Ransomware Group:  
Ranzy



Sponsored by Hudson RockUse Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business


Sites | Tools | Negotiations | Ransom Note(s)

Ranzy Locker, Former known as ThunderX. The group hosting a data leak site in the darknet where they posting sensitive information of victims who do not pay the ransom. ThunderX was launched at the end of August 2020. Soon after launching, weaknesses were found in the code, that allowed decrypting the files that the malware encrypted. The group has fixed the code and publish a new version, then released it under the name Ranzy Locker. The Tor onion URL used by the Ranzy Leak site is the same as the one used by Ako Ransomware. The use of the same URL could indicate that both groups merged, or they are cooperating similarly to the Maze cartel.


Sites

Title Available Last Visit FQDN Screenshot
None 🔴 2021-05-01 00:00:00.000000 37rckgo66iydpvgpwve7b2el5q2zhjw4tv4lmyewufnpx4lhkekxkoqd.onion N/A

Tools used

Discovery RMM Tools Defense Evasion Credential Theft OffSec Networking LOLBAS Exfiltration
UFile

This information is provided by Ransomware-Tool-Matrix

 Negotiation chats

Name # Msg Initial Ransom Negotiated Ransom Paid
20201015 36 N/A N/A
20210223 20 N/A N/A

This information is provided by Valéry Marchive & Julien Mousqueton

Ransom Note(s)