- Home
- Z7 Cyber intelligence
- Raas
Raas
The Fragmentation Crisis: From 3 Giants to 85+ Operations
The simultaneous takedown of ALPHV/BlackCat and LockBit in early 2024 fundamentally transformed the threat landscape. Where security teams once tracked a few dominant major groups, they now face a fragmented market of over 85 active operations with increasingly specialized capabilities .
As payment rates drop to an all-time low of 25%, attackers are compensating with high-volume, high-value targeting and “Double Extortion” strategies, with 76% of attacks now involving data theft.
Stats Strip (Urgency & Market Shift)
Verified attacks in 2024 (Historic High)
Total ransom payments (Down 35% YoY)
Victim payment rate (Historic Low)
Average total incident cost (Up 13% YoY)
Quantified Risk: The Z7-TAF Scoring Matrix
Our full report profiles 15 primary threat actors using the proprietary Z7-TAF (Threat Actor Framework), providing quantified risk scores across operational capability and technical sophistication.
Critical Actors to Watch in 2025:
RansomHub (Z7-TAF: 8.82/10): The fastest-growing group post-ALPHV, utilizing a 90/10 affiliate split to attract elite talent .
Qilin/Agenda (Z7-TAF: 8.57/10): A critical threat with Rust-based cross-platform capability and active healthcare targeting .
Scattered Spider (Z7-TAF: 8.45/10): Social engineering specialists responsible for nine-figure impacts in the gaming and hospitality sectors.
Technical Evolution: Deep dives into EDR killers, memory-safe language adoption, and AI-weaponized phishing campaigns.
Inside the 100+ Page Comprehensive Intelligence Briefing
This summary is a strategic preview only. Download the full 10-section report to access the Z7-PRISM Predictive Intelligence forecasts, detailed TTP and MITRE ATT&CK mappings, and prioritized defensive recommendations for critical infrastructure, manufacturing, and financial services .