RaaS ecosystem analysis shows automation and tooling now drive group success
Threat Actor Meta
Summary
Hide ▲
Show ▼
Research on ransomware-as-a-service (RaaS) now ties the strongest group performance to automation, customization, and advanced tooling, increasing enterprise extortion risk across the ransomware ecosystem.
Related Happenings
TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns
Threat Actor Meta
First: 31.03.2026 15:15
Last: 31.03.2026 15:15
Sources 1
About this happening:
TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...
TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns
Threat Actor MetaAbout this happening: TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...
DragonForce campaign expands across multiple victims
Campaign
First: 03.12.2025 17:05
Last: 03.12.2025 17:05
Sources 1
About this happening:
**DragonForce** and **Scattered Spider** are driving a **multistage ransomware campaign** that pairs social engineering with follow-on encryption to hit **high-value targets world...
DragonForce campaign expands across multiple victims
CampaignAbout this happening: **DragonForce** and **Scattered Spider** are driving a **multistage ransomware campaign** that pairs social engineering with follow-on encryption to hit **high-value targets world...
DragonForce, LockBit, and Qilin form a new ransomware alliance
Threat Actor Meta
First: 08.10.2025 15:04
Last: 08.10.2025 15:04
Sources 1
About this happening:
**LockBit** has effectively returned after **Operation Cronos** disrupted the group in **early 2024**, with **at least a dozen organizations** hit by **LockBit-branded ransomware*...
DragonForce, LockBit, and Qilin form a new ransomware alliance
Threat Actor MetaAbout this happening: **LockBit** has effectively returned after **Operation Cronos** disrupted the group in **early 2024**, with **at least a dozen organizations** hit by **LockBit-branded ransomware*...
Latest development: 24.10.2025 18:15
Check Point identified at least a dozen organizations hit by LockBit-branded ransomware attacks in September 2025, with about half of the observed victims infected by LockBit 5.0 and the rest targeted with LockBit 3.0, also known as LockBit Black. The attacks spanned Western Europe, the Americas, and Asia, and affected both Windows and Linux systems.
September 2024 intrusion tooling analysis of SectopRAT, SystemBC, and Betruger
Technical Analysis
First: 09.09.2025 13:36
Last: 09.09.2025 13:36
Sources 1
About this happening:
Researchers reconstructed a **September 2024 intrusion** that used **SectopRAT**, **SystemBC**, and **Betruger** to support persistence, discovery, credential theft, and data exfi...
September 2024 intrusion tooling analysis of SectopRAT, SystemBC, and Betruger
Technical AnalysisAbout this happening: Researchers reconstructed a **September 2024 intrusion** that used **SectopRAT**, **SystemBC**, and **Betruger** to support persistence, discovery, credential theft, and data exfi...
Timeline
-
04.11.2025 23:31 2 articles · 6mo ago
ReliaQuest links RaaS success to automation, customization, and advanced tooling
Technical Analysis UpdateReliaQuest measures ransomware success by the number of victims posted to a group's data leak site and says the strongest ransomware-as-a-service (RaaS) groups combine automation, customization, and advanced tooling. The analysis says 80% of studied RaaS groups used some automation or AI, average breakout time is 18 minutes, and top-tier groups can bypass and disable EDR and antivirus tools or delete backups.
Show sources
- What Makes Ransomware Groups Successful? — www.darkreading.com — 04.11.2025 23:31
- What Makes Ransomware Groups Successful? — www.darkreading.com — 04.11.2025 23:31