Ransomware: Threat activities, trends, and continuing evolution
Global threat assessment by Deloitte Cyber Threat Intelligence
Past ransomware operators were less sophisticated and relied on physical disks containing the infected files, which threat actors then sent to potential targets. The ransom amounts were small in the 1980s and ’90s; they have since evolved to adopt a more-effective ransomware-as-a-service (RaaS) model that enables them to demand exorbitant ransom amounts involving tens of millions of dollars in some cases.
During 2022, using Deloitte internal sources, Deloitte Cyber Threat Intelligence (CTI) observed more than 100 distinct ransomware families in the wild. While analyzing the top ransomware trends, Deloitte CTI observed that a few ransomware families remain highly active and caused disruptions during 2022. The top ransomware families highlighted in this threat study are the operators of LockBit, ALPHV, and Hive ransomware.
The evolution of ransomware from physical disks to the RaaS model has transformed the cybersecurity landscape. Ransomware attacks have become more sophisticated, lucrative, and widespread. Understanding the dynamics of this evolving threat is crucial for organizations and individuals seeking to protect themselves from the ever-present ransomware menace.
This white paper outlines the following:
- Evolution of ransomware
- Ransomware operators and families
- Recent government response and takedown operations
- Deloitte Cyber Threat Intelligence (CTI) assessment
