A report published today by Zscaler finds an 18% increase in ransomware attacks, including one that involved a record $75 million payment that appears to have been made to the Dark Angels ransomware group. Previously, the highest known ransomware payment was $40 million.

Brett Stone-Gross, director of threat intelligence for Zscaler, said unlike better-known ransomware gangs such as LockBit or BlackCat, the Dark Angels cybercriminal syndicate makes a concerted effort to keep a much lower profile by focusing their attacks with little fanfare on high-value targets.

Overall, the report finds half the ransomware attacks (50%) are now hitting targets based in the U.S., with the U.S. seeing the largest year-over-year increase (93%), followed by Italy (78%) and Mexico (58%).

Ransomware Syndicates Resilient

Ransomware syndicates are proving themselves to be resilient even after takedowns by law enforcement officials. Lockbit 2.0, for example, was able to reconstitute its operations in a matter of weeks after law enforcement officials from the U.S. and United Kingdom (UK) announced earlier this year they had been able to seize portions of the group’s core infrastructure.

That capability suggests that ransomware syndicates are prepared to access standby IT infrastructure when needed, a task made easier by the ransom payments these groups have previously collected.

Zscaler has been making a case to thwart these attacks by relying more on a cloud platform that provides a layer of isolation between data stored in applications and end users accessing them. That zero-trust approach to IT makes it more difficult for malware to encrypt data stored in those applications.

Perfect security is, of course, unattainable but if organizations make it more challenging to infiltrate their IT environments, cybercriminals will likely focus their efforts elsewhere. It’s simply too easy today for cybercriminals to launch waves of ransomware attacks until eventually, they gain access to a legacy IT environment. Making matters worse, cybercriminal syndicates are also investing in, for example, artificial intelligence (AI) technologies that enable them to reset passwords by mimicking an individual’s voice as they make a call to a help desk, noted Stone-Gross.

It’s not clear how much influence cybersecurity teams are exercising over the choice of IT platforms employed by organizations but given the rate at which ransomware attacks are being perpetrated, it’s becoming increasingly apparent that existing IT environments are too easily compromised.

In the meantime, however, ransomware will likely become more costly as cybercriminal gangs become more adept at targeting victims who can afford payouts valued in the tens of millions. Hopefully, law enforcement officials will continue to become more adept at recovering those funds but arresting the perpetrators of these crimes remains exceedingly difficult, especially when they live in countries that don’t cooperate with judicial officials from the countries where the entities victimized are located. As such, the odds ransomware attacks will ever be eliminated are as it stands right now are slim to none.