Skip to Main Content


Crimeware Report: Trends and Highlights from Q3 2023

Q3 Crimeware Report

This report covers trends observed during Arete’s response to ransomware and extortion attacks from July 1 through September 30, 2023. The volume of attacks in Q3 was consistent with that observed in the first half of 2023. However, the ransomware ecosystem showed noticeable changes as criminal affiliations shifted. The data examined includes ransomware variants, ransom demands, and sectors impacted by ransomware.

Across the ransomware incident response cases Arete responded to in Q3, several notable trends emerged:

• Multiple ransomware groups demonstrated increased aggression and use of pressure tactics in negotiations, including one group making unsubstantiated threats of physical violence.
• Cl0p continued impacting victims from the MoveIt exploit campaign, using torrents for faster data exfiltration.
• Luna Moth returned in high volumes, using call-back phishing with Peloton lures to gain initial access. The group primarily targets law firms in exfiltration-only extortion events.

The report concludes with a view into how geopolitics impact the cyber landscape and an outlook for the quarter ahead.