Ransomware Radar Report

The first half of 2024 has witnessed a substantial evolution in the ransomware ecosystem, underscoring significant shifts in attack methodologies, victimology, and cybercriminal tactics. Rapid7 Labs has tracked more than 2,570 ransomware incidents so far this year, equating to an average of 14 publicly-claimed incidents per day. Since many incidents continue to go unreported, the actual numbers are likely much higher.

Ransomware knows no borders and neither do the groups unleashing it. Rather than picturing these groups as a collection of individuals in hoodies, we must extend our collective imagination to fathom the international business model that delivers the end product — ransomware — to our doorsteps.

This research report provides a comprehensive analysis of ransomware incidents and binaries recorded and gathered globally, offering insights into trends, attacker profiles, ransomware families, and the implications for cybersecurity defenses.

The data used for this report comes from Rapid7’s incident response teams and independent Rapid7 Labs research. The ransomware sample dataset we used consists of (i) prevalent and available ransomware families from 2023 which continued their operations into 2024, and (ii) new 2024 ransomware samples that were observed until the end of June, 2024.