Ransomware Surges as Attempts Spike 146% Amid Aggressive Extortion Tactics
Zscaler (NASDAQ: ZS) has released its annual ThreatLabz 2025 Ransomware Report, revealing a dramatic 146% surge in ransomware attacks blocked by their cloud platform. The report highlights a significant shift in attack strategies, with threat actors increasingly focusing on data extortion over encryption. Key findings show that ransomware groups stole 238 TB of data, representing a 92% increase year-over-year.
The report identifies Manufacturing, Technology, and Healthcare as the most targeted sectors, with the Oil & Gas industry experiencing a remarkable 935% increase in attacks. The United States remains the primary target, accounting for 50% of all attacks with 3,671 incidents. RansomHub emerged as the most active group with 833 publicly named victims, followed by Akira (520) and Clop (488).
Zscaler (NASDAQ: ZS) ha pubblicato il suo rapporto annuale ThreatLabz 2025 sul ransomware, rivelando un impressionante aumento del 146% negli attacchi ransomware bloccati dalla loro piattaforma cloud. Il rapporto evidenzia un cambiamento significativo nelle strategie degli attaccanti, che si concentrano sempre più sull'estorsione dei dati piuttosto che sulla crittografia. I dati chiave mostrano che i gruppi ransomware hanno rubato 238 TB di dati, con un incremento del 92% rispetto all'anno precedente.
Il rapporto individua i settori Manifatturiero, Tecnologia e Sanità come i più colpiti, con l'industria del Petrolio e Gas che registra un notevole aumento del 935% negli attacchi. Gli Stati Uniti restano il bersaglio principale, rappresentando il 50% di tutti gli attacchi con 3.671 incidenti. RansomHub si è affermato come il gruppo più attivo con 833 vittime pubblicamente nominate, seguito da Akira (520) e Clop (488).
Zscaler (NASDAQ: ZS) ha publicado su informe anual ThreatLabz 2025 sobre ransomware, revelando un aumento dramático del 146% en ataques de ransomware bloqueados por su plataforma en la nube. El informe destaca un cambio significativo en las estrategias de ataque, con actores maliciosos que se enfocan cada vez más en la extorsión de datos en lugar de la encriptación. Los hallazgos clave muestran que los grupos de ransomware robaron 238 TB de datos, representando un incremento del 92% interanual.
El informe identifica a los sectores de Manufactura, Tecnología y Salud como los más atacados, con la industria de Petróleo y Gas experimentando un notable incremento del 935% en ataques. Estados Unidos sigue siendo el principal objetivo, representando el 50% de todos los ataques con 3,671 incidentes. RansomHub emergió como el grupo más activo con 833 víctimas nombradas públicamente, seguido por Akira (520) y Clop (488).
Zscaler (NASDAQ: ZS)는 연례 ThreatLabz 2025 랜섬웨어 보고서를 발표하며, 자사 클라우드 플랫폼에서 차단된 랜섬웨어 공격이 146% 급증했다고 밝혔습니다. 보고서는 공격 전략의 큰 변화를 강조하며, 공격자들이 암호화보다 데이터 갈취에 점점 더 집중하고 있음을 보여줍니다. 주요 발견에 따르면 랜섬웨어 그룹이 238TB의 데이터를 탈취했으며, 이는 전년 대비 92% 증가한 수치입니다.
보고서는 제조업, 기술, 의료 부문이 가장 많이 공격받았으며, 석유 및 가스 산업은 935%의 공격 증가를 경험했다고 지적합니다. 미국은 전체 공격의 50%를 차지하는 주요 목표로, 3,671건의 사건이 발생했습니다. RansomHub가 833명의 공개된 피해자로 가장 활발한 그룹으로 나타났으며, 그 뒤를 Akira(520명)와 Clop(488명)가 이었습니다.
Zscaler (NASDAQ : ZS) a publié son rapport annuel ThreatLabz 2025 sur les ransomwares, révélant une augmentation spectaculaire de 146 % des attaques de ransomware bloquées par leur plateforme cloud. Le rapport souligne un changement significatif dans les stratégies d'attaque, les acteurs malveillants se concentrant de plus en plus sur l'extorsion de données plutôt que sur le chiffrement. Les principales conclusions montrent que les groupes de ransomware ont volé 238 To de données, soit une augmentation de 92 % d'une année sur l'autre.
Le rapport identifie les secteurs de la fabrication, de la technologie et de la santé comme les plus ciblés, avec une augmentation remarquable de 935 % des attaques dans l'industrie du pétrole et du gaz. Les États-Unis restent la cible principale, représentant 50 % de toutes les attaques avec 3 671 incidents. RansomHub est apparu comme le groupe le plus actif avec 833 victimes nommées publiquement, suivi par Akira (520) et Clop (488).
Zscaler (NASDAQ: ZS) hat seinen jährlichen ThreatLabz 2025 Ransomware-Bericht veröffentlicht, der einen dramatischen Anstieg der von ihrer Cloud-Plattform blockierten Ransomware-Angriffe um 146% offenbart. Der Bericht hebt eine bedeutende Veränderung der Angriffsmethoden hervor, wobei sich die Angreifer zunehmend auf Datenerpressung statt Verschlüsselung konzentrieren. Wichtige Erkenntnisse zeigen, dass Ransomware-Gruppen 238 TB Daten gestohlen haben, was einem Anstieg von 92% im Jahresvergleich entspricht.
Der Bericht identifiziert die Branchen Fertigung, Technologie und Gesundheitswesen als die am stärksten angegriffenen Sektoren, wobei die Öl- und Gasindustrie einen bemerkenswerten Anstieg der Angriffe um 935% verzeichnet. Die Vereinigten Staaten bleiben das Hauptziel und machen 50% aller Angriffe mit 3.671 Vorfällen aus. RansomHub ist als aktivste Gruppe mit 833 öffentlich benannten Opfern hervorgegangen, gefolgt von Akira (520) und Clop (488).
- None.
- 146% increase in ransomware attacks indicates growing security challenges
- 92% surge in data exfiltration volume suggests escalating threat severity
- Emergence of 34 new ransomware families shows rapidly evolving threat landscape
Insights
Zscaler's threat report reveals alarming 146% ransomware surge, positioning their Zero Trust platform as critical in the evolving threat landscape.
Zscaler's ThreatLabz 2025 Ransomware Report highlights a dramatic 146% year-over-year increase in ransomware attacks, the steepest spike observed in three years. This surge represents a strategic shift in threat actor tactics, with ransomware groups now prioritizing data exfiltration and extortion over traditional encryption methods. The 92% increase in exfiltrated data volume (from 123TB to 238TB) demonstrates attackers are increasingly weaponizing stolen information to pressure victims.
The report identifies Manufacturing (1,063 attacks), Technology (922), and Healthcare (672) as the most targeted sectors, with Oil & Gas experiencing a staggering 935% increase in attacks year-over-year. This targeting pattern reveals how threat actors are strategically focusing on industries where operational disruption, data sensitivity, and regulatory concerns create maximum leverage.
The United States faces 50% of all ransomware attacks (3,671 incidents), more than all other top-15 targeted countries combined. The report also identifies RansomHub, Akira, and Clop as the most prolific threat groups, with 34 new ransomware families emerging in the past year.
This data underscores the growing sophistication of threat actors and highlights Zscaler's strategic position in the cybersecurity ecosystem. Their Zero Trust Exchange platform, which replaces traditional network-centric security models with a cloud-native architecture, aims to counter ransomware at multiple attack stages by minimizing attack surfaces, preventing initial compromise, eliminating lateral movement, and blocking data exfiltration.
For Zscaler, this threat landscape evolution represents both a challenge and opportunity. As ransomware threats intensify and adapt, demand for comprehensive security solutions like Zscaler's Zero Trust Exchange platform is likely to grow, particularly among the heavily-targeted sectors identified in the report.
Zscaler’s Annual ThreatLabz Report Reveals Key Ransomware Groups Stole 238 TB of Data in One Year
Key Findings:
- Ransomware attacks blocked by the Zscaler cloud rose
146% , the sharpest spike observed in the past three years. - Public extortion cases jumped by
70% based on data leak site analysis. - Data exfiltration volumes increased
92% . - Manufacturing, Technology, and Healthcare were the top targeted industries, and the Oil & Gas sector experienced a
935% increase in attacks.
SAN JOSE, Calif., July 29, 2025 (GLOBE NEWSWIRE) -- Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today published its annual Zscaler ThreatLabz 2025 Ransomware Report. The report examines the latest trends shaping the ransomware threat landscape, revealing how attacks are adapting and escalating. It highlights the most targeted sectors and regions, profiles the most active ransomware families, analyzes shifting attack methodologies, and provides actionable recommendations to help organizations strengthen their defenses. ThreatLabz’s findings underscore the critical importance of organizations adopting a comprehensive Zero Trust Everywhere strategy. This approach is essential to prevent ransomware and other malicious threats from lateral movement and compromising sensitive user data, applications, and information.
"Ransomware tactics continue to evolve, with the growing shift toward extortion over encryption as a clear example," said Deepen Desai, EVP Cybersecurity, Zscaler. "GenAI is also increasingly becoming part of the ransomware threat actor's playbook, enabling more targeted and efficient attacks. As threats advance, security measures must keep pace. The Zscaler Zero Trust Exchange™ platform empowers organizations to shrink their attack surface, identify and block initial compromise threats, prevent lateral movement, and stop data exfiltration to shut down extortion events before they happen."
Data Demand Fuels Steady Attack Growth
Ransomware attacks are intensifying at an alarming rate, with attempted attacks blocked in the Zscaler cloud up
Industries Under Siege
Cybercriminals continue to focus on the high-stakes environments of the Manufacturing (1,063 attacks), Technology (922), and Healthcare (672) sectors, making them the most frequently hit by ransomware over the past year. These industries are particularly vulnerable due to the potential for operational disruption, the sensitivity of stolen data, and the associated risks of reputational damage and regulatory fallout.
The Oil & Gas sector has seen a staggering increase in ransomware attacks, spiking over
United States Is the Target of Half of All Ransomware Attacks
Leak site data highlights a distinct geographic disparity, with victims in the United States accounting for
Ransomware Groups Driving the Surge
Several highly active groups continued to dominate the ransomware ecosystem, with RansomHub leading the pack, claiming the highest number of publicly named victims at 833. Akira and Clop have both moved up in the ransomware attack rankings since last year. Akira, associated with 520 victims, has steadily expanded its reach through numerous affiliates and initial access brokers. Clop, known for its focus on supply chain attacks, is close behind with 488 victims, employing an effective strategy of exploiting vulnerabilities in commonly used third-party software.
Zscaler ThreatLabz identified 34 newly active ransomware families over the past year, bringing the total number tracked to 425 since their research began, and has a public GitHub repository that now hosts 1,018 ransomware notes, with 73 added in the last year.
How Zscaler Stops Ransomware with Zero Trust + AI
Ransomware flourishes in environments with fragmented security, limited visibility, implicit trust, and outdated legacy architectures that amplify risk rather than reduce it. The Zscaler Zero Trust Exchange mitigates these risks by replacing traditional, network-centric models with a cloud-native, AI-driven zero trust architecture, and stops ransomware at every stage of the attack life cycle by:
- Minimizing the attack surface
- Preventing initial compromise
- Eliminating lateral movement
- Blocking data exfiltration
Additional AI-powered ransomware protections from Zscaler include:
- Breach prediction
- Phishing and C2 detection
- Inline sandboxing
- Zero Trust Browser
- Segmentation
- Dynamic, risk-based policy
- Data discovery and classification
- Data loss prevention (DLP) controls
Download the Report
Get the full ThreatLabz 2025 Ransomware Report to explore how Zscaler ThreatLabz plays an active role in protecting enterprises worldwide. Download today.
Research Methodology
The research methodology for this report is a comprehensive process that uses multiple data sources to identify and track ransomware trends. The ThreatLabz team collected data between April 2024 and April 2025 from sources including the Zscaler global security cloud, and the team’s own analysis of ransomware samples and attack data.
About ThreatLabz
ThreatLabz is the security research arm of Zscaler. This world-class team is responsible for hunting new threats and ensuring that the thousands of organizations using the global Zscaler platform are always protected. In addition to malware research and behavioral analysis, team members are involved in the research and development of new prototype modules for advanced threat protection on the Zscaler platform, and regularly conduct internal security audits to ensure that Zscaler products and infrastructure meet security compliance standards. ThreatLabz regularly publishes in-depth analyses of new and emerging threats on its portal, research.zscaler.com.
About Zscaler
Zscaler (NASDAQ: ZS) accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange™ platform protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 160 data centers globally, the SASE-based Zero Trust Exchange is the world’s largest in-line cloud security platform.
Media Contact:
Nick Gonzalez
press@zscaler.com
A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/b92c9822-3941-45ec-8aa1-87defcd57281
FAQ
What is the percentage increase in ransomware attacks according to Zscaler's (ZS) 2025 report?
How much data did ransomware groups steal according to Zscaler's (ZS) 2025 report?
Which industries were most targeted by ransomware attacks in 2025 according to Zscaler?
Who are the most active ransomware groups in 2025 according to Zscaler's report?
What percentage of ransomware attacks targeted the United States in Zscaler's 2025 report?
