Crimeware Report
Trends and Highlights Q3 2023

Arete's latest Crimeware Report leverages data collected during Arete incident response engagements and explores the rise and fall of ransomware variants, trends in ransom demands and payments, critical infrastructure impacts, and geopolitical implications.  

Overview

Top Ransomware Variants

  • ALPHV/BlackCat dethroned LockBit as the most prevalent ransomware variant Arete observed in Q3, as LockBit encountered internal instability.
  • The number of identified threat groups has declined, but the variety of ransomware branding has increased.

Trends in Ransom Demands and Payments

  • Arete's data shows that a ransom was paid in just 17% of cases in Q3.
  • Ransomware groups demand the highest average ransoms from Critical Infrastructure ($440K) and Financial Services Companies.
  • Cl0p continues targeting high-revenue organizations and demanding outsized ransoms.

Geopolitical Impacts

  • Over 100 cyber threat groups are engaging in malicious cyber activity surrounding the conflict between Israel and Hamas in the Middle East.

Download the Report