Ransomware Groups
Track active ransomware operations, dark web infrastructure, and associated threat actors
flocker
GDLockerSec
Our team members are from different countries and we are not interested in anything else, we are only interested in dollars. We do not allow CIS, Cuba, North Korea and China to be targeted. Re-attacks are not allowed for target companies that have already made payments. We do not allow non-profit hospitals and some non-profit organizations be targeted.
IMNCrew
incransom
insane
J
kawa4096
kelvinsecurity
la_piovra
ℹ️ La Piovra Ransomware is an exercise of the company Offensive Security (also known as OffSec)
leaktheanalyst
lockbit2
lockbit3_fs
madcat
madliberator
malekteam
marketo
medusalocker
Medusa is a DDoS bot written in .NET 2.0. In its current incarnation its C&C protocol is based on HTTP, while its predecessor made use of IRC.
moneymessage
mosesstaff
Cybereason Nocturnus describes Moses Staff as an Iranian hacker group, first spotted in October 2021. Their motivation appears to be to harm Israeli companies by leaking sensitive, stolen data.
ms13089
nasirsecurity
onyx
projectrelic
promptlock
First known AI-powered ransomware. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly