In the ever-escalating world of cyber threats, ransomware has emerged as a formidable force, with attempts surging by 146% over the past year, according to the latest findings from Zscaler’s ThreatLabz team. This sharp increase, the most dramatic in three years, underscores how attackers are refining their strategies to maximize disruption and profit. Drawing from data processed through Zscaler’s vast cloud security infrastructure, which blocks millions of threats daily, the report paints a picture of a threat environment where extortion tactics are overtaking traditional encryption methods. Cybercriminals are not just locking systems; they’re stealing massive volumes of data—238 terabytes from just 10 major groups in a single year, a 92% jump from the previous period.

This shift toward data exfiltration as a primary weapon allows attackers to threaten leaks on dark web sites, pressuring victims into paying without needing to encrypt files. Public extortion cases have ballooned by 70%, based on analysis of leak sites, amplifying the psychological and financial toll on organizations. As Deepen Desai, Zscaler’s EVP of Cybersecurity, noted in the report’s release, generative AI is now woven into attackers’ toolkits, enabling more precise phishing and reconnaissance. This evolution demands that companies rethink defenses, moving beyond perimeter-based security to models that assume breach and limit damage.

A Sector-by-Sector Breakdown of Vulnerabilities

Among the hardest-hit industries, manufacturing tops the list with 1,063 recorded attacks, followed closely by technology at 922 and healthcare at 672. These sectors are prime targets due to their reliance on interconnected systems and the high value of their data—think proprietary designs in manufacturing or patient records in healthcare. The potential for operational shutdowns, like halting production lines or delaying medical services, gives attackers leverage for hefty ransoms.

Even more alarming is the 935% spike in attacks on the oil and gas sector, attributed to the rapid digitization of critical infrastructure such as pipelines and drilling rigs. Legacy systems, often patched together with modern IoT devices, create exploitable gaps. According to insights from Zscaler’s 2024 Ransomware Report, which highlighted similar trends in encryption-less extortion, this year’s data shows how attackers are capitalizing on these weaknesses, potentially endangering energy supplies and national security.

Geographic Hotspots and Global Implications

Geographically, the United States bears the brunt, accounting for half of all ransomware incidents, with attacks doubling to 3,671—more than the combined total for the next 14 countries. Canada and the United Kingdom trail far behind at 5% and 4%, respectively. This disparity reflects the U.S.’s digital density and economic allure, making it a magnet for groups seeking big payouts. Recent posts on X from cybersecurity experts echo this, noting a surge in U.S.-focused campaigns amid broader discussions of zero-trust strategies.

The dominance of groups like RansomHub, with 833 claimed victims, Akira (520), and Clop (488) illustrates the organized nature of these operations. RansomHub’s rise, fueled by affiliates and initial access brokers, mirrors patterns seen in Zscaler’s 2023 Ransomware Report, which documented a 40% global increase. Clop’s supply-chain exploits, targeting third-party software vulnerabilities, have proven devastating, as evidenced by past breaches covered in Forbes analyses of similar incidents.

Emerging Families and Adaptive Methodologies

ThreatLabz tracked 34 new ransomware families this year, swelling the total to 425 since monitoring began. Their public GitHub repository now holds 1,018 ransomware notes, with 73 additions recently, offering a treasure trove for researchers. This proliferation signals an ecosystem where ransomware-as-a-service lowers barriers for entry-level criminals, accelerating innovation in tactics like double extortion.

Attackers thrive in environments with siloed security and implicit trust, but Zscaler’s Zero Trust Exchange counters this by minimizing attack surfaces, preventing initial compromises via AI-driven detection, and blocking lateral movement and exfiltration. Features like breach prediction, inline sandboxing, and dynamic policies integrate AI to anticipate threats, as detailed in the company’s research portal.

Strategic Defenses in an AI-Driven Era

To combat these trends, organizations must adopt zero-trust architectures that treat every access as suspect. Zscaler’s platform, processing over 400 billion transactions daily, provides real-time insights that legacy systems lack. The report’s methodology, spanning April 2024 to April 2025 and leveraging cloud data alongside sample analysis, offers a robust foundation for these recommendations.

As ransomware groups evolve, incorporating GenAI for tailored attacks, the imperative for proactive measures grows. Insights from Bloomberg’s coverage of recent surges in data theft emphasize the need for data classification and loss prevention, aligning with Zscaler’s tools. Ultimately, this report serves as a clarion call: in a world where threats adapt swiftly, defenses must evolve even faster to safeguard critical assets and maintain operational resilience.