Find notable cyber news and cases, enriched with sources, timelines, and signals.

RaaS ecosystem analysis shows automation and tooling now drive group success

Threat Actor Meta
First reported
Last updated
Happening score
H score 25
1 unique sources, 1 articles

Summary

Hide ▲

Research on ransomware-as-a-service (RaaS) now ties the strongest group performance to automation, customization, and advanced tooling, increasing enterprise extortion risk across the ransomware ecosystem.

Related Happenings

Gentlemen ransomware EDR-killer tooling

Malware Activity
H score35 First: 19.06.2026 01:31 Last: 19.06.2026 01:31 Sources 1

About this happening: **Gentlemen ransomware-as-a-service (RaaS)** is actively maintaining a suite of **EDR killers** led by **GentleKiller** to disable endpoint defenses before encryption. ESET says t...

The Gentlemen affiliate-driven RaaS expansion and enterprise scale-up

Threat Actor Meta
H score57 First: 21.04.2026 17:00 Last: 21.04.2026 17:00 Sources 1

About this happening: **The Gentlemen** ransomware-as-a-service operation is using an operator-maintained **EDR-killer** portfolio, led by **GentleKiller**, to disable security software before encrypti...

TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns

Threat Actor Meta
H score11 First: 31.03.2026 15:15 Last: 31.03.2026 15:15 Sources 1

About this happening: TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...

DragonForce campaign expands across multiple victims

Campaign
H score39 First: 03.12.2025 17:05 Last: 03.12.2025 17:05 Sources 1

About this happening: **DragonForce** is a **ransomware campaign** that pairs follow-on encryption with **Scattered Spider**-linked intrusion tradecraft against **high-value targets**. In **December 20...

DragonForce, LockBit, and Qilin form a new ransomware alliance

Threat Actor Meta
H score45 First: 08.10.2025 15:04 Last: 08.10.2025 15:04 Sources 1

About this happening: **LockBit** has effectively returned after **Operation Cronos** disrupted the group in **early 2024**, with **at least a dozen organizations** hit by **LockBit-branded ransomware*...

Latest development: 24.10.2025 18:15

Check Point identified at least a dozen organizations hit by LockBit-branded ransomware attacks in September 2025, with about half of the observed victims infected by LockBit 5.0 and the rest targeted with LockBit 3.0, also known as LockBit Black. The attacks spanned Western Europe, the Americas, and Asia, and affected both Windows and Linux systems.

Timeline

  1. 04.11.2025 23:31 2 articles · 8mo ago

    ReliaQuest links RaaS success to automation, customization, and advanced tooling

    Technical Analysis Update

    ReliaQuest measures ransomware success by the number of victims posted to a group's data leak site and says the strongest ransomware-as-a-service (RaaS) groups combine automation, customization, and advanced tooling. The analysis says 80% of studied RaaS groups used some automation or AI, average breakout time is 18 minutes, and top-tier groups can bypass and disable EDR and antivirus tools or delete backups.

    Show sources