Arete released its H1 2024 crimeware report, highlighting key trends and notable shifts in the cyber threat landscape. The report leverages data collected during Arete’s response to ransomware and extortion attacks during the first half of 2024 and explores the rise and fall of ransomware variants, trends in ransom demands and payments, industries targeted by ransomware attacks, and what may be coming next.
Key findings within the report:
International law enforcement actions against LockBit and ALPHV/BlackCat—the two most prolific Ransomware-as-a-Service (RaaS) groups coming into 2024—resulted in a significant splintering in the ransomware and extortion landscape. Initial ransom demands have steadily declined since the beginning of 2023, while median ransom payments remained about the same over the same timeframe.
Victim organisations continue demonstrating an improved capability to recover from attacks without paying ransom demands. Tools and malware used by threat actors showed little change compared to 2023, with remote monitoring and management (RMM) tools, Cobalt Strike, and various malware variants remaining commonplace in threat actor toolkits.
“Arete’s unique experience in responding to ransomware and extortion, as well as managed and advisory services, provides one-of-a-kind data and visibility of the threat landscape,” said Geoff Brown, Arete’s President and Chief Operating Officer. “We are dedicated to providing our partners and clients with insights and leveraging our visibility in the shared fight against cyber extortion,” Brown added. Arete’s data-driven approach continues to support clients in preventing, detecting, and responding to evolving cyber extortion threats. The full H1 2024 Crimeware Report is available for download here.