Ransomware Quarterly Reports

In Q3 2024 Law enforcement actions disrupted infrastructure and publicized the identity of several prolific ransomware threat actors

Unaffiliated ‘lone wolf’ threat actors carry out a greater share of attacks as they attempt to obfuscate their identity in Q2 2024.

RaaS developers were caught cheating their affiliates, shaking the trust in the RaaS model following several high profile law enforcement actions.

A lower percentage of ransomware victims are paying, as new regulations begin to elicit more and more public disclosure of ransomware incidents.

In Q3 2023 a series of ransomware attacks by similar threat actors created headlines and blurred the lines of attribution.

As ransomware affiliates are paid less frequently, they have adapted their strategies to compensate for the shifting dynamics of cyber extortion.

Ransomware threat actors are moving back up-market in search of lost profits as the cyber extortion economy seeks to halt its contraction. 

Only 37% of ransomware victims paid a ransom in Q4, a record low as security and backup continuity investments pay off.

The conviction of a high profile security executive who paid to suppress a data leak has created a new dimension of risk for security executives.

Ransomware actors became more fluid in Q2 2022 as attribution becomes harder, and fewer victims succumb to paying cyber criminals.

Less Victims of Ransomware are Paying, even as Cybercriminals Shift from Big Game to Big Shame Hunting

Ransomware as a service groups are shifting their tactics as enterprises become harder targets, and law enforcement pressure mounts.

Ransomware attacks continued to proliferate in Q3 as governments and law enforcement ratchet up the pressure of the cyber extortion economy

Ransomware payment amounts declined in Q2 as several high profile attacks escalated the attention of the US government and law enforcement.

Ransomware attacks continued to proliferate in Q1 2021 as several common but unpatched software vulnerabilities created a fresh supply of compromised network access to ransomware affiliates.

See how doxxing victims are distributed across industries, company sizes, and revenue tiers. Find Coveware’s data and analysis on doxxing trends in Q4.

Coveware’s Q4 Ransomware Report finds that fewer companies are paying criminal extortionists that are holding stolen data for ransom.

Ransomware attacks in Q3 2020 were marked by a larger reliance on stolen data. During the quarter, Maze sunset their operations while Ryuk restarted their campaign.

During the first quarter of 2020 ransomware threat actors took advantage of the economic and workplace disruption caused by the COVID-19 outbreak. A proliferation of new variants were observed as some regular ransomware types began to fade. Read on!

During the first quarter of 2020 ransomware threat actors took advantage of the economic and workplace disruption caused by the COVID-19 outbreak. A proliferation of new variants were observed as some regular ransomware types began to fade. Read on!

Ransom demands more than doubled between Q3 and Q4 of 2019, as multiple variants gained broader distribution amongst enterprises large and small.

Coveware’s Q3 2019 report aggregates ransomware statistics such as average demands, data recovery rates, and network attack vectors.

Coveware’s Q2 2019 Ransomware Marketplace report aggregates statistics such as cyber extortion demands, ransomware data recovery rates, and network attack vectors from ransomware attacks.

Q1 2019 Ransomware Marketplace report aggregates statistics such as ransom demands, data recovery rates and attack vectors from ransomware attacks