Zscaler revealed in its annual Zscaler ThreatLabz 2024 Ransomware Report that India ranked second when it came to the volume of ransomware attacks successfully launched in the Asia Pacific and Japan region. This annual report analyses the ransomware threat landscape from April 2023 to April 2024, tracking the latest attack trends, targeted sectors, ransomware families, and defence strategies.
Findings in the report uncovered an 18% overall increase in ransomware attacks year-over-year globally, as well as a record-breaking ransom payment of US$75 million – nearly double the highest publicly known ransomware payout – to the Dark Angels ransomware group. ThreatLabz believes Dark Angels’ success will drive other ransomware groups to use similar tactics, reinforcing the need for organisations to prioritise protection against rising and ever-more costly ransomware attacks.
“Ransomware defence remains a top priority for CISOs in 2024. The increasing use of ransomware-as-a-service models, along with numerous zero-day attacks on legacy systems, a rise in vishing attacks and the emergence of AI-powered attacks, has led to record breaking ransom payments,” said Deepen Desai, Chief Security Officer at Zscaler. “Organisations must prioritise Zero Trust architecture to strengthen their security posture against ransomware attacks. This is where an AI-powered Zero Trust platform like Zscaler helps organisations fast-track their segmentation journeys, reducing the blast radius as well as shutting down unknown vectors for future AI-driven attacks.”
India’s rapid digital transformation, coupled with widespread AI and machine learning adoption, has positioned the country as a prime target for sophisticated cyber threats. ThreatLabz observed nearly 1.3 billion (135%) more AI transactions in APJ than EMEA—largely driven by the high volume of transactions coming from India. The report reveals that ransomware extortion attacks have consistently surged across industries, with the number of victim companies listed on data leak sites increasing by nearly 58% since last year.
While the manufacturing sector remains the most targeted in India, accounting for 28.89% of attacks, other industries such as healthcare (8.9%), technology (6.67%), pharmaceutical (6.67%), and financial services (8.9%) also faced significant risks. The report also highlighted the rise in AI-powered cyberattacks, emphasising the importance of Zero Trust architecture to combat evolving threats.
Despite the global surge in ransomware, India remained relatively flat in terms of growth in successful ransomware attacks – from logging 62 incidents in 2023 to 60 in 2024. However, ransomware attacks still remain a cause of concern, with vulnerabilities continuing to grow in light of the rising adoption of AI-driven attack vectors by threat actors.
“India is at the forefront of digital transformation – leading the way on a global platform when it comes to the adoption of emerging technologies, such as AI/ML, to drive innovation. However, its successes have also drawn the attention of threat actors, making it a prime target for sophisticated cyber threats, including ransomware attacks. With the government’s increased focus on driving cybersecurity resilience, it is more crucial than ever for Indian enterprises to adopt zero trust security frameworks,” said Suvabrata Sinha, CISO in residence, India at Zscaler. “Our AI-powered zero trust platform is designed to mitigate risks, protect sensitive data, and ensure business continuity in an increasingly hostile cyber environment. By prioritising zero trust, Indian businesses can better protect their digital assets, align with the government’s initiatives, and maintain resilience against emerging cyber threats.”
ThreatLabz also identified the most active ransomware families in India, with LockBit leading at 23.33%, followed by BianLian at 16.67%, BlackCat (11.67%), 8Base (10%), and Mallox (5%). Globally, LockBit (22%), BlackCat (9%), and 8Base (8%) remain the top threats, with emerging groups like Dark Angels expected to drive future attacks.
Zscaler remains committed to helping organisations minimise their attack surface, prevent initial compromises, eliminate lateral movement, and stop data loss through its Zero Trust Exchange platform. This AI-powered platform is designed to mitigate risks, protect sensitive data, and ensure business continuity in an increasingly hostile cyber environment.
Zscaler helps enterprises stop ransomware with zero trust security
From initial reconnaissance and compromise to lateral movement, data theft, and payload execution, Zscaler helps organisations stop ransomware at every stage of the attack cycle:
* Minimise the attack surface: Zscaler effectively minimises the attack surface by hiding users, applications, and devices behind a cloud proxy, where they are not visible or discoverable from the internet.
* Prevent initial compromise: The Zscaler Zero Trust Exchange employs extensive TLS/SSL inspection, browser isolation, advanced inline sandboxing, and policy-driven access controls to prevent users from accessing malicious websites as well as detect unknown threats before they reach your network.
* Eliminate lateral movement: Leverage user-to-app or app-to-app segmentation so that users connect directly to applications (and apps to other apps), not the network, eliminating the risk of lateral movement.
* Stop data loss: Inline data loss prevention measures, combined with full TLS/SSL inspection, effectively thwart data theft attempts. Zscaler ensures that data is secured both in transit and at rest.