Q1 2025 Crimeware Report

Leveraging data collected from Arete’s response to ransomware and extortion attacks, the report explores the threat landscape during the first quarter of 2025.

Key Findings

• Akira remained the most active threat group in Q1 and was responsible for over 15% of all ransomware and extortion engagements, continuing its upward trend from 2024.
• Ransomware groups continued to refine their initial access methods, with vulnerability exploits, compromised credentials, social engineering, and ClickFix attacks emerging as the most prominent attack vectors.
• Professional, Scientific, and Technical Services was the most impacted sector in Q1. 

Explore additional data and insights from the frontlines of incident response, including median demands and payments, the most impacted industries, and frequently observed malware and tools.