Ransomware Attack Fetched A Record $75 Million
LAS VEGAS — Ransomware attacks are escalating in scale and frequency. But one recent payout, a record $75 million by a victimized Fortune 50 company, trumped a surge in extortion attacks that are likely to only increase, according to a new report from Zscaler Inc.’s ThreatLabz research.
“Stolen data and extortion is going up exponentially,” Brett Stone-Gross, Zscaler’s senior director of threat intelligence, said in an interview. He noted an 18% increase in ransomware attacks year-over-year, led by outfits such as Dark Angels, LockBit, and BlackCat.
Dark Angels was behind the $75 million hit — nearly double the highest publicly known ransom payment — prompting warnings from ThreatLabz experts that the payoff will give rise to other ransomware groups using similar tactics. [Zscaler did not disclose the name of the record-setting extortion scheme.]
Indeed, ransomware payments eclipsed $1 billion last year, highlighting the escalating financial impact
of such cybercrimes.
The U.S. remains the top country target of ransomware, accounting for about half of overall attacks that center on manufacturing, healthcare, and technology sectors, ThreatLabz said. It identified 19 new ransomware families during the analysis period, bringing the total number to 391 since tracking started.
The U,S,, Italy and Mexico suffered the highest increase in ransomware attacks, year-over-year, with increases of 93%, 78% and 58%, respectively.
“Ransomware defense remains a top priority for CISOs in 2024. The increasing use of ransomware-as-a-service models, along with numerous zero-day attacks on legacy systems, a rise in vishing attacks and the emergence of AI-powered attacks, has led to record breaking ransom payments,” Deepen Desai, chief security officer at Zscaler, said in a statement.
Contours of ransomware tactics are becoming more sophisticated and bolder, Zscaler said. Attacks have “surpassed the traditional boundaries of the corporations they attack, even going so far as to target the children of executives to provoke faster and higher ransoms,” the report said.
While law enforcement operations such as “Operation Endgame” and “Operation Duck Hunt” made dents in ransonware operations, many of the largest active ransomware families continue to rapidly regroup and launch new attacks, Zscaler added.
“It is the continued expansion of cyber-industry. Everything is integrated, and it [ransonware, phishing] is accelerating,” Dave DeWalt, chief executive of venture-capital firm NightDragon, said in an interview at Black Hat 2024. “AI has increased the attack surface.”