Transportation services, manufacturing and real estate sectors were the top targets of ransomware attacks in Australia, according to Zscaler’s ThreatLabz 2024 Ransomware Report, undertaken between April 2023 and April 2024.

Findings in the report uncovered an 18% overall increase in ransomware attacks year-over-year, as well as a record-breaking ransom payment of $US75 million – nearly double the highest publicly known ransomware payout – to the Dark Angels ransomware group.

ThreatLabz believes Dark Angels’ success will drive other ransomware groups to use similar tactics, reinforcing the need for organisations to prioritise protection against rising and ever-more costly ransomware attacks. 

“The cyber threat landscape is constantly evolving, and we are regularly seeing Australia placing in the top countries in ransomware, phishing and encrypted attacks. The increasing use of ransomware-as-a-service models, along with numerous zero-day attacks on legacy systems, and the emergence of AI-powered attacks reiterates the need for a Zero Trust approach,” said Eric Swift, Area Vice President, ANZ at Zscaler.

“Ransomware remains a persistent threat and with the emergence of new technologies organisations must prioritise Zero Trust architecture to strengthen their security posture against ransomware attacks. The findings show a proactive approach with an AI-powered Zero Trust platform like Zscaler is critical to addressing these evolving threats.”   

“Ransomware defense remains a top priority for CISOs in 2024. The increasing use of ransomware-as-a-service models, along with numerous zero-day attacks on legacy systems, a rise in vishing attacks and the emergence of AI-powered attacks, has led to record breaking ransom payments,” said Deepen Desai, Chief Security Officer at Zscaler.

Globally, the manufacturing industry was by far the most targeted according to the report, facing more than twice as many attacks as any other industry. 

Industries face unique ransomware challenges based on how they operate, handle data, and their technology infrastructure. Despite the variables, ransomware extortion attacks have consistently surged, with the number of victim companies listed on data leak sites increasing by nearly 58% since last year’s ransomware report.

Following manufacturing, the most targeted industries were healthcare, technology and education.

The United States once again faced a higher volume of ransomware attacks than any other country, accounting for nearly half of all incidents globally. Locally, the report unveiled Australia as the seventh most targeted country accounting for 2% of attacks, experiencing a year-over-year increase of 5.8%. In APAC, Australia was the most impacted by ransomware attacks followed by India, Japan and Thailand. 

Most active ransomware families 

While ransomware and other cyberthreats continue to evolve in complexity and sophistication, staying informed about the most prevalent and dangerous ransomware families is crucial for maintaining an effective security posture. 

ThreatLabz identified the most active ransomware families: 

• LockBit (22%) 

• BlackCat (aka ALPHV) (9%) 

• 8Base (8%) 

Top five ransomware families to watch in 2024-2025: 

1. Dark Angels 

2. LockBit 

3. BlackCat 

4. Akira 

5. Black Basta