Q3 2024 Crimeware Report
The report leverages data collected during Arete’s response to ransomware and extortion attacks during Q3 2024 and explores the most observed threat groups, trends in ransom demands and payments, industries targeted by ransomware attacks, and the impact of law enforcement actions.
Key Findings:
- New ransomware groups continued to emerge throughout Q3, with some newcomers bearing similarities to Ransomware-as-a-Service (RaaS) organizations that previously shut down their operations or reportedly sold their source code.
- The percentage of companies and organizations paying ransoms remained low in Q3, but there was an increase in both initial demands and median payments made.
- In Q3, threat actors did not appear to intentionally target specific industries, unlike in Q2 when the Fog ransomware group regularly targeted organizations in the education sector.
- Cybercriminals continued to leverage most of the same malware variants and legitimate tools observed in the first half of 2024, except Cobalt Strike, which was observed notably less in Q3.
Leverage Arete’s data and threat intelligence from every aspect of the threat lifecycle to better understand the evolving threat landscape. We are dedicated to protecting our clients, informing our partners, and contributing to the shared fight against cyber extortion.