Coveware Blog - Ransomware

Several ransomware groups used highly targeted social engineering tactics to create a major impact across several industry sectors in Q2 2025. 

The Ransomware-as-a-service (RaaS) model has not recovered from law enforcement disruption, and the entrance of novice actors along with non-Russian state-linked cybercriminals has led to uncertain outcomes for victims.

2024 was a banner year for Law enforcement agency actions against ransomware and cybercrime groups. Will the new administration ensure this momentum continues?

A recent Australian Financial Review (AFR) article contained statistics about ransomware payment trends that require some deeper inspection.

In Q3 2024 Law enforcement actions disrupted infrastructure and publicized the identity of several prolific ransomware threat actors

Unaffiliated ‘lone wolf’ threat actors carry out a greater share of attacks as they attempt to obfuscate their identity in Q2 2024.

RaaS developers were caught cheating their affiliates, shaking the trust in the RaaS model following several high profile law enforcement actions.

A lower percentage of ransomware victims are paying, as new regulations begin to elicit more and more public disclosure of ransomware incidents.

In Q3 2023 a series of ransomware attacks by similar threat actors created headlines and blurred the lines of attribution.

As ransomware affiliates are paid less frequently, they have adapted their strategies to compensate for the shifting dynamics of cyber extortion.

Ransomware threat actors are moving back up-market in search of lost profits as the cyber extortion economy seeks to halt its contraction. 

Only 37% of ransomware victims paid a ransom in Q4, a record low as security and backup continuity investments pay off.

The conviction of a high profile security executive who paid to suppress a data leak has created a new dimension of risk for security executives.

Ransomware actors became more fluid in Q2 2022 as attribution becomes harder, and fewer victims succumb to paying cyber criminals.

During a recent HSGAC hearing, Coveware had the opportunity to provide testimony on how ransomware attacks are impacting US companies, and the importance mandatory reporting.

Less Victims of Ransomware are Paying, even as Cybercriminals Shift from Big Game to Big Shame Hunting

The long term impact of sanctions on Russian unemployment has the potential to increase the volume of future Ransomware attacks.

Ransomware as a service groups are shifting their tactics as enterprises become harder targets, and law enforcement pressure mounts.

As the Ransomware attacks continue, the direction and growth of the RaaS model is following a traditional innovation trajectory.

Ransomware attacks continued to proliferate in Q3 as governments and law enforcement ratchet up the pressure of the cyber extortion economy