$75 Million Ransomware Payment Exposed in New Zscaler Report

One of nan largest ransomware payouts that’s go nationalist was reported Tuesday by unreality information patient Zscaler.

The US$75 cardinal costs made to nan Dark Angels ransomware group was discovered by Zscaler’s information investigation limb ThreatLabz earlier this year, according to nan company’s yearly ransomware report, which covers a play from April 2023 to April 2024.

Zscaler did not disclose nan sanction of nan institution that paid nan ransom.

“Dark Angels operates otherwise than astir different ransomware groups,” observed Zscaler’s Director of Threat Intelligence Brett Stone-Gross.

“Instead of outsourcing attacks to affiliates, they’re launching nan attacks and doing it astatine a overmuch smaller scale,” he told TechNewsWorld. “Instead of targeting dozens aliases hundreds of companies, they’re going aft very ample companies 1 astatine a time.”

The group besides departs from nan modus operandi of astir of its peers successful different way. “They bargain a ample magnitude of data, but they want to debar business disruption,” Stone-Gross said. “They want to enactment retired of nan headlines because it reduces nan magnitude of scrutiny they will get from rule enforcement and researchers.”

The Dark Angels ransomware group’s strategy of targeting a mini number of high-value companies for ample payouts is simply a inclination worthy monitoring, nan study noted.

Zscaler ThreatLabz predicted that different ransomware groups will return statement of Dark Angels’ occurrence and whitethorn adopt akin tactics. To maximize their financial gains, they will attraction connected high-value targets and summation nan value of information theft.

Data theft has already go portion of nan crippled scheme of galore ransomware actors, added Steve Stone, caput of Zero Labs astatine Rubrik, a world information information and backup package company. “Ransomware actors aren’t conscionable encrypting environments and asking for a ransom,” he told TechNewsWorld. “They’re doing that and stealing information truthful they tin make an extortion demand. It’s efficaciously a double ransom.”

Growing Menace

Zscaler besides reported that nan number of ransomware attacks blocked by its unreality accrued by 17.8% during nan reporting period, and nan number of extorted companies connected information leak sites grew by 57.8% successful nan aforesaid period, contempt galore rule enforcement operations, including nan seizure of infrastructure, arrests, criminal indictments, and sanctions.

Chris Morales, CISO astatine Netenrich, a information operations halfway services supplier successful San Jose, Calif., identified respective factors contributing to nan maturation of ransomware. They see expanded onslaught surfaces owed to distant activity and unreality adoption, much blase ransomware attacks often involving information exfiltration and nan democratization of onslaught devices done ransomware-as-a-service.

“We’re besides seeing larger-scale breaches affecting millions of users astatine once,” he told TechNewsWorld. “This surge not only highlights nan urgent request for a paradigm displacement successful information operations, but it besides underscores nan request for contiguous action, moving towards much proactive, data-driven strategies.”

“We expect breaches and ransomware attacks to proceed expanding successful nan 2nd half of 2024, particularly targeting healthcare, manufacturing, captious infrastructure, and proviso chains,” added Stephen Kowski, section CTO astatine SlashNext, a machine and web information institution successful Pleasanton, Calif.

“Recent high-profile incidents, specified arsenic nan wellness attraction and car dealership vendor hacks, item nan ongoing vulnerabilities,” he told TechNewsWorld. “To combat this, organizations request to attraction connected strengthening email security, implementing zero-trust architectures, and improving threat discovery and consequence capabilities.”

Top Sector Targets

Manufacturing, wellness care, and exertion were nan apical sectors targeted by ransomware attacks, according to nan report, while nan power assemblage knowledgeable a 500% year-over-year spike arsenic captious infrastructure and susceptibility to operational disruptions make it peculiarly charismatic to cybercriminals.

Among nan apical targets for cyber extortion, manufacturing led nan pack. It was targeted much than doubly arsenic overmuch arsenic immoderate different industry.

“Many manufacturing organizations person been astir for a agelong time, and there’s a batch of bequest habits that do not service them good erstwhile it comes to ransomware,” noted Stone of Zero Labs.

Marcus Fowler, CEO of Darktrace Federal, a world cybersecurity AI company, explained that captious infrastructure providers and manufacturing companies are progressively pursuing accusation exertion and operational exertion convergence arsenic nan information postulation and study benefits tin dramatically amended accumulation efficiency, maintenance, and scaling.

“With IT/OT convergence expanding onslaught surfaces, information unit person accrued workloads that make it difficult to support gait pinch threats and vulnerabilities,” he told TechNewsWorld.

“The manufacturing manufacture has been undergoing important digitization successful bid to go much agile and efficient,” added Rogier Fischer, CEO of Hadrian, nan shaper of an automated, event-based scanning solution successful Amsterdam.

“The downside is that processes that were efficaciously air-gapped are now connected to firm IT systems,” he told TechNewsWorld. “The interconnectivity of OT and IT environments, on pinch nan historically little cyber-aware manufacturing industry, makes nan assemblage an charismatic target.”

Need for Zero Trust

Zscaler’s Chief Security Officer Deepen Desai maintains that ransomware defense remains a apical privilege for CISOs successful 2024. “The expanding usage of ransomware-as-a-service models, on pinch galore zero-day attacks connected bequest systems, a emergence successful vishing attacks, and nan emergence of AI-powered attacks, has led to record-breaking ransom payments,” he said successful a statement.

“Organizations must prioritize zero spot architecture to fortify their information posture against ransomware attacks,” Desai added.

Fischer noted that zero spot is portion of a mindset shift. “It’s going from nan reactive ‘how tin I observe an onslaught underway’ aliases ‘how tin I respond to an incident’ to a proactive ‘how tin I support bad actors out.’ Zero spot and violative information principles thief organizations mitigate cyber consequence proactively.”

Cybersecurity prioritization and finance earlier a cybercriminal onslaught is captious for organizations of each sizes, added Anne Cutler, a cybersecurity evangelist astatine Keeper Security, a password guidance and online retention institution successful Chicago.

“A zero-trust information exemplary pinch slightest privileged entree and beardown information backups will limit nan blast radius if a cyberattack occurs,” she told TechNewsWorld. “Additionally, beardown personality and entree guidance connected nan beforehand extremity will thief forestall nan astir communal cyberattacks that tin lead to a disastrous information breach.”

However, Steve Hahn, executive vice president for nan Americas of BullWall, a supplier of ransomware containment, protection, and mitigation solutions successful Denmark, cautioned that while zero spot will surely lessen nan chances of an attack, nan travel is typically very agelong for customers and still not a metallic bullet.

“Zero-day attacks, protector IT, individual devices, IoT devices, these are each onslaught vectors for ransomware,” he told TechNewsWorld, “and erstwhile nan encryption originates astatine nan shared drives, whether those are unreality aliases local, it’s only a matter of clip earlier each of nan information is encrypted, moreover pinch zero-trust web architecture successful place.”