In its Q1 2024 Crimeware Report, the global cyber risk management company Arete showed that median ransom payments rose slightly from Q4 to Q1 but remained about the same as the median payments for all of 2023.
"This report highlights the importance of vigilance and collaboration in the face of ransomware and extortion attacks," said Chris Martenson, Arete’s Chief Data Officer.
According to the report, throughout Q1, law enforcement continued to pressure large RaaS (Ransomware-as-a-Service) groups, significantly disrupting LockBit’s operations.
Meanwhile, ALPHV used prior law enforcement actions to leave its brand in an exit scam.
With LockBit and ALPHV’s combined activity no longer comprising the majority of ransomware engagements, the report observed a much broader and more evenly distributed threat landscape, with activity from groups including 8Base, BianLian, Black Basta, Cactus, DragonForce, Hunters International, and others.