ICIC
UN

Ralord

Low ConfidenceMedium Threat

Ra Group

RaLord is an emerging ransomware operation that appeared in 2024, targeting small and medium businesses with encryption and data theft attacks. The group operates with a ransomware-as-a-service model and maintains a leak site for victim data. RaLord represents the continuing democratization of ransomware capabilities among cybercriminal groups.

Origin: Unknown
Sponsor: Cybercriminal (No State Sponsor)
Active: 2024 - Present
Victims: 30+ organizations
Advanced
Active
Financial Gain
Risk Assessment
57
Composite Risk Score
Medium Risk
ARCS Compliance58
Escalation Risk60
Grievance Index52
Infrastructure Impact58
History & Evolution

RaLord is an emerging ransomware operation that appeared in 2024, targeting small and medium businesses with encryption and data theft attacks. The group operates with a ransomware-as-a-service model and maintains a leak site for victim data. RaLord represents the continuing democratization of ransomware capabilities among cybercriminal groups.

Targeting

Target Sectors

ManufacturingHealthcareTechnology

Target Regions

United StatesEurope
Attribution & Affiliations

Attributed to Cybercriminal (No State Sponsor) (Unknown). Attribution confidence: Low.

Intelligence Assessment
Medium
Threat Level
Moderately
Targeting
Moderately
Adaptability
Medium
Persistence
Continuous
Op Tempo
Active
Status

Future Outlook

Ralord is expected to continue operations targeting Manufacturing sectors.

Timeline of Key Events
2024
Major

First observed activity of Ralord

2024
Moderate

Continued active operations