Skip to main content

Dashboards - Ransomware Dashboard

HackNotice Support
Updated

Overview

The HackNotice Ransomware Dashboard focuses exclusively on global ransomware attacks, providing real-time data on ransomware incidents across geographies, industries, and trends. This dashboard allows organizations to monitor and respond to ransomware threats, understand emerging attack patterns, and identify which ransomware gangs are most likely to target them based on their company profiles. By providing in-depth insights into ransomware attacks, it helps organizations protect themselves and their supply chains from evolving ransomware threats.

Value to Customers

The Ransomware Dashboard is an essential tool for organizations that need to stay ahead of ransomware threats. By offering a comprehensive view of ransomware incidents across industries and regions, this dashboard enables users to:

  • Monitor global ransomware attack trends in real time, providing timely data on emerging threats.

  • Identify the most active ransomware gangs and understand their tactics, techniques, and procedures (TTPs).

  • Analyze regional and industry-specific trends to prioritize defense measures based on exposure.

  • Understand which ransomware gangs are most likely to target their organization and supply chain.

  • Respond proactively by aligning cybersecurity strategies with up-to-date ransomware intelligence.

With this powerful dashboard, organizations can make informed decisions, enhance their cybersecurity posture, and stay prepared for the latest ransomware attacks.

 

ransomware-dashboard.png

 

Dashboard Filters

The Ransomware Dashboard includes several powerful filters that allow users to drill into the data and tailor the view to their specific risk profile. All filters are additive, meaning that every selection further narrows the dataset to show only the ransomware activity that matches all chosen criteria.

Available Filters

• Date Range
Use the date picker to select any custom start and end dates. All dashboard modules will refresh to show ransomware activity only within the selected timeframe.

• Industries (NAICS – 2-Digit Codes)
The Industries dropdown allows multi-selection across top-level NAICS industry categories. Selecting one or more industries will focus the dashboard on ransomware attacks affecting only those specific sectors.

• Regions
The Regions dropdown also supports multi-selection. When one or more regions are selected, all dashboard components will display ransomware activity limited to those geographic areas.

Note: You can apply either an Industry filter or a Region filter, but not both simultaneously. Only one of these two dimensions may be active at a time.

• Ransomware Gang
The Gang dropdown allows you to select a specific ransomware group. Only one gang can be selected at a time. When applied, the dashboard will show activity exclusively from the chosen ransomware gang.

Example:
If you select a date range covering the last 90 days, choose the ransomware gang Akira, and select two industries, the dashboard will display only ransomware attacks carried out by Akira during the last 3 months within those two industries.

These filters help you quickly surface the most relevant ransomware intelligence for your organization, improving visibility into the threats that matter most.

 

Key Features of the Dashboard

  1. Ransomware Gangs (Last 6 Months)
    This section provides a historical view of ransomware attack trends by ransomware gang over the last 6 months. It helps users identify long-term trends and shifts in ransomware gang activity.
  2. Gangs (Last 30 Days)
    This module tracks the global ransomware attack quantities by ransomware gang over the past 30 days. It provides insights into which gangs are the most active and helps organizations understand which groups pose the highest risk.

  3. Top Issues
    This section highlights the top 3 recent ransomware attack trends with the largest increases in activity. It also displays the 2 ransomware attacks with the highest severity, helping organizations focus on the most pressing threats.

  4. Geographies (Last 30 Days)
    This module tracks ransomware attack trends by geography, showing the number of ransomware events reported across different regions in the last 30 days. It helps organizations assess regional risks and adjust their security strategies accordingly.

  5. Geography by gang in last 30 days
    Displays the percentage change in ransomware attacks by geography over the past 30 days. This section highlights regions experiencing an increase in ransomware activity, allowing users to focus their resources on areas of rising concern.

  6. Recent by Geography
    Displays the most recent ransomware attacks with the highest severity by geographies (top 6 highest severity). This module provides real-time data on the most critical ransomware incidents, enabling immediate response actions in affected regions.

  7. Industries (Last 30 Days)
    This section tracks ransomware attack trends by industry over the last 30 days, offering insight into which industries are facing the highest volume of attacks. Organizations can use this data to identify sectors requiring heightened protection.

  8. Industry by gang in last 30 days
    Shows the percentage change in ransomware attacks by industry over the past 30 days. It helps identify industries that are increasingly targeted by ransomware, allowing organizations to take proactive measures to secure their systems.

  9. Recent by Industry
    Displays the most recent ransomware attacks with the highest severity by industry (top 6 highest severity). This module helps users track the latest and most critical incidents affecting specific industry sectors.

Top Attack Tactics

The Top Attack Tactics section highlights the most frequently used adversary techniques observed in ransomware attacks, based on the MITRE ATT&CK® framework. This module helps organizations understand how ransomware groups are gaining access, moving laterally, and executing their operations, providing deeper insight into attacker behavior.

Users can select a MITRE ATT&CK Stage (such as Initial Access, Execution, Persistence, Credential Access, etc.) from the dropdown menu. Once a stage is selected, the dashboard surfaces the top T-codes associated with that stage, ranked by how often they appear across ransomware incidents that match the user’s applied filters.

Each row displays:

  • MITRE Technique (T-code + name)

  • Technique description summarizing how adversaries commonly use this tactic

  • Ransomware gangs observed leveraging that technique

  • Victim count indicating how many recent ransomware incidents involved that tactic

Because this card responds to all dashboard filters: date range, gang, industry, and region, it provides a highly focused view of the adversary methods most relevant to the user’s organization or supply chain. By understanding the specific techniques ransomware groups are currently employing, users can better prioritize detection, prevention, and hardening efforts.

Related articles

Comments

0 comments

Article is closed for comments.