Ransomware Groups
Track active ransomware operations, dark web infrastructure, and associated threat actors
rabbithole
radiant
ranstreet
raworld
RA Group, also known as RA World, first surfaced in April 2023, utilizing a custom variant of the Babuk ransomware.
rebornvc
redransomware
RunSomeWares
satanlockv2
shaoleaks
ShinySp1d3r
Likely associated with the cybercrime group BlingLibra (ShinyHunters)
sicarii
SilentRansomGroup
a former Conti team
skira
spacebears
thegentlemen
thegreenbloodgroup
threeam
A new Ransomware family identified by the name '3AM' or 'ThreeAM' in September 2023. The ransomware operation was observed by the Symantec team, in which a ransomware affiliate attempted to deploy another ransomware, LockBit, on the target network and then switched to 3AM when LockBit was reportedly blocked.<BR> > <BR> > The ransomware operation, according to the publication on its Tor-based website, has been operating since mid-August 2023, according to the publication from its first victim.<BR>Source: https://github.com/crocodyli/ThreatActors-TTPs
u-bomb
underground
ValenciaLeaks
vanirgroup
vendetta
Ransomware, which appears to be a rebranding of win.cuba.
wannacry
WannaCry ransomware is a cyber attack that spreads by exploiting vulnerabilities in the Windows operating system. At its peak in May 2017, WannaCry became a global threat. Cybercriminals used the ransomware to hold an organization's data hostage and extort money in the form of cryptocurrency. WannaCry spreads using EternalBlue, an exploit leaked from the National Security Agency (NSA). EternalBlue enables attackers to use a zero-day vulnerability to gain access to a system. It targets Windows computers that use a legacy version of the Server Message Block (SMB) protocol.