The report leverages data collected during Arete’s response to ransomware and extortion attacks in the first half of 2024, exploring the rise and fall of ransomware variants, trends in ransom demands and payments, industries targeted by ransomware attacks, and what may be coming next.
Key findings within the report
- International law enforcement actions against LockBit and ALPHV/BlackCat—the two most prolific Ransomware-as-a-Service (RaaS) groups coming into 2024—resulted in a significant splintering in the ransomware and extortion landscape.
- Initial ransom demands have steadily declined since the beginning of 2023, while median ransom payments remained about the same over the same timeframe.
- Victim organizations continue demonstrating an improved capability to recover from attacks without paying ransom demands.
- Tools and malware used by threat actors showed little change compared to 2023, with remote monitoring and management (RMM) tools, Cobalt Strike, and various malware variants remaining commonplace in threat actor toolkits.
Leverage Arete’s data and threat intelligence from every aspect of the threat lifecycle to better understand the evolving threat landscape.