Ransomware landscape transformed in 2024 as law enforcement dismantled major groups while organizations improved recovery capabilities, prompting criminals to adapt with new tactics and alliances.
Arete’s frontline cybersecurity experts have observed significant changes in the ransomware ecosystem throughout 2024, with law enforcement actions creating substantial disruption while threat actors adapted with new tactics and alliances.
According to Arete’s annual threat report, the first half of 2024 saw major ransomware-as-a-service (RaaS) groups like LockBit and ALPHV/BlackCat largely eliminated following coordinated law enforcement operations. This created a volatile environment that spurred rapid emergence of new threat groups and partnerships, alongside growing distrust within criminal networks.
Despite these shifts, cybercriminals primarily maintained opportunistic approaches, targeting vulnerable technologies rather than specific industries. Notably, organizations demonstrated improved resilience, with a growing percentage recovering from attacks without paying ransoms.
The report identifies key trends including continued use of familiar malware variants and legitimate tools from 2023, but notes a concerning increase in the development of endpoint detection and response (EDR) evasion capabilities. In the Asia-Pacific region, ransomware operations have grown more sophisticated, particularly targeting critical sectors including healthcare, finance, government, and infrastructure.
Despite these shifts, cybercriminals primarily maintained opportunistic approaches, targeting vulnerable technologies rather than specific industries.
Looking ahead to 2025, Arete predicts relative stability in the ransomware ecosystem absent further law enforcement disruptions, with groups like Akira, RansomHub, and Fog likely dominating the landscape. However, as organizational recovery capabilities improve, threat actors may respond with more disruptive attacks or higher ransom demands to offset declining payment rates.
The evolution of more sophisticated EDR evasion tools and increased exploitation of vulnerabilities are anticipated challenges for 2025, requiring continued vigilance from security teams.
Arete emphasizes its ongoing commitment to supporting cyberattack victims, helping organizations worldwide regain control of compromised systems and restore normal business operations.
