H1 2024 Crimeware Report 

The report leverages data collected during Arete’s response to ransomware and extortion attacks during the first half of 2024 and explores the rise and fall of ransomware variants, trends in ransom demands and payments, industries targeted by ransomware attacks, and what may be coming next.

Key Findings:

• International law enforcement actions against LockBit and ALPHV/BlackCat—the two most prolific Ransomware-as-a-Service (RaaS) groups coming into 2024—resulted in a significant splintering in the ransomware and extortion landscape. 
• Initial ransom demands have steadily declined since the beginning of 2023, while median ransom payments remained about the same over the same timeframe. 

• Victim organizations continue demonstrating an improved capability to recover from attacks without paying ransom demands. 

• Tools and malware used by threat actors showed little changed compared to 2023, with remote monitoring and management (RMM) tools, Cobalt Strike, and various malware variants remaining commonplace in threat actor toolkits.