Zscaler just uncovered what could be the largest ransomware payment of all time

Ransomware attacks continued to surge over the previous year, with a new record for the largest publicly recorded ransom payment signaling the digital extortion industry is as healthy as ever.

New research from Zscaler’s threat intelligence arm ThreatLabz found there was an 18% increase in the volume of ransomware attacks for the period between April 2023 and 2024.

The report noted the number of victim organizations listed on data leak sites increased by nearly 58% since the previous year’s investigation, warning it had identified 19 new ransomware families, taking the total number to 391 since it started tracking these groups.

ThreatLabz reported its analysis also detected a record-breaking ransom payment of $75 million dollars, nearly double the size of the previous record holder for the largest publicly disclosed ransom payment.

This was made to the Dark Angels group, an organization that is gaining notoriety in the digital extortion space, and ThreatLabz predicted that their success will push other groups to implement similar tactics.

Ryan McConechy, CTO of Barrier Networks, said he was concerned by the size of the new figure, adding that it underscores just how helpless organizations are when they lose digital access.

“This is an alarmingly high figure, and most organizations would never believe cyber crime could cost them so much, or that they would ever be in a position where paying millions to an attacker is even a possibility. But that’s the harsh reality of attacks today,” he noted.

“Organizations can’t operate when they lose their digital access, so when they are infected with ransomware, they are forced to make one of two decisions – pay the attackers and hope the issue resolves or accept the data losses and rebuild everything from scratch.

The US was targeted in half of all global ransomware attacks between April 2023 and April 2024, Zscaler revealed, with LockBit and BlackCat remaining the dominant players in the extortion industry

ThreatLabz also identified the top industries targeted by ransomware collectives during the previous year. It found organizations in the manufacturing, healthcare, technology, education, and financial services sectors were the most likely to be hit with a ransomware attack. 

It noted organizations in the US saw almost half of all the ransomware attacks launched during this period, accounting for 49.95% of global attacks, with the UK (5.92%), Germany (4.09%), Canada (3.51%), and France (3.26%) being the next most popular targets, but  some way behind their American counterparts.

The research found the most active ransomware families were still dominated by long-standing operations like LockBit and BlackAlpha, accounting for 22% and 9% of global ransomware activity respectively. 

Zscaler provided a list of the top ransomware families to watch out for, listing Dark Angels, LockBit, BlackCat, Akira, and BlackBasta, as the groups enterprises should be aware of ahead of the coming year.

Commenting on the research, Deepen Desai, CSO at Zscaler, said the growth of ransomware as a service models and attack vectors such as vishing and AI-powered attacks has helped cyber criminals move from strength to strength and given them extra leverage when negotiating payments.

“Ransomware defense remains a top priority for CISOs in 2024. The increasing use of ransomware as a service models, along with numerous zero-day attacks on legacy systems, a rise in vishing attacks and the emergence of AI-powered attacks, has led to record breaking ransom payments,” he explained.

“Organizations must prioritize Zero Trust architecture to strengthen their security posture against ransomware attacks. This is where an AI-powered Zero Trust platform like Zscaler helps organizations fast-track their segmentation journeys, reducing the blast radius as well as shutting down unknown vectors for future AI-driven attacks.”