Article

Ransomware: Threat activities, trends, and continuing evolution

Global threat assessment by Deloitte Cyber Threat Intelligence

Past ransomware operators were less sophisticated and relied on physical disks containing the infected files, which threat actors then sent to potential targets. The ransom amounts were small in the 1980s and ’90s; they have since evolved to adopt a more-effective ransomware-as-a-service (RaaS) model that enables them to demand exorbitant ransom amounts involving tens of millions of dollars in some cases.

During 2022, using Deloitte internal sources, Deloitte Cyber Threat Intelligence (CTI) observed more than 100 distinct ransomware families in the wild. While analyzing the top ransomware trends, Deloitte CTI observed that a few ransomware families remain highly active and caused disruptions during 2022. The top ransomware families highlighted in this threat study are the operators of LockBit, ALPHV, and Hive ransomware.

The evolution of ransomware from physical disks to the RaaS model has transformed the cybersecurity landscape. Ransomware attacks have become more sophisticated, lucrative, and widespread. Understanding the dynamics of this evolving threat is crucial for organizations and individuals seeking to protect themselves from the ever-present ransomware menace.

This white paper outlines the following:

Evolution of ransomware
Ransomware operators and families
Recent government response and takedown operations
Deloitte Cyber Threat Intelligence (CTI) assessment

Please fill out the form below to gain access to the report

First name*

Last name*

Email*

Company*

Title*

Location*

I agree to receive emailed reports, articles, event invitations and other information related to Deloitte products and services. I understand I may unsubscribe at any time by clicking the link included in emails.*

Yes No

The submission of personal information through this page is subject to Deloitte's Privacy Statement and Legal Terms. I have read and accept the terms of use.*

*Required

Get in Touch

Adnan Amjad US Cyber & Strategic Risk Offering Portfolio Leader Principal aamjad@deloitte.com	Jon Korol Deloitte US Detect & Respond Leader Principal jkorol@deloitte.com
Clare Mohr Deloitte US Cyber Intelligence Lead Associate VP for Solution Delivery clmohr@deloitte.com	William Burns Deloitte US Cyber Detect & Respond Advisory Managing Director Adversary Pursuit Organization wburns@deloitte.com

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Viewing offline content

Tax

Consulting

Audit & Assurance

Deloitte Private

M&A and Restructuring

Risk & Financial Advisory

AI & Analytics

Cloud

Diversity, Equity & Inclusion

Consumer

Energy, Resources & Industrials

Financial Services

Government & Public Services

Life Sciences & Health Care

Technology, Media & Telecommunications

Spotlight

Topics

Industries

More from Deloitte Insights

Careers

Students

Experienced Professionals

Job Search

Life at Deloitte

Alumni Relations

Ransomware: Threat activities, trends, and continuing evolution

Global threat assessment by Deloitte Cyber Threat Intelligence

Please fill out the form below to gain access to the report

Get in Touch

Recommendations

Link your accounts

Viewing offline content

Ransomware: Threat activities, trends, and continuing evolution

Global threat assessment by Deloitte Cyber Threat Intelligence

Please fill out the form below to gain access to the report

Get in Touch

Recommendations

Link your accounts

You previously joined My Deloitte using the same email. Log in here with your My Deloitte password to link accounts. | | Deloitte users: Log in here one time only with the password you have been using for Dbriefs/My Deloitte.

You've previously logged into My Deloitte with a different account. Link your accounts by re-verifying below, or by logging in with a social media account.

Looks like you've logged in with your email address, and with your social media. Link your accounts by signing in with your email or social account.