Zscaler Report Reveals 146% Surge in Ransomware Attacks and Growing Threat Landscape in 2025

Zscaler's report highlights a dramatic rise in ransomware attacks, particularly targeting manufacturing, technology, and healthcare sectors, emphasizing extortion tactics.

Quiver AI Summary

Zscaler's 2025 Ransomware Report reveals a dramatic 146% rise in blocked ransomware attacks, marking the largest increase in three years. The report indicates a 70% jump in public extortion cases and a 92% increase in data exfiltration volumes, primarily affecting the Manufacturing, Technology, and Healthcare sectors. Notably, the Oil & Gas industry experienced a staggering 935% increase in attacks. The United States alone accounted for half of all ransomware incidents, significantly outpacing other countries. The report highlights that ransomware tactics are evolving toward extortion over encryption, with AI being increasingly utilized by attackers. To combat this growing threat, Zscaler emphasizes the necessity of adopting a Zero Trust security strategy, which aims to minimize vulnerabilities and enhance protection against ransomware threats.

Potential Positives

Ransomware attacks blocked by Zscaler cloud increased by 146%, highlighting the effectiveness of their security measures.
The report emphasizes the critical importance of a Zero Trust strategy, reinforcing Zscaler's position as a leader in cloud security.
ThreatLabz identified 34 newly active ransomware families, showcasing Zscaler's commitment to staying ahead of evolving cybersecurity threats.
The comprehensive nature of the report provides actionable recommendations, demonstrating Zscaler’s expertise and authority in the cybersecurity field.

Potential Negatives

Ransomware attacks blocked by the Zscaler cloud rose 146%, indicating an alarming escalation in threats that could impact the perception of Zscaler's effectiveness in preventing these attacks.
The significant increase in ransomware attacks, particularly a 935% rise in the Oil & Gas sector, may suggest vulnerabilities in the security measures of critical infrastructure, potentially undermining Zscaler's reputation as a leader in cloud security.
The report reveals a concentration of 50% of ransomware attacks occurring in the United States, which could imply that Zscaler's primary market is under frequent and severe threats, raising concerns about the company's ability to provide adequate security for its clients in this region.

FAQ

What does the 2025 Ransomware Report reveal?

The report reveals a 146% increase in blocked ransomware attacks and highlights key targeted industries.

Which industries are most affected by ransomware?

Manufacturing, Technology, Healthcare, and Oil & Gas are the top targeted industries for ransomware attacks.

How has data exfiltration changed this year?

Data exfiltration volumes have increased by 92%, indicating a shift towards extortion tactics in ransomware attacks.

What is Zscaler's Zero Trust strategy?

Zscaler's Zero Trust strategy minimizes attack surfaces and prevents lateral movement, enhancing overall cybersecurity resilience.

How can I access the full ThreatLabz report?

You can download the full 2025 Ransomware Report from the Zscaler website to explore comprehensive findings.

Disclaimer: This is an AI-generated summary of a press release distributed by GlobeNewswire. The model used to summarize this release may make mistakes. See the full release here.

$ZS Insider Trading Activity

$ZS insiders have traded $ZS stock on the open market 61 times in the past 6 months. Of those trades, 0 have been purchases and 61 have been sales.

Here’s a breakdown of recent trading of $ZS stock by insiders over the last 6 months:

AJAY MANGAL has made 0 purchases and 24 sales selling 310,480 shares for an estimated $74,334,707.
CHARLES H GIANCARLO has made 0 purchases and 8 sales selling 67,824 shares for an estimated $20,416,445.
SYAM NAIR (CTO) has made 0 purchases and 3 sales selling 36,364 shares for an estimated $9,138,732.
ANDREW WILLIAM FRASER BROWN has made 0 purchases and 3 sales selling 30,333 shares for an estimated $8,093,118.
ROBERT SCHLOSSMAN (Chief Legal Officer) has made 0 purchases and 12 sales selling 21,617 shares for an estimated $5,683,048.
MICHAEL J. RICH (CRO and President of WW Sales) has made 0 purchases and 3 sales selling 17,853 shares for an estimated $5,039,983.
ADAM GELLER (Chief Product Officer) has made 0 purchases and 4 sales selling 6,671 shares for an estimated $2,037,037.
JAGTAR SINGH CHAUDHRY (CEO & Chairman) has made 0 purchases and 2 sales selling 5,004 shares for an estimated $1,294,407.
RAJ JUDGE (EVP, Corp. Strategy & Ventures) sold 2,957 shares for an estimated $898,047
REMO CANESSA (Chief Financial Officer) sold 3,721 shares for an estimated $741,019

To track insider transactions, check out Quiver Quantitative's insider trading dashboard.

$ZS Hedge Fund Activity

We have seen 459 institutional investors add shares of $ZS stock to their portfolio, and 329 decrease their positions in their most recent quarter.

Here are some of the largest recent moves:

T. ROWE PRICE INVESTMENT MANAGEMENT, INC. added 2,603,675 shares (+inf%) to their portfolio in Q1 2025, for an estimated $516,621,193
MARSHALL WACE, LLP added 1,054,589 shares (+266.3%) to their portfolio in Q1 2025, for an estimated $209,251,549
WELLINGTON MANAGEMENT GROUP LLP added 1,031,462 shares (+488.0%) to their portfolio in Q1 2025, for an estimated $204,662,690
VIKING GLOBAL INVESTORS LP removed 914,969 shares (-100.0%) from their portfolio in Q1 2025, for an estimated $181,548,148
HSBC HOLDINGS PLC added 617,319 shares (+79.0%) to their portfolio in Q1 2025, for an estimated $122,488,435
GOLDMAN SACHS GROUP INC added 568,183 shares (+22.9%) to their portfolio in Q1 2025, for an estimated $112,738,870
UBS AM, A DISTINCT BUSINESS UNIT OF UBS ASSET MANAGEMENT AMERICAS LLC added 527,041 shares (+20.3%) to their portfolio in Q1 2025, for an estimated $104,575,475

To track hedge funds' stock portfolios, check out Quiver Quantitative's institutional holdings dashboard.

$ZS Analyst Ratings

Wall Street analysts have issued reports on $ZS in the last several months. We have seen 25 firms issue buy ratings on the stock, and 0 firms issue sell ratings.

Here are some recent analyst ratings:

JMP Securities issued a "Market Outperform" rating on 07/01/2025
UBS issued a "Buy" rating on 06/27/2025
JP Morgan issued a "Overweight" rating on 06/16/2025
Wells Fargo issued a "Overweight" rating on 06/13/2025
Cantor Fitzgerald issued a "Overweight" rating on 06/11/2025
B of A Securities issued a "Buy" rating on 06/09/2025
Scotiabank issued a "Sector Outperform" rating on 06/06/2025

To track analyst ratings and price targets for $ZS, check out Quiver Quantitative's $ZS forecast page.

$ZS Price Targets

Multiple analysts have issued price targets for $ZS recently. We have seen 30 analysts offer price targets for $ZS in the last 6 months, with a median target of $307.5.

Here are some recent targets:

Trevor Walsh from JMP Securities set a target price of $355.0 on 07/01/2025
Roger Boyd from UBS set a target price of $365.0 on 06/27/2025
Brian Essex from JP Morgan set a target price of $348.0 on 06/16/2025
Andrew Nowinski from Wells Fargo set a target price of $385.0 on 06/13/2025
Jonathan Ruykhaver from Cantor Fitzgerald set a target price of $340.0 on 06/11/2025
Tal Liani from B of A Securities set a target price of $340.0 on 06/09/2025
Patrick Colville from Scotiabank set a target price of $360.0 on 06/06/2025

Full Release

Key Findings:

Ransomware attacks blocked by the Zscaler cloud rose 146% , the sharpest spike observed in the past three years.
Public extortion cases jumped by 70% based on data leak site analysis.
Data exfiltration volumes increased 92% .
Manufacturing, Technology, and Healthcare were the top targeted industries , and the Oil & Gas sector experienced a 935% increase in attacks.

SAN JOSE, Calif., July 29, 2025 (GLOBE NEWSWIRE) -- Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today published its annual Zscaler ThreatLabz 2025 Ransomware Report. The report examines the latest trends shaping the ransomware threat landscape, revealing how attacks are adapting and escalating. It highlights the most targeted sectors and regions, profiles the most active ransomware families, analyzes shifting attack methodologies, and provides actionable recommendations to help organizations strengthen their defenses. ThreatLabz’s findings underscore the critical importance of organizations adopting a comprehensive Zero Trust Everywhere strategy. This approach is essential to prevent ransomware and other malicious threats from lateral movement and compromising sensitive user data, applications, and information.

"Ransomware tactics continue to evolve, with the growing shift toward extortion over encryption as a clear example," said Deepen Desai, EVP Cybersecurity, Zscaler. "GenAI is also increasingly becoming part of the ransomware threat actor's playbook, enabling more targeted and efficient attacks. As threats advance, security measures must keep pace. The Zscaler Zero Trust Exchange™ platform empowers organizations to shrink their attack surface, identify and block initial compromise threats, prevent lateral movement, and stop data exfiltration to shut down extortion events before they happen."

Data Demand Fuels Steady Attack Growth
Ransomware attacks are intensifying at an alarming rate, with attempted attacks blocked in the Zscaler cloud up 146% year-over-year. This escalation reflects a strategic shift: ransomware groups are increasingly prioritizing extortion over encryption. Accordingly, the report details a 92% increase in the total volume of exfiltrated data by 10 major ransomware groups in the past year, rising from 123 TB to 238 TB. This emphasis on data theft—and the threat of exposure—allows attackers to exert greater pressure on victims, amplifying the impact of ransomware on organizations globally.

Industries Under Siege
Cybercriminals continue to focus on the high-stakes environments of the Manufacturing (1,063 attacks), Technology (922), and Healthcare (672) sectors, making them the most frequently hit by ransomware over the past year. These industries are particularly vulnerable due to the potential for operational disruption, the sensitivity of stolen data, and the associated risks of reputational damage and regulatory fallout.

The Oil & Gas sector has seen a staggering increase in ransomware attacks, spiking over 900% year-over-year. This surge is likely a result of increased automation of systems that control critical infrastructure, including drilling rigs and pipelines, expanding the sector’s attack surface, coupled with outdated security practices.

United States Is the Target of Half of All Ransomware Attacks
Leak site data highlights a distinct geographic disparity, with victims in the United States accounting for 50% of ransomware attacks, significantly outpacing Canada (5%) and the United Kingdom (4%). Ransomware attacks in the U.S. more than doubled to 3,671, exceeding the combined total number of attacks reported across all other countries in the top 15 most-targeted countries. This concentration demonstrates how threat actors continue to strategically target digitally concentrated, high-value economies.

Ransomware Groups Driving the Surge
Several highly active groups continued to dominate the ransomware ecosystem, with RansomHub leading the pack, claiming the highest number of publicly named victims at 833. Akira and Clop have both moved up in the ransomware attack rankings since last year. Akira, associated with 520 victims, has steadily expanded its reach through numerous affiliates and initial access brokers. Clop, known for its focus on supply chain attacks, is close behind with 488 victims, employing an effective strategy of exploiting vulnerabilities in commonly used third-party software.

Zscaler ThreatLabz identified 34 newly active ransomware families over the past year, bringing the total number tracked to 425 since their research began, and has a public GitHub repository that now hosts 1,018 ransomware notes, with 73 added in the last year.

How Zscaler Stops Ransomware with Zero Trust + AI
Ransomware flourishes in environments with fragmented security, limited visibility, implicit trust, and outdated legacy architectures that amplify risk rather than reduce it. The Zscaler Zero Trust Exchange mitigates these risks by replacing traditional, network-centric models with a cloud-native, AI-driven zero trust architecture, and stops ransomware at every stage of the attack life cycle by:

Minimizing the attack surface
Preventing initial compromise
Eliminating lateral movement
Blocking data exfiltration

Additional AI-powered ransomware protections from Zscaler include:

Breach prediction
Phishing and C2 detection
Inline sandboxing
Zero Trust Browser
Segmentation
Dynamic, risk-based policy
Data discovery and classification
Data loss prevention (DLP) controls

Download the Report
Get the full ThreatLabz 2025 Ransomware Report to explore how Zscaler ThreatLabz plays an active role in protecting enterprises worldwide. Download today .

Research Methodology
The research methodology for this report is a comprehensive process that uses multiple data sources to identify and track ransomware trends. The ThreatLabz team collected data between April 2024 and April 2025 from sources including the Zscaler global security cloud, and the team’s own analysis of ransomware samples and attack data.

About ThreatLabz
ThreatLabz is the security research arm of Zscaler. This world-class team is responsible for hunting new threats and ensuring that the thousands of organizations using the global Zscaler platform are always protected. In addition to malware research and behavioral analysis, team members are involved in the research and development of new prototype modules for advanced threat protection on the Zscaler platform, and regularly conduct internal security audits to ensure that Zscaler products and infrastructure meet security compliance standards. ThreatLabz regularly publishes in-depth analyses of new and emerging threats on its portal, research.zscaler.com .

About Zscaler
Zscaler (NASDAQ: ZS) accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange™ platform protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 160 data centers globally, the SASE-based Zero Trust Exchange is the world’s largest in-line cloud security platform.

Media Contact:
Nick Gonzalez
[email protected]

A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/b92c9822-3941-45ec-8aa1-87defcd57281