A recently released report tracks trends and impacts of ransomware attacks including encryption-less extortion and growth of ransomware-as-a-service.

Zscaler, Inc. released the 2023 ThreatLabz Ransomware Report which tracks the ongoing increase in complex ransomware attacks and spotlights recent ransomware trends, including the targeting of public entities and organizations with cyber insurance, growth of ransomware-as-a-service (RaaS) and encryption-less extortion. Since April 2022, ThreatLabz has identified thefts of several terabytes of data as part of several successful ransomware attacks, which were then used to extort ransoms. 

The evolution of ransomware is characterized by the inverse relationship between attack sophistication and barrier of entry for new cybercriminal groups. The barrier of entry has decreased, while cyberattacks have grown in sophistication, due to the prevalence of RaaS, a model where threat actors sell their services on the dark web for 70-80% of ransomware profits. This business model has continued to increase in popularity over the last few years as evidenced by the frequency of ransomware attacks, which increased by nearly 40% over the last year. One of the most noteworthy trends that aligned with this growth in 2023 has been the growth of encryption-less extortion, a style of cyberattack that prioritizes data exfiltration over disruptive encryption methods. 

Key report highlights

• The United States was the target for nearly half of ransomware campaigns over the last 12 months.
• Organizations in the arts, entertainment and recreation industry experienced the largest surge in ransomware attacks, with a growth rate of more than 430%.
• The manufacturing sector remains the most targeted industry vertical, accounting for nearly 15% of total ransomware attacks. It is followed by the services sector, which experienced approximately 12% of the total quantity of ransomware attacks last year.
• 25 new ransomware families were identified as using double extortion or encryption-less extortion attacks this year.

Top countries targeted by ransomware

The United States was the most targeted country by double-extortion ransomware attacks, with 40% of all victims calling this region home. The following three countries combined, Canada, United Kingdom and Germany, had less than half of the attacks that targeted U.S. entities. The most prevalent ransomware families that Zscaler ThreatLabz has been tracking include BlackBasta, BlackCat, Clop, Karakurt, and LockBit, all of which pose a significant threat of financial losses, data breaches, and operational disruption to individuals and organizations of all sizes.