Ransomware continues to menace organizations worldwide, yet law enforcement efforts are bearing fruit + Ransomware gangs claimed responsibility for targeting 6,133 victims, an increase from 5,336 victims in 2023 + The US, Canada and Europe were the top regions targeted by ransomware attacks + The most active ransomware gang in 2024 was RansomHub, accounting for 10% of reported victims. + Ransomware payments dropped by 35% worldwide due to increased law enforcement efforts Stolen access credentials continue to enable widespread cyberattacks, leading to data breaches, financial loss and system compromises + Stolen access credentials published on dark web marketplaces increased from ~ 6 million in 2023 to ~ 7.7 million in 2024 + RedLine, a popular info-stealing malware since 2020, had its infrastructure seized by law enforcement in 2024, which will likely lead to a decrease in 2025 in sales ads offering this malware + Lumma, a stealer that emerged in 2023, quickly gained prominence in 2024, becoming the most mentioned malware in the sales ads analyzed, accounting for ~50% of them 1,586 ~7M 26 40,704 6,113 cyber feeds analyzed by AI sales ads of stolen access credentials published key industries analyzed vulnerabilities published ransomware victims* claimed by threat actors Threat Snapshot 2 Blurring Boundaries 3 Vulnerability Intelligence 4 Ransomware 5 Stolen Access Credentials 6 Tips 7 Key Findings 1 3