Ransomware Groups

Vice Society ransomware appends the .v-society extension when encrypting Linux machines. Running a leak site on the darkweb, Possible relations with "HelloKitty"

LunaLock emerged in September 2025 targeting creative and digital platforms, notably breaching an illustrator marketplace and a Mexican ISP, and is notable for threatening to submit stolen artwork to AI companies for training if the ransom is not paid.

Kazu is an emerging ransomware group active since September 2025 that employs double-extortion tactics, targeting government, healthcare, and financial organizations primarily in Southeast Asia, the Middle East, and Latin America, with notable claimed breaches including Dubai's Ports, Customs and Free Zone Corporation with 1.94 TB exfiltrated.

Sabbath (also known as 54BB47h, operated by UNC2190) is a ransomware group active from mid-2021 that emerged as a rebrand of the Arcane ransomware, targeting critical infrastructure in the US and Canada — particularly hospitals, schools, and natural resources — using double extortion, backup destruction, and affiliate recruitment on Russian-language dark web forums.

Karakurt is a pure data-extortion group (no encryption) assessed with high confidence to be the extortion arm of the Conti ransomware group, active from 2021, that steals data and threatens to auction or publish it unless ransoms ranging from $25,000 to $13 million are paid.

Not a Ransomware Group

Helldown is an aggressive ransomware group first documented in August 2024, known for exploiting Zyxel firewall vulnerabilities to gain initial access and conducting large-scale data exfiltration averaging 70 GB per victim, targeting IT services, telecommunications, manufacturing, and healthcare primarily in the US.

DarkVault is a data-exfiltration and double-extortion group first identified in late 2023, targeting medium-to-large organizations in finance, professional services, legal, and technology sectors across Europe, the UK, and North America, with a suspected connection to LockBit.