This white paper will explore the practical application of the taxonomy to understand the expected capabilities and behaviors of groups as they mature and move through the ransomware group lifecycle.
GRIT’s taxonomy is intended to be flexible and adaptable to changes in the ransomware landscape. Shifting behaviors, operational security, and obfuscation efforts by threat actors will necessitate fluidity in classification. As we work to classify the dozens of active ransomware groups in any given quarter, we invite defenders and researchers to collaborate or contribute to our understanding of groups’ maturity. As each organization has its own insights and perspectives, we expect and accept that we may not always have the full picture. To account for this, we invite researchers, defenders, incident responders, and threat intelligence professionals to help us clarify or adjust in these instances, by contacting us using the methods at the end of the paper.