Arete, a global leader in incident response and cyber risk management, released its 2024 Q1 Crimeware Report, highlighting key trends and notable shifts in the cyber threat landscape. The report leverages data collected during Arete’s response to ransomware and extortion attacks and explores the rise and fall of ransomware variants, trends in ransom demands and payments, impacts on critical infrastructure, and what Arete expects to see in Q2.
The report offers analysis and insights on shifts in the threat landscape, including intelligence on ransomware groups with increased activity in Q1 2024. It also explores trends in ransom demands and payments, commonly observed tools and malware used by threat actors, and recommended strategies to reduce risk amidst the latest threats.
Key findings within the report:
• Throughout Q1, law enforcement continued to pressure large Ransomware-as-a-Service (RaaS) groups, significantly disrupting LockBit’s operations. Meanwhile, ALPHV used previous law enforcement actions to abandon its brand in an exit scam.
• With LockBit and ALPHV’s combined activity no longer comprising the majority of ransomware engagements, Arete observed a much broader and more evenly distributed threat landscape, with activity from groups including 8Base, BianLian, Black Basta, Cactus, DragonForce, Hunters International, HsHarada, Medusa, Phobos, Rhysida, and Trigona.
• The median ransom payment increased slightly from Q4 to Q1 but remained about the same as the median payments for all of 2023. The trend of fewer organizations paying ransoms also continued, as a ransom was paid in just 34% of Arete engagements during the quarter.
“As we navigate an evolving cyber threat landscape, Arete is committed to providing actionable insights and effective solutions to protect organisations worldwide,” said Chris Martenson, Arete’s Chief Data Officer. “This report underscores the importance of vigilance and collaboration in the face of ransomware and extortion attacks. With our expertise and innovative approaches, Arete remains ready to lead the charge in cyber risk innovation,” Martenson added.