Ransomware: Threat activities, trends, and continuing evolution

Global threat assessment by Deloitte Cyber Threat Intelligence

Past ransomware operators were less sophisticated and relied on physical disks containing the infected files, which threat actors then sent to potential targets. The ransom amounts were small in the 1980s and ’90s; they have since evolved to adopt a more-effective ransomware-as-a-service (RaaS) model that enables them to demand exorbitant ransom amounts involving tens of millions of dollars in some cases.

During 2022, using Deloitte internal sources, Deloitte Cyber Threat Intelligence (CTI) observed more than 100 distinct ransomware families in the wild. While analyzing the top ransomware trends, Deloitte CTI observed that a few ransomware families remain highly active and caused disruptions during 2022. The top ransomware families highlighted in this threat study are the operators of LockBit, ALPHV, and Hive ransomware.

The evolution of ransomware from physical disks to the RaaS model has transformed the cybersecurity landscape. Ransomware attacks have become more sophisticated, lucrative, and widespread. Understanding the dynamics of this evolving threat is crucial for organizations and individuals seeking to protect themselves from the ever-present ransomware menace.

This white paper outlines the following:

  • Evolution of ransomware
  • Ransomware operators and families
  • Recent government response and takedown operations
  • Deloitte Cyber Threat Intelligence (CTI) assessment

Please fill out the form below to gain access to the report

  Yes         No

Get in Touch

Adnan Amjad
US Cyber & Strategic Risk Offering Portfolio Leader

Jon Korol
Deloitte US Detect & Respond Leader

Clare Mohr
Deloitte US Cyber Intelligence Lead
Associate VP for Solution Delivery

William Burns
Deloitte US Cyber Detect & Respond Advisory
Managing Director
Adversary Pursuit Organization

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Did you find this useful?