H1 2025 Crimeware Report

Our in-house Threat Intelligence team uses Arete's unique data from ransomware and extortion engagements to highlight key shifts and trends in the cyber threat landscape. 

Key Findings

• Shifts in Key Threat Groups: Activity levels noticeably decreased in April and May, stemming from the RansomHub ransomware group going offline as well as various law enforcement activities against tools and infrastructure used by cybercriminals.  

• Compliance and Risk Alignment: Despite higher median ransom demands, median ransom payments decreased, reflecting rising regulatory pressures, improved recovery pathways without paying threat actors, and the importance of compliance-focused solutions.  

• Evolving Attack Methods: Vulnerability exploits, compromised credentials, and social engineering attacks were the most prominent attack vectors in H1. There was a notable increase in the sophistication of social engineering attacks, with the emergence of new techniques like ClickFix. 

Explore additional data and insights from the frontlines of incident response, including median demands and payments, the most impacted industries, and frequently observed malware and tools.