Ransomware Groups

Track active ransomware operations, dark web infrastructure, and associated threat actors

637
Ransomware Groups

Miliphen

Root

Kairos

12 sites2025

Piratelock

Interlock

10 sites2024

Ransombay

Launched on April 24th, 2025 RansomBay is a new project operating under the DragonForce initiative

4 sites2025

Dataleak

1 site2023

Nightspire

7 sites2025

Killsec

2 sites2024

Nemesis

1 site2025

Polyvice

Globeimposter

1 actor
TA505, Graceful Spider, Gold Evergreen

Exitium

1 site2026

Enciphered

Wiki Ransomware

Fsociety

1 site2025

Kittykatkrew

2 sites2026

Megacortex

Walocker

2 sites2026

Mindware

Ransomware, potential rebranding of win.sfile.

1 site2025

Loki

1 site2026

Trigona

According to PCrisk, Trigona is ransomware that encrypts files and appends the ._locked extension to filenames. Also, it drops the how_to_decrypt.hta file that opens a ransom note. An example of how Trigona renames files: it renames 1.jpg to 1.jpg._locked, 2.png to 2.png._locked, and so forth.It embeds the encrypted decryption key, the campaign ID, and the victim ID in the encrypted files.

8 sites1 actor2023
Trigona operator

Br0K3R

1 site2025

Bianlian

BianLian ransomware operations began in late 2021. The group practices multi-pronged extortion, demanding payment for a decryptor, as well as the non-release of stolen data. The ransomware group hosts a public, TOR-based, blog to post victim identities and stolen data. Somewhat unique to BianLian at the time of their launch was their inclusion of an I2P mirror for their blog.

4 sites2025
Showing 433 - 456 of 637
PreviousNext
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001