Hackers continued to use malware, tools in Q1 that let their operations go undetected: Report

New Delhi, May 24: Hackers continued to utilise malware and increasingly relied on tools with legitimate uses that allowed cybercriminal operations to go undetected for longer in the first quarter (Q1) of this year, a new report showed on Friday.

In its Q1 2024 Crimeware Report, the global cyber risk management company Arete showed that median ransom payments rose slightly from Q4 to Q1 but remained about the same as the median payments for all of 2023.

"This report highlights the importance of vigilance and collaboration in the face of ransomware and extortion attacks," said Chris Martenson, Arete’s Chief Data Officer.

According to the report, throughout Q1, law enforcement continued to pressure large RaaS (Ransomware-as-a-Service) groups, significantly disrupting LockBit’s operations.

Meanwhile, ALPHV used prior law enforcement actions to leave its brand in an exit scam.

With LockBit and ALPHV’s combined activity no longer comprising the majority of ransomware engagements, the report observed a much broader and more evenly distributed threat landscape, with activity from groups including 8Base, BianLian, Black Basta, Cactus, DragonForce, Hunters International, and others.