{"id":50769,"date":"2023-02-27T00:00:00","date_gmt":"2023-02-27T00:00:00","guid":{"rendered":"urn:uuid:87034948-6d0c-b68c-0b66-740e3241ad9d"},"modified":"2023-02-27T00:00:00","modified_gmt":"2023-02-27T00:00:00","slug":"a-deep-dive-into-the-evolution-of-ransomware-part-3","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/a-deep-dive-into-the-evolution-of-ransomware-part-3\/","title":{"rendered":"A Deep Dive into the Evolution of Ransomware Part 3"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/ransomware-evolution-part-3:Large?qlt=80\"><!-- OneTrust Cookies Consent Notice start for trendmicro.com --><!-- OneTrust Cookies Consent Notice end for trendmicro.com --> <head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width\"> <meta name=\"description\" content=\"This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends.\"> <meta name=\"robots\" content=\"index,follow\"> <meta name=\"keywords\" content=\"ics ot,ransomware,research,privacy &amp; risks,articles, news, reports\"> <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"> <meta name=\"template\" content=\"article1withouthero\"> <meta property=\"article:published_time\" content=\"2023-02-27\"> <meta property=\"article:tag\" content=\"privacy &amp; risks\"> <meta property=\"article:section\" content=\"research\"> <link rel=\"icon\" type=\"image\/ico\" href=\"\/content\/dam\/trendmicro\/favicon.ico\"> <link rel=\"canonical\" href=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/b\/ransomware-evolution-part-3.html\"> <title>A Deep Dive into the Evolution of Ransomware Part 3<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/b\/ransomware-evolution-part-3.html\"><br \/>\n<meta property=\"og:title\" content=\"A Deep Dive into the Evolution of Ransomware Part 3\"><br \/>\n<meta property=\"og:description\" content=\"This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends.\"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/ransomware-evolution-part-3.png\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"A Deep Dive into the Evolution of Ransomware Part 3\"><br \/>\n<meta name=\"twitter:description\" content=\"This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends.\"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/ransomware-evolution-part-3.png\"> <\/head> <body class=\"articlepage page basicpage context-business\" id=\"readabilityBody\" readability=\"51.41388638413\"> <!-- Page Scroll: Back to Top --> <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a> <!-- \/* Data Layer *\/ --> <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"1293713683\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"8.2296819787986\">\n<div class=\"article-details\" role=\"heading\" readability=\"35.82332155477\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__display-tag\">Privacy &amp; Risks<\/p>\n<p class=\"article-details__description\">This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends.<\/p>\n<p class=\"article-details__author-by\">By: Trend Micro <time class=\"article-details__date\">February 27, 2023<\/time> <span>Read time:&nbsp;<\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div class=\"richText\" readability=\"35.5\">\n<div readability=\"16\">\n<p>Ransomware is an ever-growing problem that has wreaked havoc across a multitude of industries, with astronomical ransom demands leaving businesses and infrastructure feeling powerless. From major hospitals to enterprises &#8211; no sector was immune from the impact of ransomware&#8217;s widespread infiltration in recent years.<\/p>\n<p>We discussed what triggers threat actors from changing their business models in part two. We also talked about what ransomware looks like through the lens of evolution. In the last installation of this series, we\u2019ll look at how ransomware will look like when it goes through a revolution.<\/p>\n<p><span class=\"body-subhead-title\">Ransomware revolution<\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/b\/a-deep-dive-into-the-evolution-of-ransomware-part-3\/potential-changes.png\" alt=\"potential-changes\"><figcaption>Figure 1. Potential changes from ransomware in adopted cybercriminal business models<\/figcaption><\/figure>\n<\/p><\/div>\n<div>\n<div class=\"richText\" readability=\"43.968150560984\">\n<div readability=\"32.976112920738\">\n<ul>\n<li readability=\"0.5\"><span class=\"rte-red-bullet\" readability=\"7\"><br \/>Cryptocurrency-based crime has been booming in 2021, with illicit activity estimated to be worth at least $14 billion by Chainalysis&#8217;s 2022 crime report. Ransomware remains a profitable endeavour for criminal actors but stealing cryptocurrency and fraud involving it are even more lucrative pursuits.\n<p>As cryptocurrency becomes more and more common, particularly among younger internet users, it poses an attractive target for cybercriminals. Profiting from ransomware may no longer be the only option; increasing numbers of malicious actors are beginning to switch to stealing cryptocurrencies directly through malware or phishing campaigns in hopes of a bigger payout.<\/p>\n<p><\/span><\/li>\n<li readability=\"2.5\"><span class=\"rte-red-bullet\" readability=\"11\"><br \/>With ransomware actors increasingly targeting large companies, governments may recognize their potential and offer them recruitment opportunities rather than prosecution. Geopolitical events might even force ransomware actors to start working for the government.\n<p>In the past, malicious hackers have been transformed into ethical hackers as corporations and nations leverage these skills for security purposes.<\/p>\n<p>While ransomware arrestees are unlikely to face an offensive-oriented agreement in most countries, there may be rare exceptions where a hacker is recruited, and their sentence shortened for working on behalf of the government. This arrangement could provide access to specific political targets while still leaving some room for criminal activity if state salaries fail to compete with larger payoffs from cybercrime.<\/p>\n<p><\/span><\/li>\n<li readability=\"1.5\"><span class=\"rte-red-bullet\" readability=\"9\"><br \/>Cybercrime is a continually developing field that has recently received increased attention from researchers seeking to understand its roots and implications.\n<p>While it seems clear the organized crime world has incorporated digital tech into its operations, the evidence does not suggest cybercrime organizations have taken over traditional ones. However, there are a few areas where cybercriminals and traditional organized crime meet: money laundering, facilitating crime, and a few instances of cybercrime.<\/p>\n<p><\/span><\/li>\n<li><span class=\"rte-red-bullet\"><br \/>Research indicates that the profits gained by malicious actors deploying a &#8220;short-and-distort&#8221; scheme can be immense &#8211; up to hundreds of millions of dollars. This is exponentially greater than what ransomware attackers might see, leading experts to believe these schemes may increasingly replace ransomware as choice attacks against listed enterprises.<\/span><\/li>\n<li><span class=\"rte-red-bullet\"><br \/>Mergers and acquisitions are an effective way to increase profits, efficiency, and market presence for ransomware groups. Collaboration with larger AaaS or money laundering-as-a-Service actors could lead to lower costs while maintaining the efficacy of their criminal activities. This strategic decision can serve existing RaaS entities in achieving the ambition of becoming formidable leaders within the cybercrime industry.<\/span><\/li>\n<li readability=\"-1\"><span class=\"rte-red-bullet\" readability=\"4\"><br \/>For years, cybercriminals have been utilizing supply chain attacks to gain access to systems and propagate malware. Now, with the increasing sophistication of tactics such as targeted ransomware campaigns, these types of malicious strategies are used more frequently than ever before, widening the reach of their damaging effects on victim networks around the world.\n<p>Most software systems and platforms trust implicitly the updates authored by third-party developers and leaving companies vulnerable if those parties are compromised. Such security breaches can lead to insidious malware infiltrating user devices on a large scale.<\/p>\n<p><\/span><\/li>\n<li readability=\"0.5\"><span class=\"rte-red-bullet\" readability=\"7\"><br \/>Business email compromise (BEC) is a rising threat to organizations, with the FBI estimating staggering losses of $43 billion across 2016-2021. This scam typically involves criminals employing publicly available information on company executives to fool them into wiring large sums of money &#8211; averaging around USD 160,000 per organization victimized in 2016 alone.\n<p>While malware and credential phishing are known methods used for BEC attacks, no such tools may be necessary if sufficient public data can be gathered about business targets. As it stands now, this form of cybercrime has proven highly profitable for attackers compared to ransomware schemes causing great financial damage worldwide.<\/p>\n<p><\/span><\/li>\n<\/ul>\n<p><span class=\"body-subhead-title\">What\u2019s next?<\/span><\/p>\n<p>As ransomware technologies continue to advance, we can expect a transformation of the entire landscape over time. We may see both gradual progress and an innovative breakthrough in malware tactics all at once and this could be especially true when considering potential changes in ransom business models as well.<\/p>\n<p>Given the precarious nature of geopolitical and economic climates, a radical change in ransomware attackers&#8217; strategies could be on the horizon. Such game-changing shifts have already been observed several times before &#8211; indicating we may soon witness what can only be described as a revolutionary transformation in this field.<\/p>\n<p>Organizations can no longer simply detect a ransomware attack after it has happened. To best protect themselves, they must employ proactive strategies such as XDR software to identify potential intrusions and act against them further upstream in the kill chain. By being aware of what malicious actors are doing before any encryption occurs, organizations will have a better chance at successful prevention.<\/p>\n<p>As we analyze the aftermath of these cyberattacks, we mustn&#8217;t overlook what enables them to take place and instead solely focus on their final product. This will help us better understand how similar events can be prevented in the future.<\/p>\n<p>To learn more about the future and evolution of ransomware and its business models, download our full report <a href=\"https:\/\/documents.trendmicro.com\/assets\/white_papers\/wp-the-near-and-far-future-of-ransomware.pdf\"><span class=\"bs-modal\">here<\/span><\/a>.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p> <!-- \/* Core functionality javascripts, absolute URL to leverage Akamai CDN *\/ --> <!--For Modal-start--> <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p> <!--For Modal-end--> <!-- Go to www.addthis.com\/dashboard to customize your tools --> <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/b\/ransomware-evolution-part-3.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":50770,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9842,9536,9539,9509],"class_list":["post-50769","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-ics-ot","tag-trend-micro-research-privacyrisks","tag-trend-micro-research-ransomware","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>A Deep Dive into the Evolution of Ransomware Part 3 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/a-deep-dive-into-the-evolution-of-ransomware-part-3\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Deep Dive into the Evolution of Ransomware Part 3 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/a-deep-dive-into-the-evolution-of-ransomware-part-3\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-27T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/ransomware-evolution-part-3:Large?qlt=80\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-deep-dive-into-the-evolution-of-ransomware-part-3\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-deep-dive-into-the-evolution-of-ransomware-part-3\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"A Deep Dive into the Evolution of Ransomware Part 3\",\"datePublished\":\"2023-02-27T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-deep-dive-into-the-evolution-of-ransomware-part-3\\\/\"},\"wordCount\":972,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-deep-dive-into-the-evolution-of-ransomware-part-3\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/a-deep-dive-into-the-evolution-of-ransomware-part-3.png\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : ICS OT\",\"Trend Micro Research : Privacy&amp;Risks\",\"Trend Micro Research : Ransomware\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-deep-dive-into-the-evolution-of-ransomware-part-3\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-deep-dive-into-the-evolution-of-ransomware-part-3\\\/\",\"name\":\"A Deep Dive into the Evolution of Ransomware Part 3 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-deep-dive-into-the-evolution-of-ransomware-part-3\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-deep-dive-into-the-evolution-of-ransomware-part-3\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/a-deep-dive-into-the-evolution-of-ransomware-part-3.png\",\"datePublished\":\"2023-02-27T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-deep-dive-into-the-evolution-of-ransomware-part-3\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-deep-dive-into-the-evolution-of-ransomware-part-3\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-deep-dive-into-the-evolution-of-ransomware-part-3\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/a-deep-dive-into-the-evolution-of-ransomware-part-3.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/a-deep-dive-into-the-evolution-of-ransomware-part-3.png\",\"width\":936,\"height\":505},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-deep-dive-into-the-evolution-of-ransomware-part-3\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"A Deep Dive into the Evolution of Ransomware Part 3\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A Deep Dive into the Evolution of Ransomware Part 3 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/a-deep-dive-into-the-evolution-of-ransomware-part-3\/","og_locale":"en_US","og_type":"article","og_title":"A Deep Dive into the Evolution of Ransomware Part 3 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/a-deep-dive-into-the-evolution-of-ransomware-part-3\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-02-27T00:00:00+00:00","og_image":[{"url":"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/ransomware-evolution-part-3:Large?qlt=80","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/a-deep-dive-into-the-evolution-of-ransomware-part-3\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/a-deep-dive-into-the-evolution-of-ransomware-part-3\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"A Deep Dive into the Evolution of Ransomware Part 3","datePublished":"2023-02-27T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/a-deep-dive-into-the-evolution-of-ransomware-part-3\/"},"wordCount":972,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/a-deep-dive-into-the-evolution-of-ransomware-part-3\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/a-deep-dive-into-the-evolution-of-ransomware-part-3.png","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : ICS OT","Trend Micro Research : Privacy&amp;Risks","Trend Micro Research : Ransomware","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/a-deep-dive-into-the-evolution-of-ransomware-part-3\/","url":"https:\/\/www.threatshub.org\/blog\/a-deep-dive-into-the-evolution-of-ransomware-part-3\/","name":"A Deep Dive into the Evolution of Ransomware Part 3 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/a-deep-dive-into-the-evolution-of-ransomware-part-3\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/a-deep-dive-into-the-evolution-of-ransomware-part-3\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/a-deep-dive-into-the-evolution-of-ransomware-part-3.png","datePublished":"2023-02-27T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/a-deep-dive-into-the-evolution-of-ransomware-part-3\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/a-deep-dive-into-the-evolution-of-ransomware-part-3\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/a-deep-dive-into-the-evolution-of-ransomware-part-3\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/a-deep-dive-into-the-evolution-of-ransomware-part-3.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/a-deep-dive-into-the-evolution-of-ransomware-part-3.png","width":936,"height":505},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/a-deep-dive-into-the-evolution-of-ransomware-part-3\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"A Deep Dive into the Evolution of Ransomware Part 3"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50769","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=50769"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50769\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/50770"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=50769"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=50769"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=50769"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}