Trends in Ransomware Attacks: Infiltration and Encryption Mechanisms of LockBit, Hive, and Akira

In 2024, approximately 65% of financial institutions worldwide reported experiencing ransomware attacks. To respond to these attacks, multiple countries engaged in international collaboration. However, the average ransom-ware payment in 2024 increased fivefold compared to the previous year. This indicates that the ransomware threat remains persistent. In particular, the spread of the RaaS (Ransomware-as-a-Service) model and the sophistication of attack techniques have increased the importance of technical ransomware analysis. This paper summarizes existing technical analysis studies on Lock-Bit, Hive, and Akira ransomware and examines the evolution of ransom-ware, focusing on technical changes. Specifically, we distinguish between in-filtration and encryption methods to derive generalized evolution patterns and discuss directions for future work.