TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Coveware

Will Law Enforcement success against ransomware continue in 2025?

Bill Siegel · 2025-02-04 · Read original ↗

ATT&CK techniques detected

17 predictions
T1486Data Encrypted for Impact
98%
"types of attacks are a smaller proportion of overall attacks than ones that involve encryption. the data suggests that encryption attacks are becoming relatively less successful as an extortion tactic, suggesting the enterprises are continuing to effectively harden and sustain th…"
T1486Data Encrypted for Impact
98%
"additionally, low ransom payment rates further complicate data collection, as organizations often bypass post - attack forensic efforts when payments are not made. discovery [ ta0007 ] : discovery re - emerged in the top 5 at 39 %, highlighting the continued use of various tools …"
T1486Data Encrypted for Impact
95%
"the extortion market even though we are nearly a year out from the back - to - back collapses of two prominent ransomware - as - a - service ( raas ) groups. lone actors seized a sizable slice of the market in q1 - 2024 shortly after these high profile raas exits, which at the ti…"
T1486Data Encrypted for Impact
94%
"in prison for his role in the netwalker ransomware operation. the year ended with another significant arrest — on december 31, a u. s. soldier was taken into custody for allegedly hacking at & t and verizon systems. the crackdown on cybercrime continues into 2025, with the uk gov…"
T1486Data Encrypted for Impact
94%
"the snowflake data breach, a major cybersecurity incident. shortly after, on november 18, 42 - year - old evgenii ptitsyn, linked to the phobos ransomware variant, was extradited from south korea to the united states to face charges. later that month, operation serengeti dismantl…"
T1566Phishing
86%
"2024 threat actors are constantly refining their tactics, leveraging ai, seo manipulation, and advanced social engineering to enhance remote access compromises and phishing attacks, making them more sophisticated and difficult to detect. phishing remains a primary attack vector, …"
T1486Data Encrypted for Impact
81%
"will law enforcement success against ransomware continue in 2025? table of contentsfighting cybercrimepayment ratescase outcomestypes of ransomwareattack vectors & ttpsvictimology throughout 2024, law enforcement agencies worldwide intensified their fight against cybercrime, lead…"
T1486Data Encrypted for Impact
78%
"] : lateral movement fell to second place at 74 % ( down from 84 % ), largely driven by the use of remote services such as remote desktop protocol ( rdp ) and secure shell ( ssh ), along with lateral tool transfer via psexec. this tactic remains a key phase in nearly every attack…"
T1486Data Encrypted for Impact
66%
"more reliable indicators of where the market is trending. the median payment fell 45 % in q4 2024 to $ 110, 890. payments continue to remain primarily a last - resort option for those who have no alternative to recover critical data. faulty decryption tools from both new and old …"
T1657Financial Theft
62%
"the extortion market even though we are nearly a year out from the back - to - back collapses of two prominent ransomware - as - a - service ( raas ) groups. lone actors seized a sizable slice of the market in q1 - 2024 shortly after these high profile raas exits, which at the ti…"
T1486Data Encrypted for Impact
57%
"the increasing sophistication of data theft tactics. most common industries impacted by ransomware in q4 2024 size distribution of companies impacted by ransomware in q4 2024 ransomware attacks predominantly target mid - sized companies, with businesses ranging from 101 to 1, 000…"
T1657Financial Theft
46%
"types of attacks are a smaller proportion of overall attacks than ones that involve encryption. the data suggests that encryption attacks are becoming relatively less successful as an extortion tactic, suggesting the enterprises are continuing to effectively harden and sustain th…"
T1566.002Spearphishing Link
42%
"2024 threat actors are constantly refining their tactics, leveraging ai, seo manipulation, and advanced social engineering to enhance remote access compromises and phishing attacks, making them more sophisticated and difficult to detect. phishing remains a primary attack vector, …"
T1003OS Credential Dumping
42%
"##ti and fortinet, stolen credentials from infostealers, or brute force attacks. initial access brokers often prioritize these credentials for ransomware groups before selling them on underground markets, reinforcing the need for phishing - resistant mfa beyond sms or email. mean…"
T1657Financial Theft
38%
"additionally, low ransom payment rates further complicate data collection, as organizations often bypass post - attack forensic efforts when payments are not made. discovery [ ta0007 ] : discovery re - emerged in the top 5 at 39 %, highlighting the continued use of various tools …"
T1585.002Email Accounts
37%
"the extortion market even though we are nearly a year out from the back - to - back collapses of two prominent ransomware - as - a - service ( raas ) groups. lone actors seized a sizable slice of the market in q1 - 2024 shortly after these high profile raas exits, which at the ti…"
T1078Valid Accounts
36%
"##ti and fortinet, stolen credentials from infostealers, or brute force attacks. initial access brokers often prioritize these credentials for ransomware groups before selling them on underground markets, reinforcing the need for phishing - resistant mfa beyond sms or email. mean…"

Summary

2024 was a banner year for Law enforcement agency actions against ransomware and cybercrime groups. Will the new administration ensure this momentum continues?