The report leverages data collected during Arete’s response to ransomware and extortion attacks in the first half of 2024, exploring the rise and fall of ransomware variants, trends in ransom demands and payments, industries targeted by ransomware attacks, and what may be coming next.
Key findings within the report
- International law enforcement actions against LockBit and ALPHV/BlackCat—the two most prolific Ransomware-as-a-Service (RaaS) groups coming into 2024—resulted in a significant splintering in the ransomware and extortion landscape.
- Initial ransom demands have steadily declined since the beginning of 2023, while median ransom payments remained about the same over the same timeframe.
- Victim organizations continue demonstrating an improved capability to recover from attacks without paying ransom demands.
- Tools and malware used by threat actors showed little change compared to 2023, with remote monitoring and management (RMM) tools, Cobalt Strike, and various malware variants remaining commonplace in threat actor toolkits.
Leverage Arete’s data and threat intelligence from every aspect of the threat lifecycle to better understand the evolving threat landscape.
Related Resources
![]()
2023 Annual Crimeware Report
Leveraging data collected during incident response engagements, this report follows the rise and fall of ransomware variants, notable trends in ransom demands and payments, industries targeted by ransomware attacks, and what may be coming next.
Read more![]()
Crimeware Report: Trends and Highlights from Q3 2023
This report covers trends observed during Arete’s response to ransomware and extortion attacks from July 1 through September 30, 2023. The volume of attacks in Q3 was consistent with that observed in the first half of 2023.
Read more![]()
Turning Tides – Navigating the Evolving World of Cybercrime
This report highlights the trends and shifts in the cyber threat landscape observed by Arete in the first half of 2023.
Read more
