ThreatLabZ Ransomware Review: The Advent of Double Extortion

For businesses around the world, 2020 was a year of change and disruption for reasons that go beyond the pandemic: ransomware was on the rise in a big way and underwent more change and innovation in 2020 than it had in a decade. Double extortion, third-party attacks, and DDoS techniques emerged, pushing ransomware even further up the list of cybersecurity concerns for organizations across industries.

Ransomware is one of the most frequent topics of conversation that we have with our customers—and for good reason. Ransomware was the third-most common and second-most damaging1 type of malware attack in 2020, accounting for 27 percent of attacks2 for a total of $1.4B in ransom demands and an average of $1.45M to remediate an incident. With cybercrime up 69 percent compared to 20193, the threat of a ransomware incident weighs heavily on the minds of security leaders, as each incident has the potential to cost millions of dollars in ransom payments, data loss, business disruptions, and reputational damage.

The Zscaler™ ThreatLabZ threat research team analyzes more than 150 billion platform transactions and 100 million blocked attacks every day to understand emerging threats and how to stop them. In 2020, ThreatLabZ observed a notable escalation of ransomware in terms of frequency and the sophistication and severity of incidents, resulting in higher—and more guaranteed—payouts from victims.

In this document, we’ll walk through key ransomware trends that have emerged in the last year and will provide a detailed overview of some of the most prolific ransomware examples to illustrate prevailing attack tactics—helping you to understand what your organization must defend against.