Ransomware Groups

Aware is a recently emerged ransomware group that operates a Tor-based data leak site with very limited public documentation and no publicly catalogued victims, tools, or TTPs in major threat intelligence databases.

Monti is a ransomware group first observed in June 2022 that initially copied nearly all of Conti's leaked source code, pivoting to target government, legal, and healthcare entities, later releasing a new Linux variant in 2023 with significantly less Conti code similarity, and experimenting with an affiliate model.

Securotrop is a ransomware group established in early 2025 that operates within the Qilin affiliate network while maintaining an independent public identity, focusing exclusively on commercial targets and deliberately avoiding healthcare and government entities, with approximately 32 documented victims.

Ransom Cartel is a ransomware-as-a-service operation that surfaced in December 2021, assessed by Palo Alto Unit 42 to share source code and technical overlap with the defunct REvil group, suggesting its operators had prior access to REvil's codebase, conducting double-extortion attacks against corporate networks.