--- title: "GuidePoint Security 发现,勒索软件活动仍然处于高位,新兴的威胁团体正在重塑这一领域的格局" type: "News" locale: "zh-CN" url: "https://longbridge.com/zh-CN/news/282823946.md" description: "根据 GuidePoint Security 的 2026 年第一季度报告,勒索软件活动仍然高企且稳定。报告强调了攻击量的持续性、威胁行为者动态的变化以及对新行业的目标增加。美国是主要目标,受害者占 51%,而建筑行业的勒索软件事件增加了 44%。像 The Gentlemen 这样的新团体迅速崛起,而一些成熟团体则失去动力。报告强调组织需要评估其风险暴露,并相应调整防御措施" datetime: "2026-04-15T10:15:37.000Z" locales: - [zh-CN](https://longbridge.com/zh-CN/news/282823946.md) - [en](https://longbridge.com/en/news/282823946.md) - [zh-HK](https://longbridge.com/zh-HK/news/282823946.md) --- # GuidePoint Security 发现,勒索软件活动仍然处于高位,新兴的威胁团体正在重塑这一领域的格局 **Ransomware Activity Remains Elevated as New Threat Groups Reshape the Landscape, GuidePoint Security Finds** _New Report Highlights Sustained Attack Volumes, Shifting Threat Actor Dynamics and Increased Targeting of New Industries_ GuidePoint Security, the cybersecurity advisor and services partner organizations rely on to protect what matters most, today released the GuidePoint Research and Intelligence Team's (GRIT) Q1 2026 Ransomware and Cyber Threat Insights Report. The report reveals that ransomware activity remained high yet stable throughout the first quarter of 2026, marked by sustained attack volumes, notable shifts in threat actor behavior and the continued emergence of new criminal groups. Victim post rates averaged approximately 150-200 per week—holding steady both quarter-over-quarter (QoQ) and year-over-year (YoY)—signaling that high-volume ransomware activity has become the new normal. Beneath the consistent headline numbers, however, the composition of the threat landscape is changing: new groups are scaling rapidly, established players are losing momentum and extortion-only operations are growing in prevalence. “What we’re seeing is a ransomware ecosystem that has stabilized at a high level, but continues to evolve,” said Justin Timothy, Principal Threat Intelligence Analyst at GuidePoint Security. “Threat actors are adapting quickly—refining tactics, targeting new industries and scaling operations in ways that make this a persistent challenge for organizations of all sizes.” Key findings from the report include: - **Ransomware activity remains elevated.** After a late 2025 surge, ransomware volume in Q1 held steady both QoQ and YoY, signaling that elevated attack levels have become the new normal. - **The United States is the leading ransomware target.** 51% of observed ransomware victims in Q1 2026 were based in the United States, followed by the United Kingdom (4%) and Canada (4%). - **Ransomware activity intensifies in the construction sector.** While manufacturing remained the most impacted industry, the construction industry joined the top 5 most impacted industries with 131 ransomware victims in Q1 2026—a 44% increase year-over-year. - **Data extortion-only attacks are increasing.** Threat actors are bypassing encryption in favor of data theft and extortion-only operations, reflecting an evolution in ransomware tactics. - **New threat groups are rapidly gaining ground.** The Gentlemen, a RaaS group which emerged in August 2025, surged from 35 victims in Q4 2025 to 182 in Q1 2026, becoming the second most active group. Meanwhile, activity from established groups Qilin and Akira declined by 25% and 22%, respectively. “From a global lens, modern cyber threats are becoming a reflection of geopolitical tensions, with ransomware actors and ‘hacktivist’ proxies increasingly adopting each other’s tactics," Timothy added. "This evolution focuses on high-impact, tactical disruptions paired with sophisticated psychological operations to exaggerate capabilities or even weaponize historical breaches to disrupt threat assessment and response. Organizations should continually assess their specific risk exposure, regional involvement and supply chain dependencies when determining appropriate defensive postures.” The report also examines the lingering impact of large-scale exploitation campaigns from late 2025, the lag between intrusion activity and public victim disclosures and the growing adoption of extortion-only operations across the ransomware ecosystem. The GRIT Q1 2026 Ransomware & Cyber Threat Insights Report is based on data obtained from publicly available resources, vendor threat research, internal incident response case data and open-source intelligence collected from illicit forums and marketplaces. For more information: - Download the GRIT Q1 2026 Ransomware & Cyber Threat Insights Report - Register for GRIT’s upcoming webinar - Read our blog - Explore more GRIT reports and other resources **About GuidePoint Security** GuidePoint Security helps organizations overcome the most complex cybersecurity challenges, mature their security posture, minimize risk and ensure compliance. As a trusted cybersecurity advisor and partner, GuidePoint keeps people, data, and operations safe. We deliver tailored cybersecurity services and offerings that adapt and scale to safeguard the nation’s leading organizations today, while preparing them to confidently face tomorrow's cyber challenges. More than 6,000 organizations of all sizes and across every industry, as well as over half of U.S. cabinet-level agencies, rely on GuidePoint to strengthen their defenses and reduce risk. Stronger Together. Protecting What’s Next. Learn more at guidepointsecurity.com. Nicole Lavella nicole.lavella@guidepointsecurity.com 703-403-7066 View source version on businesswire.com: https://www.businesswire.com/news/home/20260415918254/en/ ### 相关股票 - [CYBR.US](https://longbridge.com/zh-CN/quote/CYBR.US.md) - [FTNT.US](https://longbridge.com/zh-CN/quote/FTNT.US.md) - [CRWD.US](https://longbridge.com/zh-CN/quote/CRWD.US.md) - [PANW.US](https://longbridge.com/zh-CN/quote/PANW.US.md) - [CHKP.US](https://longbridge.com/zh-CN/quote/CHKP.US.md) - [IHAK.US](https://longbridge.com/zh-CN/quote/IHAK.US.md) - [CIBR.US](https://longbridge.com/zh-CN/quote/CIBR.US.md) - [BUG.US](https://longbridge.com/zh-CN/quote/BUG.US.md) ## 相关资讯与研究 - [AI 风险推动企业加码网络防护!CrowdStrike、Zscaler 获华尔街上调目标价](https://longbridge.com/zh-CN/news/286795550.md) - [飞塔信息|8-K:2026 财年 Q1 营收 18.5 亿美元超过预期](https://longbridge.com/zh-CN/news/285477105.md) - [Check Point 软件在保持利润率优势的同时平衡 GTM 的挑战](https://longbridge.com/zh-CN/news/286984857.md) - [全球监管机构紧盯 Mythos 德国加强银行 IT 安全监管](https://longbridge.com/zh-CN/news/286065759.md) - [分析师称 CrowdStrike 涨势还未结束,AI 威胁可能提供上行空](https://longbridge.com/zh-CN/news/287012485.md)