Cloud security firm Zscaler reported a huge ransomware payout on Tuesday.
The US$75 million payment to the Dark Angels ransomware group was found by Zscaler’s ThreatLabz. This happened earlier this year. The report covers from April 2023 to April 2024.
Zscaler didn’t reveal the name of the company that paid the ransom.
Zscaler’s Director of Threat Intelligence Brett Stone-Gross noticed something unique about Dark Angels.
“They don’t use affiliates like most groups,” he said. “They attack big companies one at a time.”
Dark Angels also steal a lot of data but try to avoid disrupting businesses. They want to stay out of the spotlight to avoid law enforcement and researchers.
The report says Dark Angels’ strategy is worth watching. It predicts other groups might follow their lead.
Zscaler believes these groups will target high-value companies. They will also focus more on stealing data to increase their profits.
Steve Stone from Rubrik said ransomware actors are now stealing data too. “They encrypt and then demand a ransom, and also ask for money for the stolen data,” he explained.
Growing Menace
Zscaler saw a 17.8% increase in blocked ransomware attacks. The number of companies on data leak sites grew by 57.8% despite law enforcement efforts.
Chris Morales from Netenrich said several factors are causing ransomware to grow. These include remote work, cloud adoption, and more sophisticated attacks.
“We’re seeing bigger breaches affecting millions,” he said. “We need a shift in security operations and proactive strategies.”
Stephen Kowski from SlashNext expects more breaches and ransomware attacks in the second half of 2024. He mentioned healthcare, manufacturing, and critical infrastructure as likely targets.
“To fight this, we need to strengthen email security and improve threat detection,” he said.
Related: Best Tech Gifts: Top Gadgets for Everyone{alertSuccess}
Top Sector Targets
Manufacturing, health care, and technology were the main targets for ransomware, the report said. The energy sector saw a 500% increase in attacks.
Manufacturing was the most targeted sector for cyber extortion. It was hit more than twice as much as any other industry.
Stone from Zero Labs said legacy habits in manufacturing make it vulnerable to ransomware.
Marcus Fowler from Darktrace Federal said critical infrastructure and manufacturing are merging their IT and OT systems. This can improve efficiency but also raises security risks.
“With IT/OT convergence expanding attack surfaces, security personnel have increased workloads that make it difficult to keep pace with threats and vulnerabilities,” he told TechNewsWorld.
“The manufacturing industry has been undergoing significant digitization in order to become more agile and efficient,” added Rogier Fischer, CEO of Hadrian, the maker of an automated, event-based scanning solution in Amsterdam.
“The downside is that processes that were effectively air-gapped are now connected to corporate IT systems,” he told TechNewsWorld. “The interconnectivity of OT and IT environments, along with the historically less cyber-aware manufacturing industry, makes the sector an attractive target.”
Need for Zero Trust
Zscaler’s Chief Security Officer Deepen Desai maintains that ransomware defense remains a top priority for CISOs in 2024. “The increasing use of ransomware-as-a-service models, along with numerous zero-day attacks on legacy systems, a rise in vishing attacks, and the emergence of AI-powered attacks, has led to record-breaking ransom payments,” he said in a statement.
“Organizations must prioritize zero trust architecture to strengthen their security posture against ransomware attacks,” Desai added.
Fischer noted that zero trust is part of a mindset shift. “It’s going from the reactive ‘how can I detect an attack underway’ or ‘how can I respond to an incident’ to a proactive ‘how can I keep bad actors out.’ Zero trust and offensive security principles help organizations mitigate cyber risk proactively.”
Cybersecurity prioritization and investment before a cybercriminal strike is critical for organizations of all sizes, added Anne Cutler, a cybersecurity evangelist at Keeper Security, a password management and online storage company in Chicago.
“A zero-trust security model with least privileged access and strong data backups will limit the blast radius if a cyberattack occurs,” she told TechNewsWorld. “Strong identity and access management on the front end will help prevent the most common cyberattacks that can lead to a disastrous data breach.”
Steve Hahn, executive vice president for the Americas of BullWall, a provider of ransomware containment, protection, and mitigation solutions in Denmark, cautioned that while zero trust will lessen the chances of an attack, the journey is long. “Zero-day attacks, shadow IT, personal devices, IoT devices, these are all attack vectors for ransomware,” he told TechNewsWorld, “and once the encryption begins at the shared drives, whether those are cloud or local, it’s only a matter of time before all of the data is encrypted, even with zero-trust network architecture in place.”