Rapid7 Ransomware Radar Report charts ransomware group activity

New Rapid7 research analyzes more than 70 active ransomware groups, 21 of which were new in 2024.

Rapid7 has released its Ransomware Radar Report in conjunction with the company’s presence at Black Hat USA. The all-new research report provides a fresh perspective on the global ransomware threat by analyzing, comparing, and contrasting attacker activity and techniques over an 18-month period ending June 30, 2024.

According to the report, ransomware groups continue to refine their craft, building and scaling business models that resemble legitimate corporate enterprises. They market their services to prospective buyers, offer company insiders commissions in exchange for access, and run formal bug bounty programs. In addition, Rapid7 researchers found three major clusters of ransomware families with similar source code, indicating that ransomware groups are focusing their development efforts on quality over quantity.

“The Ransomware Radar Report uses data to tell the story of how ransomware and the threat actors that wield it are evolving,” said Christiaan Beek, senior director, threat analytics at Rapid7. “For example, the related source code, combined with a continuing decline in the number of unique ransomware families, suggests a move toward more specialized and highly effective ransomware variants, rather than a broad array of less sophisticated malware.”

Additional key findings from the Ransomware Radar Report include:

21 new groups have surfaced: Within the first six months of 2024, Rapid7 observed 21 new ransomware groups entering the scene. Some of these groups are brand new while others are previously known groups rebranding under a new name. One of the most notable of these new groups, RansomHub, has quickly established itself as a prominent extortion group by making 181 posts to its leak site between February 10 and June 30, 2024.

Leak site posts are up 23%: Each leak site post represents an extortion attempt. The number of ransomware groups actively posting to leak sites is increasing, from an average of 24 groups posting per month in the first half (H1) of 2023 to 40 per month in H1 2024. Furthermore, 68 ransomware groups made a total of 2,611 leak site posts between January and June, representing a 23% increase in the number of posts made in H1 2023.

Smaller organizations have become a more frequent target: In examining the revenue distribution of companies listed within access broker postings, Rapid7 noted that companies with annual revenues around $5 million are falling victim to ransomware twice as often as those in the $30-50 million range and five times more frequently than those with a $100 million revenue. This finding could suggest that such companies are large enough to hold valuable data but not as well protected as their larger counterparts.

“The report’s insights into the ransomware landscape are crucial for informing Defenders’ cybersecurity strategies,” said Beek. “From our own detection engineering point of view, the clusters and additional report information, such as the usage and type of encryption algorithms, help us uplevel hunting techniques and prevention, detection, and response technologies. Rapid7 continually investigates new techniques used by threat actors and ransomware operators, tests them against our patented Ransomware Prevention technology, and creates new preventions to ensure customers are protected against the latest threats.”

Unveiled at the RSAC™ Conference, the 2025 LevelBlue Futures Report finds only 29% of executives...
New Cisco innovations address the complexities for security professionals to embrace the AI era in...
New company unites decades of experience to deliver consulting services grounded in pioneering...
New innovations secure AI, data, identities and SaaS applications – expanding CrowdStrike’s...
DigiCert has released findings from a new survey that uncovers a significant gap between enterprise...
BlueVoyant’s Continuous Optimisation for Microsoft Security service empowers clients with...
New report highlights top trends and expert insights around AI’s transformation of the video...
MetTel, a five-time leader of the Gartner Magic Quadrant for Managed Network Services, will deliver...