Contact us
Contact us

News

About

Home Crypto News Ransomware Revenue Growth Tops FTSE 350 in Q1

Ransomware Revenue Growth Tops FTSE 350 in Q1

Author Whitewallet Research
Posted: 2 June 2026, 11:20 CET 2 min read

Ransomware groups earned an estimated $529.2 million in Q1 2026, a 39% year-over-year rise; no FTSE 350 company reported revenue growth above 30% in the quarter.

Rapid7 Labs found ransomware groups earned an estimated $529.2 million in the first quarter of 2026, a 39% year-over-year increase. No FTSE 350 company reported revenue growth above 30% in the same quarter.

Rapid7’s analysis shows that much of the revenue growth is concentrated among a small number of groups. The Qilin group generated an estimated $193 million between July 2025 and March 2026. The Gentleman group produced about $52 million over the same period.

Researchers identified an underground market for access and services as a driver of the trend. Initial access brokers sell entry to compromised systems. Buyers can purchase tooling, malware or complete attack services, allowing different operators to specialize in access, deployment or extortion.

The report states that infrastructure used in attacks — compromised servers, leak sites and negotiation portals — can be rebuilt quickly after disruption. Rapid7 says law enforcement takedowns can remove parts of operations, but the broader ecosystem often continues to function around those losses.

Thom Langford, Rapid7’s chief technology officer for EMEA, described the groups as ‘highly efficient businesses’ and noted that removing one component rarely collapses the network.

Rapid7 recommends that organizations continuously reduce exposed attack surface by fixing misconfigurations, monitoring isolated assets and addressing internet-facing vulnerabilities. The firm advises security teams to use threat intelligence to map attacker behavior, tooling and infrastructure, and to track access pathways before they lead to ransomware incidents.

The report also calls for a shift to preventing credential and access compromise. Suggested measures include enforcing least privilege for accounts, implementing stronger identity controls and monitoring for early indicators of credential resale or misuse in underground markets. Langford called for earlier detection and intervention: ‘To give ransomware groups the economic crash they deserve, we need to shift to earlier visibility and earlier action.’

Whitewallet Research
Author

Articles by this author

Custodial vs non-custodial wallet
Custodial vs non-custodial wallet
4 days ago
What is a crypto seed phrase
What is a crypto seed phrase
may 25
Seed phrase vs private key
Seed phrase vs private key
may 21
Global South trails in generative AI, Microsoft finds
Global South trails in generative AI, Microsoft finds
may 21
Anthropic lets Glasswing partners publish Mythos-found flaws
Anthropic lets Glasswing partners publish Mythos-found flaws
may 19

Latest News

MORE
FCA warns Premier League over unauthorized crypto sponsors

FCA warns Premier League over unauthorized crypto sponsors

11 hours ago 2 min read
Snowflake and Anthropic deepen Claude integration in Cortex

Snowflake and Anthropic deepen Claude integration in Cortex

13 hours ago 2 min read
Peter Schiff Predicts Bitcoin Drop Below ,000

Peter Schiff Predicts Bitcoin Drop Below $20,000

18 hours ago 2 min read
Hoskinson Blasts Cardano Governance as TapTools Shuts Down

Hoskinson Blasts Cardano Governance as TapTools Shuts Down

1 day ago 2 min read
MORE