Ransomware is a type of malware that encrypts data and files within an organization’s IT environment or locks users out of their devices. Once the ransomware attack is executed, cyber criminals demand a ransom, usually in the form of bitcoin, before providing the decryption keys that can restore access to the files.

Bitsight used its proprietary Bitsight AI (formerly Bitsight IQ) platform to process tens of thousands of posts from ransomware dedicated leak sites (DLS). Through large language model (LLM) capabilities, the system extracted key metadata including victim names, geographic location, and industry sector. Duplicate entries—such as multiple posts about the same victim by the same ransomware group—were removed to ensure accurate counts. This approach enabled Bitsight to identify 5,021 unique ransomware attacks in 2024 and track activity across 89 active ransomware groups, all without manual review at scale.

Organizations can use Bitsight’s Cyber Threat Intelligence and Exposure Management solutions to gain continuous insight into external exposure, including ransomware-related risk indicators. Bitsight correlates underground activity—like ransomware group operations and leaked data—with an organization’s digital footprint. This enables security teams to proactively identify at-risk assets, monitor threat trends, and communicate findings with stakeholders using contextualized data. For deeper analysis, customers can access the Bitsight Pulse API to explore structured intelligence beyond what’s summarized in the report.

While the State of the Underground report is published annually, Bitsight collects and analyzes ransomware and cybercrime data continuously. This includes tracking ransomware group activity, identifying new leak sites, and extracting intelligence from deep and dark web forums in near real time. Clients can access this ongoing intelligence through Bitsight Cyber Threat Intelligence, Bitsight Pulse, or via API integration to support continuous monitoring, alerting, and strategic risk management. Here, Bitsight's Underground Explorer is then updated on a monthly basis for analysis and trending data.

Information Sector

The Information sector focuses on the creation, processing, and distribution of information and cultural products. It includes industries such as software publishing, telecommunications, data processing, media, broadcasting, and internet services. Companies in this sector rely heavily on digital infrastructure and intellectual property, operate at high scale, and face elevated cybersecurity and data privacy risks due to the volume and sensitivity of data they handle.

Professional, Scientific, and Technical Services Sector

This sector comprises firms that provide specialized expertise and knowledge-based services, including consulting, engineering, legal services, accounting, scientific research, IT services, and architectural design. Organizations in this sector are typically people- and project-driven, rely on client trust and proprietary information, and often operate in regulated environments. Cyber and operational risks tend to stem from third-party access, intellectual property protection, and safeguarding client data.

• Enable multi-factor authentication (MFA) and access controls to secure login portals to corporate networks.
• Create data copies and backups on external servers that are isolated from the business network.
• Keep software and products up to date.
• Remain aware of new vulnerabilities and patch them accordingly.
• Instruct employees ot to click on links or attachments in suspicious emails.

Ransomware attacks are costly, but prevention doesn’t have to be. Identify and take preventative measures at the earliest indications of risk with the help of Bitsight Ransomware Intelligence.