Zscaler ThreatLabz 2025年勒索软件报告

Executive Summary Top 5 Ransomware Families to Watch in 2025-2026#1 Dark Angels Table ofContents #2 Clop/Cl0p#3 DragonForce Key Findings Ransomware Landscape: Top Trends and TargetsRansomware attacks hit new highsData exfiltration trends up 92.7%Global and regional hotspotsMost active ransomware groups in 2024–2025 2026 Predictions How Zscaler Stops Ransomware with Zero Trust + AI Ransomware Prevention Checklist Black Basta Leverages ChatGPT for Criminal Activities Research Methodology Hello? It’s Ransomware Calling: Inside the Multi-Stage AttackPlaybookLeaky LockBit: RaaS Mechanisms Exposed in Dark Web BreachHealthcare Under Siege: The Era of Massive Data Theft About ThreatLabz34About Zscaler34 ExecutiveSummary_ it operates is constantly changing. Today’s campaigns are more targeted,automated, and efficient, driven in part by the growing use of generativeAI enhancing and accelerating everything from phishing lures to malwaredevelopment. This evolution has translated into a significant surge in ransomware groups show no signs of slowing down. If anything, disruptionmay be driving reinvention. Thirty-four new ransomware families emergedduring the analysis period for this report. Meanwhile, established groupssuch as DragonForce, Akira, and Clop climbed to the top of the activity attempts than in any previous year—more than 10.8 million hits—markinga 145.9% year-over-year increase and the highest volume recorded sincetracking began. At the same time, the number of organizations listedon ransomware leak sites rose 70.1%, underscoring a broader shift toextortion-driven attacks. Today’s campaigns are high-frequency and high-impact, designed to extract maximum leverage, often without the need for these developments and findings, covering top targeted sectors andregions, ransomware families to watch, evolving attack methodologies,and actionable guidance for defenders. Beyond threat tracking, learn howThreatLabz plays an active role in protecting enterprises worldwide—from building custom tools for ransomware attack recovery to contributing Ransomware attempts blocked by the Zscalercloud increased by 145.9% year-over-year (April2024–April 2025), marking the most significant spike we’veseen in three years. Data exfiltration volumes for 10 majorransomware families increased 92.7% year-over-year to 238.5 terabytes (TB) stolen, signalingthe broader shift toward data theft as a primary extortion tactic. data leak site analysis, proving the threat of reputationaldamage or regulatory consequences is often more compellingthan encryption alone. were the top targeted industriessector experienced a 935.3% increase in attacks. Generative AI is becoming a force multiplierfor ransomware threat actors, helping to rapidly createphishing lures, write malicious code, automate data extraction, The United States remains the #1 global targetexperiencing 50.8% of overall attacks, followed by Canada, the United Kingdom, Germany, and India. integrated into ransomware attacksas voice scamsbecome more convincing and more effective at gaining initial emerged as the most active ransomwarefamilies, collectively responsible for the largest share of attacks. law enforcement efforts—supported byindustry experts like Zscaler ThreatLabz—havemade meaningful stridesin disrupting major ransomware ransomware familiesduring the analysis period, bringingthe total number tracked to 425 since our research began.infrastructure, as demonstrated by Operation Endgame. Ransomware_Landscape:Top Trends and Targets 10,887,030APR 2024 - APR2025 While headline-making breaches illustrate the global scale of ransomware,the most valuable insights come from analyzing targeting patterns andoperational behaviors threat actors use across campaigns. +145.9% having the most significant impact (by industry and region), identify whichransomware families are leading the charge, and spotlight the emergence of 2,727,1143,756,8584,426,966APR 2023 - APR2024 Ransomware attacks hit newhighs data shows a dramatic surge in attack volume: attempted ransomwareattacks in the Zscaler cloud have jumped 145.9% year-over-year—andsixfold since 2021. This figure reflects the volume of ransomware-relatedindicators and events the platform blocked. The uptick reveals more than just campaigns point to an evolution—one fueled in part by GenAI acceleratingransomware’s development into a more sophisticated and scalablecybercriminal business model. Data exfiltrationtrends up 92.7% Over the last year, ransomware groups haveturned data theft from a supporting act into themain event. Increasingly, encryption alone—if at all—isn’t the endgame. Threat actors are trend. ThreatLabz analysis reveals that the totalvolume of data stolen increased year-over-year across 10 major ransomware groups. Thetotal volume of exfiltrated data by these groupsrose 92.7%, from 123.8 TB (April 2023–March2024) to 238.5 TB (April 2024–March 2025).This excludes a single breach in the 2023–202