Zscaler Reports 18% Increase in Ransomware Attacks

Zscaler published its annual Zscaler ThreatLabz 2024 Ransomware Report, which analyzed the ransomware threat landscape from April 2023 through April 2024. Findings in the report uncovered an 18% overall increase in global ransomware attacks year-over-year, with healthcare and education industries among the hardest hit sectors and the public sector also experiencing a substantial year-over-year increase.

“Ransomware defense remains a top priority for CISOs in 2024 and beyond. The increasing use of ransomware-as-a-service models, along with numerous zero-day attacks on legacy systems, a rise in vishing attacks and the emergence of AI-powered attacks, has led to record breaking ransom payments,” said Deepen Desai, Chief Security Officer at Zscaler. “Organizations must prioritize Zero Trust architecture to strengthen their security posture against ransomware attacks. This is where an AI-powered Zero Trust platform like Zscaler helps organizations fast-track their segmentation journeys, reducing the blast radius as well as shutting down unknown vectors for future AI-driven attacks.”

Sectors like healthcare, education, and government are particularly vulnerable, as a single attack can cripple critical operations, expose sensitive information, and, in the most severe cases, put lives at risk. Not surprisingly, the healthcare sector emerges as the second-most targeted industry by ransomware attacks behind manufacturing. The sensitive and critical nature of healthcare data, combined with the sector’s reliance on medical devices and timely access to patient records, render it especially attractive to ransomware threat actors.

Educational institutions face mounting pressure as the fourth-most affected sector by ransomware. Between April 2023 and April 2024, educational organizations were hit by 217 ransomware attacks, marking a year-over-year increase of more than 35%. This surge highlights a troubling trend: cybercriminals are progressively targeting schools, colleges, and universities—and their troves of sensitive student data. The financial stakes for these institutions are enormous as they not only face ransom payments, but also grapple with significant costs associated with data recovery efforts and system restoration. Several factors contribute to the education sector’s heightened vulnerability, with one of the most critical being limited cybersecurity budgets. However, as ransomware increasingly targets educational institutions, the pressure is mounting to invest in robust security solutions to safeguard against the costly repercussions of ransomware attacks.

Government organizations experienced 95 ransomware attacks between April 2023 and April 2024. This 48% year-over-year spike in ransomware attacks is a clear signal that government organizations must strengthen their ransomware protection strategies. As ransomware groups evolve their tactics, it is crucial for all public sector entities to fortify not only their internal networks but also the interconnected digital ecosystems that include third-party contractors.

The latest findings from the ThreatLabz 2024 Ransomware Report are a wake-up call for healthcare, education, and public sector organizations. These sectors are fundamental to the fabric and functioning of society, yet they are among the most vulnerable to ransomware attacks due to the sensitive data they handle, often outdated systems, and the critical services they provide.

“Organizations operating within these essential sectors in MEA are well advised to take decisive action“, said Saeed Agha, VP EMEA Emerging Markets at Zscaler. “Reevaluating the current security posture and reinforcing defenses to combat ransomware starts with the adoption of a zero trust architecture.”