
Arete’s H1 2025 Crimeware Report
The report leverages data collected from Arete’s response to ransomware and extortion attacks, the report explores the threat landscape during the first half of 2025, including shifts in ransom demands and payments, evolving attack vectors, and targeted law enforcement actions.
Key findings within the report:
- Activity levels noticeably decreased in April and May, stemming from the RansomHub ransomware group going offline as well as various law enforcement activities against tools and infrastructure used by cybercriminals.
- Despite higher median ransom demands, median ransom payments decreased, reflecting rising regulatory pressures, improved recovery pathways without paying threat actors, and the importance of compliance-focused solutions.
- Vulnerability exploits, compromised credentials, and social engineering attacks were the most prominent attack vectors in H1. There was a notable increase in the sophistication of social engineering attacks, with the emergence of new techniques like ClickFix.