Power Rankings: Ransomware Malicious Quartile

Ransomware attacks continue to be extremely lucrative, with ransom demands and recovery costs bleeding victim organizations for millions of dollars. And things change fast in this space – RaaS groups rise and fall with law enforcement takedowns, or disband and reorganize under different brands, so it can all be a little confusing. Each quarter, the Halcyon team of ransomware experts put together a RaaS power rankings guide for the ransomware threat landscape

Compare Quarters

Most recent quartiles

Extortion Attack Group Guide

Power Rankings Q2 2024

Ransomware attacks continue to plague nearly every major business sector as well as state and local Governments. The relentless pace of attacks brings into question whether organizations fully understand the threat and what steps need to be taken to reduce the risk of costly disruptions.

There need to be real consequences – not just for those who are orchestrating the attacks and benefitting financially, but also for the nation-states who are benefiting geopolitically. Until there are real consequences on the table, we will see these attackers continue to brazenly act with impunity.

The Halcyon team of ransomware experts has put together this extortion group power rankings guide as a quick reference for the extortion threat landscape based on data from throughout Q2- 2024.

Extortion Attack Group Guide

Power Rankings Q1 2024

Ransomware attacks in 2023 broke nearly all previous records, with the majority (75%) of organizations reported being targeted by at least one ransomware attack, and 26% reporting they were targeted with ransomware four or more times. But the first quarter of 2024 is telling a bit of a different story, with some research indicating that ransomware attacks may have decreased by 20% or more from levels observed in the last quarter of 2023. Several factors may be at play in prompting the drop in attacks, including law enforcement actions against two of the top ransomware-as-a-service (RaaS) platform providers — LockBit and BlackCat/ALPHV — as well as a push by governments and some security experts to ban ransomware payments.

Extortion Attack Group Guide

Power Rankings Q4 2023

Ransomware remains one of the most significant threats to organizations of all sizes in all industry verticals. Following a bit of a lull the previous year, the first half of 2023 saw more victims impacted by ransomware attacks than in all of 2022 as threat actors continue to leverage Ransomware-as-a-Service (RaaS) platforms to execute their attacks. The vast majority (75%) of organizations reported being targeted by at least one ransomware attack in 2023, with 26% reporting they were targeted with ransomware four or more times.

Extortion Attack Group Guide

Power Rankings Q3 2023

Ransomware poses an existential threat to organizations of all sizes in any vertical. Ransomware attacks continue to be extremely lucrative, with ransom demands and recovery costs bleeding victim organizations for millions of dollars. 

Ransomware-as-a-Service (RaaS) and other operators are implementing novel evasion techniques into their payloads specifically designed to evade or completely circumvent traditional endpoint protection solutions.

Extortion Attack Group Guide

Power Rankings Q2 2023

More than 2,300 organizations succumbed to ransomware attacks in just the first half of 2023 according to the most recent data, with the vast majority carried out by only three ransomware operators: LockBit(35.3%), ALPHV/BlackCat (14.2%), and Cl0p (11.9%).

Overall, ransomware attacks were up 74% in Q2-2023 over Q1 volumes.

Extortion Attack Group Guide

Power Rankings Q1 2023

Over the course of 2022, 85% of companies were the victim of at least one ransomware attack, and 74% had experienced multiple attacks. Ransomware has fast become the greatest risk to organizations today.

Ransomware attacks continue to be extremely lucrative, with ransom demands and recovery costs bleeding victim organizations for millions of dollars.

Calculate ROI vs Risk FOR YOURSELF

Looking for Past Quartiles?

Compare previous quarters to see where groups did the most damage from past attacks. Discover when specific groups fell off the map. Find historical ransomware operator knowledge and more.

RaaS_vs_SaaS.exe
Ransomware Groups are operating similarly to any SaaS Organization...
The average cost of remediating  a ransomware attack in 2023
Financially Motivated and Driven by Profits
Top-Down Corporate Organizational Structure
24/7 Online Customer Support
New Features and Bug Fixes Released Regularly
Partner Program to Expand Footprint
Leverages Modern Software Development Tools
Learn more about the global consequences of Ransomware operations

Visit Recent Ransomware Attacks

The  Recent Ransomware Attacks (RRA) site acts as a watchtower, providing near real-time ransomware tracking of attacks, groups and their victims. Given threat actors' overarching. lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

Calculate your risk exposure to ransomware

Return on Investment (ROI) is one of the most important metrics in your business. Cybersecurity is no exception. Modern solutions, like Halcyon's multi-layered protection with endpoint resilience, saves you from new ransomware threats, while saving your bottom line too.

Witness Halcyon stop the most recent ransomware

The Halcyon Anti-Ransomware Platform is the industry’s first dedicated, adaptive security purpose-built to stop ransomware. Halcyon is a lightweight agent, built by attackers to stop attackers, combining multiple proprietary advanced prevention engines along with AI models trained specifically on ransomware TTPs.

Halcyon Logo Icon only