Skip to Main Content

Press Release

Arete and Cyentia release report revealing data-driven insights on Ransomware for Insurance Carriers

Reining In Ransomware Is Based on Data from Nearly 1,500 Ransomware Events Exceeding $1 Billion In Ransom Demands

Arete, a leading global cyber risk management company, has released the second volume of its Investigative Cybercrime Series in collaboration with cybersecurity research firm Cyentia. The report, titled Reining in Ransomware, explores the most prolific ransomware strains, ransom demand and payment trends, and the implications of data exfiltration.

The data for this research comes directly from nearly 1,500 ransomware events investigated by Arete, exceeding $1 billion in ransom demands. The insights in the report are drawn from thorough examination of tactics, techniques, and procedures (TTPs) employed by the threat actors.

Download Reining in Ransomware.

Key findings within the report:

  • Seven of the top ten ransomware strains in 2022 are new, which indicates swiftly changing dynamics among cybercriminals and their campaigns.
  • Sixty-one percent of attacks involved infections through exploitation of poorly secured remote access services. As digitization increases, attacks also evolve.
  • The top ten post-compromise techniques each factor into more than 50 percent of ransomware incidents.
  • Ransomware demands were five times higher when data exfiltration is involved. That is happening six times more often in 2022 than in 2019.

The report offers actionable takeaways for insurers and their insureds on how to help protect against today’s most prolific cyber threats. The top 20 ransomware families account for a large majority of incidents, meaning there’s an opportunity to greatly reduce risk by encouraging organizations to create a focused defense strategy. In today’s hybrid world, where organizations are more connected than ever, it is essential to build a robust security infrastructure. Arete recommends a few security practices that can protect businesses from ransomware attacks, including network segmentation, multi-factor authentication (MFA), and behavior prevention at the endpoint.

“Ransomware incidents have increased over the past few years, and attackers are also innovating their techniques to target businesses, which makes detection and recovery more challenging than ever,” said Arete’s Chief Data Officer Chris Martenson. “In this report, we highlighted insights to educate organizations on attack developments and how they can tackle them. In today’s digital-first world, it is pivotal for companies to build cybersecurity teams in-house or collaborate with a third-party security partner to be prepared for the evolving threat landscape,” Martenson added.

In the first report of this series, Mitigating Ransomware’s Impact, Arete shared data-driven insights on ransom demands and payments, victims’ industry and implemented controls, likelihood to pay, and reasons for payment. The report dove into how data has helped Arete negotiate ransoms down by up to 93 percent, with all the requested recovery tools and reports successfully delivered to the client. Reining in Ransomware builds on these initial insights.

Download the latest report, Reining in Ransomware.

About Arete

Arete partners with clients to transform to reduce the burden of preparing for, detecting, and responding to cyberattacks. With decades of experience fighting cybercrime and nation-state attacks, Arete’s elite team of cybersecurity experts has created unparalleled capabilities to address the entire cyber incident life cycle, from incident response readiness assessments to post-incident remediation and managed security services. These services, available in 40 languages, will restore trust and confidence as well as help your clients address the full threat life cycle while strengthening their overall cyber posture.

To learn more, visit


Name: Annemarie Cyboron

Email: [email protected]

Phone: +1-646-907-9767