--- title: "GuidePoint Security 發現,勒索軟件活動仍然處於高位,新興的威脅團體正在重塑這一領域的格局" type: "News" locale: "zh-HK" url: "https://longbridge.com/zh-HK/news/282823946.md" description: "根據 GuidePoint Security 的 2026 年第一季度報告,勒索軟件活動仍然高企且穩定。報告強調了攻擊量的持續性、威脅行為者動態的變化以及對新行業的目標增加。美國是主要目標,受害者佔 51%,而建築行業的勒索軟件事件增加了 44%。像 The Gentlemen 這樣的新團體迅速崛起,而一些成熟團體則失去動力。報告強調組織需要評估其風險暴露,並相應調整防禦措施" datetime: "2026-04-15T10:15:37.000Z" locales: - [zh-CN](https://longbridge.com/zh-CN/news/282823946.md) - [en](https://longbridge.com/en/news/282823946.md) - [zh-HK](https://longbridge.com/zh-HK/news/282823946.md) --- # GuidePoint Security 發現,勒索軟件活動仍然處於高位,新興的威脅團體正在重塑這一領域的格局 **Ransomware Activity Remains Elevated as New Threat Groups Reshape the Landscape, GuidePoint Security Finds** _New Report Highlights Sustained Attack Volumes, Shifting Threat Actor Dynamics and Increased Targeting of New Industries_ GuidePoint Security, the cybersecurity advisor and services partner organizations rely on to protect what matters most, today released the GuidePoint Research and Intelligence Team's (GRIT) Q1 2026 Ransomware and Cyber Threat Insights Report. The report reveals that ransomware activity remained high yet stable throughout the first quarter of 2026, marked by sustained attack volumes, notable shifts in threat actor behavior and the continued emergence of new criminal groups. Victim post rates averaged approximately 150-200 per week—holding steady both quarter-over-quarter (QoQ) and year-over-year (YoY)—signaling that high-volume ransomware activity has become the new normal. Beneath the consistent headline numbers, however, the composition of the threat landscape is changing: new groups are scaling rapidly, established players are losing momentum and extortion-only operations are growing in prevalence. “What we’re seeing is a ransomware ecosystem that has stabilized at a high level, but continues to evolve,” said Justin Timothy, Principal Threat Intelligence Analyst at GuidePoint Security. “Threat actors are adapting quickly—refining tactics, targeting new industries and scaling operations in ways that make this a persistent challenge for organizations of all sizes.” Key findings from the report include: - **Ransomware activity remains elevated.** After a late 2025 surge, ransomware volume in Q1 held steady both QoQ and YoY, signaling that elevated attack levels have become the new normal. - **The United States is the leading ransomware target.** 51% of observed ransomware victims in Q1 2026 were based in the United States, followed by the United Kingdom (4%) and Canada (4%). - **Ransomware activity intensifies in the construction sector.** While manufacturing remained the most impacted industry, the construction industry joined the top 5 most impacted industries with 131 ransomware victims in Q1 2026—a 44% increase year-over-year. - **Data extortion-only attacks are increasing.** Threat actors are bypassing encryption in favor of data theft and extortion-only operations, reflecting an evolution in ransomware tactics. - **New threat groups are rapidly gaining ground.** The Gentlemen, a RaaS group which emerged in August 2025, surged from 35 victims in Q4 2025 to 182 in Q1 2026, becoming the second most active group. Meanwhile, activity from established groups Qilin and Akira declined by 25% and 22%, respectively. “From a global lens, modern cyber threats are becoming a reflection of geopolitical tensions, with ransomware actors and ‘hacktivist’ proxies increasingly adopting each other’s tactics," Timothy added. "This evolution focuses on high-impact, tactical disruptions paired with sophisticated psychological operations to exaggerate capabilities or even weaponize historical breaches to disrupt threat assessment and response. Organizations should continually assess their specific risk exposure, regional involvement and supply chain dependencies when determining appropriate defensive postures.” The report also examines the lingering impact of large-scale exploitation campaigns from late 2025, the lag between intrusion activity and public victim disclosures and the growing adoption of extortion-only operations across the ransomware ecosystem. The GRIT Q1 2026 Ransomware & Cyber Threat Insights Report is based on data obtained from publicly available resources, vendor threat research, internal incident response case data and open-source intelligence collected from illicit forums and marketplaces. For more information: - Download the GRIT Q1 2026 Ransomware & Cyber Threat Insights Report - Register for GRIT’s upcoming webinar - Read our blog - Explore more GRIT reports and other resources **About GuidePoint Security** GuidePoint Security helps organizations overcome the most complex cybersecurity challenges, mature their security posture, minimize risk and ensure compliance. As a trusted cybersecurity advisor and partner, GuidePoint keeps people, data, and operations safe. We deliver tailored cybersecurity services and offerings that adapt and scale to safeguard the nation’s leading organizations today, while preparing them to confidently face tomorrow's cyber challenges. More than 6,000 organizations of all sizes and across every industry, as well as over half of U.S. cabinet-level agencies, rely on GuidePoint to strengthen their defenses and reduce risk. Stronger Together. Protecting What’s Next. Learn more at guidepointsecurity.com. Nicole Lavella nicole.lavella@guidepointsecurity.com 703-403-7066 View source version on businesswire.com: https://www.businesswire.com/news/home/20260415918254/en/ ### 相關股票 - [CYBR.US](https://longbridge.com/zh-HK/quote/CYBR.US.md) - [FTNT.US](https://longbridge.com/zh-HK/quote/FTNT.US.md) - [CRWD.US](https://longbridge.com/zh-HK/quote/CRWD.US.md) - [PANW.US](https://longbridge.com/zh-HK/quote/PANW.US.md) - [CHKP.US](https://longbridge.com/zh-HK/quote/CHKP.US.md) - [IHAK.US](https://longbridge.com/zh-HK/quote/IHAK.US.md) - [CIBR.US](https://longbridge.com/zh-HK/quote/CIBR.US.md) - [BUG.US](https://longbridge.com/zh-HK/quote/BUG.US.md) ## 相關資訊與研究 - [AI 驅動科技成長,企業應對挑戰與市場波動加劇](https://longbridge.com/zh-HK/news/286341825.md) - [Check Point 軟件在保持利潤率優勢的同時平衡 GTM 的挑戰](https://longbridge.com/zh-HK/news/286984857.md) - [Palo Alto:AI 網路攻擊數月內恐成「新常態」](https://longbridge.com/zh-HK/news/286341165.md) - [親愛的 CrowdStrike 股票愛好者,請在日曆上標記 6 月 3 日](https://longbridge.com/zh-HK/news/287075809.md) - [Dana Investment Advisors Inc. 出售了 18,459 股飛塔信息公司(Fortinet, Inc.)的股票,代碼為$FTNT](https://longbridge.com/zh-HK/news/287023545.md)