Ransomware Groups

Sparta is a short-lived ransomware group first observed in September 2022 that conducted double-extortion attacks primarily targeting organizations in Spain before ceasing activity, gaining initial access via phishing and exploitation of unpatched systems.

Conti is an extremely damaging ransomware due to the speed with which it encrypts data and spreads to other systems. It was first observed in 2020 and it is thought to be led by a Russia-based cybercrime group that goes under the Wizard Spider pseudonym. In early May 2022, the US government announced a reward of up to $10 million for information on the Conti ransomware gang.

PayloadBIN is a ransomware strain deployed in 2021 by Evil Corp as a rebranding of their WastedLocker/Hades/Phoenix lineage, specifically designed to evade US Treasury OFAC sanctions by impersonating the unrelated Babuk gang's rebrand rather than operating as an independent group.

IceFire is a ransomware group first observed in 2022 that expanded to Linux in early 2023 by exploiting a vulnerability in IBM Aspera Faspex (CVE-2022-47986), targeting media and entertainment organizations in Turkey, Iran, Pakistan, and the UAE using double-extortion tactics.

Night Sky is a China-nexus ransomware group (attributed to the "Emperor Dragonfly" cluster) that emerged in late 2021, gaining notoriety in early 2022 by exploiting the Log4Shell vulnerability (CVE-2021-44228) to target corporate networks across healthcare, finance, government, and manufacturing using multi-extortion tactics.

Frag is a ransomware group that emerged in late 2024, exploiting a critical Veeam Backup & Replication vulnerability (CVE-2024-40711) to compromise targets in industrial sectors, with blockchain analysis linking it to a shared wallet cluster with the Akira group.

MBC is a very obscure ransomware group with minimal public documentation and no significant threat intelligence reports available from mainstream security vendors.

Beast is a Ransomware-as-a-service (RaaS) product which provides functionality such as SMB scanning, file encryption, service and process starting and stopping, and geographic identification to avoid encryption in CIS countries.

The group appears unreliable. Most, if not all, of its alleged victims cannot be verified and appear to be randomly selected organizations. WE HAVE DECIDED TO REMOVE ENTRIES FOR THIS GROUP

D4rk4rmy is a ransomware and data extortion group active since at least 2025, targeting financial services, hospitality, technology, and logistics sectors, operating a RaaS model with notable claimed victims including the Monte Carlo casino resort.

RobbinHood is a ransomware group first observed in April–May 2019, responsible for high-profile attacks on US cities including Baltimore, Maryland — demanding 13 BTC and causing months of disruption to city services — believed to operate as a limited closed-circle model rather than a broad public affiliate program.