Arete’s H1 2025 Crimeware Report
The report leverages data collected from Arete’s response to ransomware and extortion attacks, the report explores the threat landscape during the first half of 2025, including shifts in ransom demands and payments, evolving attack vectors, and targeted law enforcement actions.
Key findings within the report:
- Activity levels noticeably decreased in April and May, stemming from the RansomHub ransomware group going offline as well as various law enforcement activities against tools and infrastructure used by cybercriminals.
- Despite higher median ransom demands, median ransom payments decreased, reflecting rising regulatory pressures, improved recovery pathways without paying threat actors, and the importance of compliance-focused solutions.
- Vulnerability exploits, compromised credentials, and social engineering attacks were the most prominent attack vectors in H1. There was a notable increase in the sophistication of social engineering attacks, with the emergence of new techniques like ClickFix.
Related Resources
![]()
Arete’s Q1 2025 Crimeware Report
Arete’s Q1 2025 Crimeware Report reveals key cyber threat trends, top threat groups, ransom shifts, and common malware and access methods.
Read more![]()
2024 Annual Crimeware Report
Explore Arete’s 2024 Annual Crimeware Report for insights on ransomware trends, ransom demands, targeted industries, and threat lifecycle intelligence.
Read more![]()
Q3 2024 Crimeware Report
Explore Arete’s Q3 2024 Crimeware Report for insights on ransomware trends, ransom demands, targeted industries, and threat lifecycle intelligence.
Read more
