experts in breaching networks to share profits with the most advanced ransomware groups.
• Multiple-extortion attacks that utilize data theft, distributed denial of service (DDoS) attacks, customer communications, and more as layered extortion tactics to increase ransom payouts.

These tactics add up to be very damaging. Industry experts predict that ransomware will be the top tactic used in third-party breaches and supply chain attacks in 2022, and that the global cost of ransomware damages will grow to $42 billion by 2024.

These trends have pushed ransomware even further up the list of cybersecurity priorities for organizations across industries. Aimpoint’s “The CISOs Report,” 2022 found that ransomware is the single highest threat that CISOs around the world are most concerned about.

How can you identify and defend against the latest ransomware variants? This report should help.

ThreatLabz analyzes data from more than 200 billion daily transactions and 150 million daily blocked attacks across the Zscaler Zero Trust Exchange along with Zscaler ThreatLabz threat intelligence to track prevalent threat families, identify emerging trends, and improve protections for Zscaler customers. In this report, ThreatLabz looked at ransomware data from February 1, 2021, through March 31, 2022, to identify the most prolific ransomware families and their tactics. We will share our findings, predictions, and best practices guidance to help inform your ransomware defense strategies.