Arete’s Q1 2025 Crimeware Report

Arete’s Q1 2025 Crimeware Report

The report leverages data collected from Arete’s response to ransomware and extortion attacks in the first quarter of 2025 and offers analysis and insights on shifts in the threat landscape, including the most active threat groups, shifts in ransom demands and industries targeted, and commonly used malware and initial access methods.

Key Findings:

• Activity in Q1 2025 was relatively predictable, with the majority of ransomware and extortion attacks conducted by established groups that have operated for at least a year. Akira remained the most active threat group in Q1 and was responsible for over 15% of all ransomware and extortion engagements, continuing its upward trend from 2024.
• Ransomware groups continued to refine their initial access methods, with vulnerability exploits, compromised credentials, social engineering, and ClickFix attacks emerging as the most prominent attack vectors.
• Professional, Scientific, and Technical Services was the most impacted sector in Q1, followed by Manufacturing, which aligns with the trend observed in 2024, when these two sectors were also the most targeted.

 

Explore data and insights from the frontlines of incident response, including median demands and payments, notable threat actor TTPs, the most impacted industries, and frequently observed malware and tools. We are dedicated to protecting our clients, informing our partners, and contributing to the shared fight against cyber extortion.