Ransomware Groups

Track active ransomware operations, dark web infrastructure, and associated threat actors

637
Ransomware Groups

Vect

3 sites2026

Lockbit5

26 sites2026

Relic

2 sites2023

Mortalkombat

Fletchen

2 sites2026

Donutleaks

6 sites2022

Mallox

This ransomware uses a combination of different crypto algorithms (ChaCha20, AES-128, Curve25519). The activity of this malware is dated to mid-June 2021. The extension of the encrypted files are set to the compromised company: .<target_company>

2 sites2 actors2024
UnknownTargetCompany

Quicklock

1 site2026

Lynx

16 sites2024

Cyberex

2 sites2025

Grinch

Inpivx

1 site2025

Superblack

Dark Power

1 site2023

Crazyhunter Team

1 site2025

Balletspistol

Phobos

1 actor
TRIPLESTRENGTH

Lynxr

Pysa

Mespinosa is a ransomware which encrypts file using an asymmetric encryption and adds .pysa as file extension. According to dissectingmalware the extension "pysa" is probably derived from the Zanzibari Coin with the same name.

1 site2022

Fulcrumsec

1 site2025

Cheers

2 sites2022

Avaddon

Avaddon is a ransomware malware targeting Windows systems often spread via malicious spam. The first known attack where Avaddon ransomware was distributed was in February 2020. Avaddon encrypts files using the extension .avdn and uses a TOR payment site for the ransom payment.

2 sites1 actor2021
Riddle Spider

Solidbit

Ransomware, written in .NET.

1 site2021

Prometheus

Ransomware written in .NET, apparently derived from the codebase of win.hakbit (Thanos) ransomware.

1 site2021
Showing 145 - 168 of 637
PreviousNext
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001