Gentleman ransomware: Ransomware groups grow revenue by almost 40% in Q1 2026

Gentleman ransomware: Ransomware groups grow revenue by almost 40% in Q1 2026

Ransomware Revenue Surges 39% Year-on-Year as Cybercriminal Ecosystem Matures

In the first quarter of 2026, ransomware groups generated an estimated $529.2 million a 39% increase compared to the same period in 2025, according to a report by cybersecurity firm Rapid7. The growth highlights the expanding sophistication and resilience of cybercriminal operations.

Two prominent groups drove much of the revenue: Qilin amassed $193 million between July 2025 and March 2026, while Gentleman ransomware earned $52 million in the same period. The surge is attributed to the rise of initial access brokers (IABs), who sell compromised network access on dark web marketplaces, allowing ransomware operators to bypass the technical challenges of breaching systems themselves.

Rapid7 likened ransomware groups to legitimate businesses, noting their ability to adapt and maintain operations despite disruptions. Unlike traditional enterprises, these criminal networks are designed to persist even if individual components such as servers or groups are dismantled, ensuring continuity through a decentralized ecosystem.

The findings underscore the maturation of the cybercrime economy, where specialized services from access brokering to ransomware-as-a-service (RaaS) have lowered the barrier to entry, enabling even less technically skilled actors to launch attacks. The report suggests that the resilience of these operations poses a growing challenge for cybersecurity defenses.

Source: https://www.techradar.com/pro/security/ransomware-groups-grow-revenue-by-almost-40-percent-in-q1-2026

NCC Group cybersecurity rating report: https://www.rankiteo.com/company/ncc-group

"id": "NCC1780403012",
"linkid": "ncc-group",
"type": "Ransomware",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'attack_vector': 'Initial Access Brokers (IABs)',
 'date_detected': '2026-Q1',
 'description': 'In the first quarter of 2026, ransomware groups generated an '
                'estimated $529.2 million, a 39% increase compared to the same '
                'period in 2025. The growth highlights the expanding '
                'sophistication and resilience of cybercriminal operations, '
                'driven by initial access brokers (IABs) and '
                'ransomware-as-a-service (RaaS).',
 'impact': {'financial_loss': '$529.2 million (Q1 2026)'},
 'initial_access_broker': {'entry_point': 'Compromised network access sold on '
                                          'dark web marketplaces'},
 'lessons_learned': 'The maturation of the cybercrime economy, including '
                    'specialized services like IABs and RaaS, has lowered the '
                    'barrier to entry for ransomware attacks, making them more '
                    'resilient and harder to disrupt.',
 'motivation': 'Financial gain',
 'post_incident_analysis': {'root_causes': 'Rise of initial access brokers '
                                           '(IABs) and ransomware-as-a-service '
                                           '(RaaS) enabling less technically '
                                           'skilled actors to launch attacks.'},
 'ransomware': {'ransomware_strain': ['Qilin', 'Gentleman ransomware']},
 'references': [{'source': 'Rapid7'}],
 'threat_actor': ['Qilin', 'Gentleman ransomware'],
 'title': 'Ransomware Revenue Surges 39% Year-on-Year as Cybercriminal '
          'Ecosystem Matures',
 'type': 'Ransomware'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.