Rapid7 Ransomware Radar Report Charts Ransomware Group Activity and Methodologies for Fresh Insights
Rapid7 (NASDAQ: RPD) has released its Ransomware Radar Report, analyzing over 70 active ransomware groups, including 21 new ones in 2024. The report reveals that ransomware groups are refining their techniques, operating like legitimate enterprises with marketing strategies and bug bounty programs. Key findings include:
1. A 23% increase in leak site posts, totaling 2,611 in H1 2024.
2. Smaller organizations with ~$5 million annual revenue are targeted more frequently.
3. Three major clusters of ransomware families with similar source code were identified.
4. The number of groups posting to leak sites increased from 24 per month in H1 2023 to 40 per month in H1 2024.
This research aims to inform cybersecurity strategies and improve ransomware prevention, detection, and response technologies.
Rapid7 (NASDAQ: RPD) ha pubblicato il suo Rapporto Ransomware Radar, analizzando oltre 70 gruppi di ransomware attivi, inclusi 21 nuovi nel 2024. Il rapporto rivela che i gruppi di ransomware stanno affinando le loro tecniche, operando come imprese legittime con strategie di marketing e programmi di bug bounty. I risultati chiave includono:
1. Un incremento del 23% nei post sui siti di leak, raggiungendo un totale di 2.611 nel primo semestre del 2024.
2. Le organizzazioni più piccole con un fatturato annuale di circa 5 milioni di dollari sono più frequentemente nel mirino.
3. Sono stati identificati tre principali gruppi di famiglie di ransomware con codice sorgente simile.
4. Il numero di gruppi che pubblicano sui siti di leak è aumentato da 24 al mese nel primo semestre del 2023 a 40 al mese nel primo semestre del 2024.
Questa ricerca mira a informare le strategie di cybersicurezza e a migliorare le tecnologie di prevenzione, rilevamento e risposta ai ransomware.
Rapid7 (NASDAQ: RPD) ha publicado su Informe Ransomware Radar, analizando más de 70 grupos de ransomware activos, incluidos 21 nuevos en 2024. El informe revela que los grupos de ransomware están refinando sus técnicas, operando como empresas legítimas con estrategias de marketing y programas de recompensas por errores. Los hallazgos clave incluyen:
1. Un aumento del 23% en las publicaciones en sitios de filtración, alcanzando un total de 2,611 en el primer semestre de 2024.
2. Las organizaciones más pequeñas con alrededor de 5 millones de dólares en ingresos anuales son más frecuentemente el objetivo.
3. Se identificaron tres grupos principales de familias de ransomware con código fuente similar.
4. El número de grupos que publican en sitios de filtración aumentó de 24 por mes en el primer semestre de 2023 a 40 por mes en el primer semestre de 2024.
Esta investigación tiene como objetivo informar sobre estrategias de ciberseguridad y mejorar las tecnologías de prevención, detección y respuesta ante ransomware.
Rapid7 (NASDAQ: RPD)는 2024년에 새로 등장한 21개를 포함하여 70개 이상의 활동적인 랜섬웨어 그룹을 분석한 랜섬웨어 레이더 보고서를 발표했습니다. 이 보고서는 랜섬웨어 그룹이 기술을 정제하고 마케팅 전략 및 버그 바운티 프로그램을 통해 합법적인 기업처럼 운영되고 있음을 보여줍니다. 주요 발견 사항은 다음과 같습니다:
1. 유출 사이트 게시물이 23% 증가하여 2024년 상반기에 총 2,611건에 달했습니다.
2. 연간 수익 약 500만 달러의 소규모 조직이 더 자주 표적이 됩니다.
3. 유사한 소스 코드를 가진 랜섬웨어 계통의 주요 세 가지 클러스터가 확인되었습니다.
4. 유출 사이트에 게시하는 그룹의 수가 2023년 상반기 월 24개에서 2024년 상반기 월 40개로 증가했습니다.
이 연구는 사이버 보안 전략을 알리고 랜섬웨어 예방, 탐지 및 대응 기술을 개선하는 것을 목표로 합니다.
Rapid7 (NASDAQ: RPD) a publié son Rapport Ransomware Radar, analysant plus de 70 groupes de ransomware actifs, dont 21 nouveaux en 2024. Le rapport révèle que les groupes de ransomware perfectionnent leurs techniques, opérant comme de véritables entreprises avec des stratégies marketing et des programmes de récompense pour les bogues. Les principaux résultats incluent :
1. Une augmentation de 23 % des publications sur les sites de fuite, totalisant 2 611 au premier semestre 2024.
2. Les petites organisations avec des revenus annuels d'environ 5 millions de dollars sont les plus ciblées.
3. Trois grands clusters de familles de ransomware avec un code source similaire ont été identifiés.
4. Le nombre de groupes publiant sur des sites de fuite est passé de 24 par mois au premier semestre 2023 à 40 par mois au premier semestre 2024.
Cette recherche vise à informer les stratégies de cybersécurité et à améliorer les technologies de prévention, de détection et de réponse aux ransomware.
Rapid7 (NASDAQ: RPD) hat seinen Ransomware Radar Bericht veröffentlicht, der über 70 aktive Ransomware-Gruppen analysiert, einschließlich 21 neuer Gruppen im Jahr 2024. Der Bericht zeigt, dass Ransomware-Gruppen ihre Techniken verfeinern und wie legale Unternehmen mit Marketingstrategien und Bug-Bounty-Programmen operieren. Die wichtigsten Ergebnisse sind:
1. Ein Anstieg der Beiträge auf Leck-Seiten um 23%, insgesamt 2.611 im ersten Halbjahr 2024.
2. Kleinere Organisationen mit einem Jahresumsatz von etwa 5 Millionen Dollar werden häufiger angegriffen.
3. Es wurden drei Hauptcluster von Ransomware-Familien mit ähnlichem Quellcode identifiziert.
4. Die Anzahl der Gruppen, die auf Leck-Seiten posten, stieg von 24 pro Monat im ersten Halbjahr 2023 auf 40 pro Monat im ersten Halbjahr 2024.
Diese Forschung zielt darauf ab, Strategien zur Cybersicherheit zu informieren und Technologien zur Prävention, Erkennung und Reaktion auf Ransomware zu verbessern.
- Release of comprehensive Ransomware Radar Report, providing valuable insights for cybersecurity professionals
- Identification of 21 new ransomware groups in 2024, demonstrating Rapid7's up-to-date threat intelligence
- 23% increase in leak site posts, indicating growing market demand for Rapid7's security solutions
- Development of patented Ransomware Prevention technology, potentially increasing product offerings and revenue
- Increasing sophistication of ransomware groups may lead to more challenging cybersecurity landscape, potentially straining Rapid7's resources
- Shift towards targeting smaller organizations might impact Rapid7's pricing strategy and revenue from larger enterprise clients
Insights
The Rapid7 Ransomware Radar Report offers valuable insights into the evolving ransomware landscape. The 23% increase in leak site posts and emergence of 21 new ransomware groups in H1 2024 indicate an intensifying threat environment. This could potentially lead to increased demand for cybersecurity solutions, benefiting companies like Rapid7.
The trend towards targeting smaller organizations with revenues around
The report's findings have positive implications for Rapid7's market position. The company's research demonstrates its thought leadership in the cybersecurity space, which could enhance its brand value and attract new customers. The increasing sophistication of ransomware groups, evidenced by their enterprise-like operations, suggests a growing need for advanced threat detection and prevention solutions.
Rapid7's patented Ransomware Prevention technology positions the company well to capitalize on this trend. However, investors should note that the cybersecurity market is highly competitive and Rapid7 will need to continuously innovate to maintain its edge. The company's presence at Black Hat USA and its proactive approach to sharing research could help in building customer trust and expanding its market share.
The Ransomware Radar Report reveals a significant shift in the ransomware ecosystem. The consolidation of ransomware families into three major clusters suggests a trend towards specialization and efficiency in malware development. This evolution mirrors legitimate software industry practices, indicating that ransomware is becoming a more sophisticated and persistent threat.
For the tech industry, this means cybersecurity must be integrated more deeply into all aspects of software and hardware development. The report's findings could drive increased investment in AI and machine learning-based security solutions to counter these evolving threats. Tech companies may need to allocate more resources to security R&D and consider strategic partnerships or acquisitions in the cybersecurity sector to stay ahead of these rapidly evolving threats.
New Rapid7 research analyzes more than 70 active ransomware groups, 21 of which were new in 2024
LAS VEGAS, Aug. 06, 2024 (GLOBE NEWSWIRE) -- Rapid7, Inc. (NASDAQ: RPD), a leader in extended risk and threat detection, today announced the release of its Ransomware Radar Report in conjunction with the company’s presence at Black Hat USA. The all-new research report provides a fresh perspective on the global ransomware threat by analyzing, comparing, and contrasting attacker activity and techniques over an 18-month period ending June 30, 2024.
According to the report, ransomware groups continue to refine their craft, building and scaling business models that resemble legitimate corporate enterprises. They market their services to prospective buyers, offer company insiders commissions in exchange for access, and run formal bug bounty programs. In addition, Rapid7 researchers found three major clusters of ransomware families with similar source code, indicating that ransomware groups are focusing their development efforts on quality over quantity.
“The Ransomware Radar Report uses data to tell the story of how ransomware and the threat actors that wield it are evolving,” said Christiaan Beek, senior director, threat analytics at Rapid7. “For example, the related source code, combined with a continuing decline in the number of unique ransomware families, suggests a move toward more specialized and highly effective ransomware variants, rather than a broad array of less sophisticated malware.”
Additional key findings from the Ransomware Radar Report include:
- 21 new groups have surfaced: Within the first six months of 2024, Rapid7 observed 21 new ransomware groups entering the scene. Some of these groups are brand new while others are previously known groups rebranding under a new name. One of the most notable of these new groups, RansomHub, has quickly established itself as a prominent extortion group by making 181 posts to its leak site between February 10 and June 30, 2024.
- Leak site posts are up
23% : Each leak site post represents an extortion attempt. The number of ransomware groups actively posting to leak sites is increasing, from an average of 24 groups posting per month in the first half (H1) of 2023 to 40 per month in H1 2024. Furthermore, 68 ransomware groups made a total of 2,611 leak site posts between January and June, representing a23% increase in the number of posts made in H1 2023. - Smaller organizations have become a more frequent target: In examining the revenue distribution of companies listed within access broker postings, Rapid7 noted that companies with annual revenues around
$5 million are falling victim to ransomware twice as often as those in the$30 -50 million range and five times more frequently than those with a$100 million revenue. This finding could suggest that such companies are large enough to hold valuable data but not as well protected as their larger counterparts.
“The report’s insights into the ransomware landscape are crucial for informing Defenders’ cybersecurity strategies,” said Beek. “From our own detection engineering point of view, the clusters and additional report information, such as the usage and type of encryption algorithms, help us uplevel hunting techniques and prevention, detection, and response technologies. Rapid7 continually investigates new techniques used by threat actors and ransomware operators, tests them against our patented Ransomware Prevention technology, and creates new preventions to ensure customers are protected against the latest threats.”
Security practitioners and other stakeholders fighting ransomware can access the full report now at https://www.rapid7.com/research/report/ransomware-radar-report/. The schedule of Rapid7’s Black Hat USA events and on-site meeting request form are both available here: https://rapid7.registration.goldcast.io/events/015dcea6-f4ab-4258-8004-58dfdec9c959.
About the Ransomware Radar Report
The Rapid7 Ransomware Radar Report provides a comprehensive analysis of ransomware incidents and binaries recorded and gathered globally, offering insights into trends, attacker profiles, ransomware families, and the implications for cybersecurity defenses. The data used for the report comes from Rapid7’s incident response teams and independent Rapid7 Labs research. The ransomware sample dataset used consists of (i) prevalent and available ransomware families from 2023 which continued their operations into 2024, and (ii) new 2024 ransomware samples that were observed until the end of June, 2024.
About Rapid7
Rapid7, Inc. (NASDAQ: RPD) is on a mission to create a safer digital world by making cybersecurity simpler and more accessible. We empower security professionals to manage a modern attack surface through our best-in-class technology, leading-edge research, and broad, strategic expertise. Rapid7’s comprehensive security solutions help more than 11,000 global customers unite cloud risk management with threat detection and response to reduce attack surfaces and eliminate threats with speed and precision. For more information, visit our website, check out our blog, or follow us on LinkedIn or X.
Rapid7 Media Relations
Stacey Holleran
Sr. Manager, Global Communications
press@rapid7.com
(857) 216-7804
Rapid7 Investor Contact
Elizabeth Chwalk
Sr. Director, Investor Relations
investors@rapid7.com
(617) 865-4277
FAQ
How many new ransomware groups did Rapid7 identify in the first half of 2024?
What was the percentage increase in leak site posts for ransomware groups in H1 2024 compared to H1 2023?
Which company size is being targeted more frequently by ransomware groups according to Rapid7's report?