Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Ransomware Groups
  • Added on: N/A

    No description available.
    | Victims: 7
  • Added on: N/A

    The 8base Ransomware group made its first appearance in early March 2022, remaining somewhat quiet after the attacks. Th
    | Victims: 455
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 81
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    The Akira ransomware group is said to have emerged in March 2023, and there's much speculation about its ties to the for
    | Victims: 790
  • Added on: N/A

    A Windows ransomware that will run certain tasks to prepare the target system for the encryption of files. MedusaLocker
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 17
  • Added on: N/A

    The operators of the ALPHV/BlackCat ransomware began their activity in December 2021, making posts on Dark Web forums to
    | Victims: 731
  • Added on: 2025-02-25

    No description available.
    | Victims: 7
  • Added on: N/A

    No description available.
    | Victims: 10
  • Added on: N/A

    A new ransomware group is said to have emerged in mid-April 2024, under the name 'APT73.' It's worth noting that the gro
    | Victims: 79
  • Added on: N/A

    No description available.
    | Victims: 82
  • Added on: N/A

    No description available.
    | Victims: 13
  • Added on: 2025-03-25

    No description available.
    | Victims: 2
  • Added on: N/A

    No description available.
    | Victims: 35
  • Added on: N/A

    No description available.
    | Victims: 4
  • Added on: N/A

    Avaddon is a ransomware malware targeting Windows systems often spread via malicious spam. The first known attack where
    | Victims: 147
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 70
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    Babuk Ransomware is a sophisticated ransomware compiled for several platforms. Windows and ARM for Linux are the most us
    | Victims: 8
  • Added on: 2025-01-27

    Babuk Locker 2.0, also known as Bjorka or SkyWave, after failing to make any profit from selling public databases on for
    | Victims: 180
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: 2025-04-06

    No description available.
    | Victims: 4
  • Added on: N/A

    BianLian ransomware operations began in late 2021. The group practices multi-pronged extortion, demanding payment for a
    | Victims: 553
  • Added on: N/A

    "Black Basta" is a new ransomware strain discovered during April 2022 - looks in dev since at least early February 2022
    | Victims: 524
  • Added on: N/A

    Ransomware. Uses dropper written in JavaScript to deploy a .NET payload.
    | Victims: 138
  • Added on: 2025-05-16

    BlackLock is a rebranded version of another ransomware group known as Eldorado. It has since become one of the most acti
    | Victims: 49
  • Added on: N/A

    Ransomware-as-a-Service
    | Victims: 32
  • Added on: N/A

    No description available.
    | Victims: 9
  • Added on: N/A

    No description available.
    | Victims: 3
  • Added on: N/A

    According to Trend Micro, this ransomware has significant code overlap with Royal Ransomware.
    | Victims: 181
  • Added on: N/A

    No description available.
    | Victims: 4
  • Added on: N/A

    No description available.
    | Victims: 3
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 3
  • Added on: 2024-07-01

    Brain Cipher emerged in July 2024. Both Windows and Linux variants are available. Brain Cipher using the leaked build of
    | Victims: 35
  • Added on: N/A

    The CACTUS ransomware is said to have emerged around March 2023. The group became known for exploiting vulnerabilities t
    | Victims: 248
  • Added on: 2025-03-31

    No description available.
    | Victims: 6
  • Added on: N/A

    No description available.
    | Victims: 15
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 7
  • Added on: N/A

    No description available.
    | Victims: 66
  • Added on: N/A

    No description available.
    | Victims: 27
  • Added on: N/A

    No description available.
    | Victims: 141
  • Added on: N/A

    The ransomware group known as Cl0p is a variant of a previously known strain dubbed CryptoMix. It is worth noting that t
    | Victims: 1012
  • Added on: N/A

    RAAS - Ransomware intégré à un fichier PDF, à faire ouvrir à vos victimes ou à insérer vous-même, Windows et Mac, ne fon
    | Victim: 0
  • Added on: N/A

    Conti is an extremely damaging ransomware due to the speed with which it encrypts data and spreads to other systems. It
    | Victims: 351
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: 2025-03-09

    No description available.
    | Victims: 10
  • Added on: N/A

    No description available.
    | Victims: 1
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 11
  • Added on: N/A

    No description available.
    | Victims: 8
  • Added on: N/A

    According to OALabs, this ransomware has the following features: * Files are encrypted with AES CBC using a generated 2
    | Victims: 2
  • Added on: 2025-04-08

    No description available.
    | Victims: 8
  • Added on: N/A

    The Cuba Ransomware, also known as Colddraw Ransomware, was first identified in the threat landscape in 2019 and built a
    | Victims: 105
  • Added on: N/A

    No description available.
    | Victims: 7
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 17
  • Added on: N/A

    No description available.
    | Victims: 33
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 39
  • Added on: N/A

    No description available.
    | Victims: 10
  • Added on: N/A

    No description available.
    | Victims: 10
  • Added on: N/A

    Darkside ransomware group has started its operation in August of 2020 with the model of RaaS (Ransomware-as-a-Service).
    | Victims: 10
  • Added on: N/A

    No description available.
    | Victims: 55
  • Added on: N/A

    No description available.
    | Victims: 6
  • Added on: 2025-04-06

    Former RansomHub and INC Ransom affiliate.
    | Victims: 36
  • Added on: N/A

    A ransomware with potential ties to Wizard Spider.
    | Victim: 0
  • Added on: N/A

    This is not a ransomware group but a data broker
    | Victims: 344
  • Added on: N/A

    No description available.
    | Victims: 5
  • Added on: N/A

    No description available.
    | Victims: 42
  • Added on: N/A

    Doppelpaymer is a ransomware family that encrypts user data and later on it asks for a ransom in order to restore origin
    | Victims: 24
  • Added on: N/A

    No description available.
    | Victims: 170
  • Added on: N/A

    Dragon Ransomware, is promising rapid and customizable ransomware operations for Windows systems. Key features include a
    | Victims: 39
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 18
  • Added on: N/A

    The QNAPCrypt ransomware works similarly to other ransomware, including encrypting all files and delivering a ransom not
    | Victim: 0
  • Added on: N/A

    In September The El Dorado ransomware group have been rebrand as BlackLock
    | Victims: 114
  • Added on: N/A

    No description available.
    | Victims: 24
  • Added on: N/A

    Entropy is a ransomware first seen in 1st quarter of 2022, is being used in conjunction of Dridex infection. The ransomw
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    Everest ransom group collects and analyzes information about their victims. They specialize in customer privacy data, fi
    | Victims: 208
  • Added on: N/A

    According to PCrisk, Exorcist is a ransomware-type malicious program. Systems infected with this malware experience data
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 43
  • Added on: N/A

    Fog, which uses the .flocked extension for encrypted files, was first observed in May in campaigns by Storm-0844, a thre
    | Victims: 189
  • Added on: 2025-03-24

    No description available.
    | Victims: 28
  • Added on: N/A

    No description available.
    | Victims: 14
  • Added on: N/A

    New possible leak site posted to a forum on November 20th, 2022, no victims at present. Unclear if its for a ransomware
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 172
  • Added on: 2025-01-24

    Our team members are from different countries and we are not interested in anything else, we are only interested in doll
    | Victims: 5
  • Added on: N/A

    Doppelpaymer is a ransomware family that encrypts user data and later on it asks for a ransom in order to restore origin
    | Victims: 3
  • Added on: N/A

    No description available.
    | Victims: 13
  • Added on: 2025-04-23

    No description available.
    | Victims: 8
  • Added on: N/A

    According to PCrisk, Hades Locker is an updated version of WildFire Locker ransomware that infiltrates systems and encry
    | Victims: 1
  • Added on: N/A

    Not a Ransomware Group
    | Victims: 57
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 20
  • Added on: N/A

    No description available.
    | Victims: 37
  • Added on: N/A

    No description available.
    | Victims: 3
  • Added on: N/A

    Unit42 states that HelloKitty is a ransomware family that first surfaced at the end of 2020, primarily targeting Windows
    | Victim: 0
  • Added on: N/A

    Hive is a strain of ransomware that was first discovered in June 2021. Hive was designed to be used by Ransomware-as-a-s
    | Victims: 208
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    In mid-October 2023, just a few days before the Europol operation, the source code of the Ransomware Hive was sold, alon
    | Victims: 304
  • Added on: N/A

    No description available.
    | Victims: 11
  • Added on: 2025-05-05

    No description available.
    | Victims: 8
  • Added on: N/A

    No description available.
    | Victims: 313
  • Added on: N/A

    No description available.
    | Victims: 1
  • Added on: N/A

    No description available.
    | Victims: 35
  • Added on: 2025-05-02

    No description available.
    | Victims: 14
  • Added on: N/A

    No description available.
    | Victims: 36
  • Added on: N/A

    No description available.
    | Victims: 74
  • Added on: N/A

    No description available.
    | Victims: 7
  • Added on: N/A

    No description available.
    | Victims: 26
  • Added on: N/A

    No description available.
    | Victims: 203
  • Added on: N/A

    [Cyclops](group/cyclops) rebrand
    | Victims: 48
  • Added on: 2025-02-09

    No description available.
    | Victims: 9
  • Added on: N/A

    ℹ️ La Piovra Ransomware is an exercise of the company Offensive Security (also known as OffSec)
    | Victims: 1
  • Added on: N/A

    No description available.
    | Victims: 20
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: 2025-02-19

    No description available.
    | Victims: 1
  • Added on: N/A

    No description available.
    | Victims: 5
  • Added on: N/A

    No description available.
    | Victims: 1006
  • Added on: N/A

    LockBit, also recognized as LockBit Black or Lockbit 3.0, is one of the largest Ransomware Groups in the world and has o
    | Victims: 2016
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 5
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    Tesorion describes Lorenz as a ransomware with design and implementation flaws, leading to impossible decryption with to
    | Victims: 78
  • Added on: N/A

    No description available.
    | Victims: 53
  • Added on: N/A

    LV ransomware group main message: "Here are companies which didn't meet consumer data protection obligations. They rejec
    | Victims: 63
  • Added on: N/A

    No description available.
    | Victims: 240
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 16
  • Added on: N/A

    No description available.
    | Victims: 171
  • Added on: N/A

    No description available.
    | Victims: 7
  • Added on: N/A

    This ransomware uses a combination of different crypto algorithms (ChaCha20, AES-128, Curve25519). The activity of this
    | Victims: 49
  • Added on: 2025-03-12

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 32
  • Added on: N/A

    Maze ransomware group is one of the most known ransomware gangs, they targeted organizations worldwide across many indus
    | Victims: 60
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 452
  • Added on: N/A

    Medusa is a DDoS bot written in .NET 2.0. In its current incarnation its C&C protocol is based on HTTP, while its predec
    | Victims: 47
  • Added on: N/A

    No description available.
    | Victims: 145
  • Added on: N/A

    No description available.
    | Victims: 29
  • Added on: N/A

    This malware written in C# is a variant of the Thanos ransomware family and emerged in October 2021 and is obfuscated us
    | Victims: 44
  • Added on: N/A

    Ransomware, potential rebranding of win.sfile.
    | Victims: 13
  • Added on: N/A

    No description available.
    | Victims: 9
  • Added on: N/A

    No description available.
    | Victims: 26
  • Added on: N/A

    No description available.
    | Victims: 110
  • Added on: 2025-01-07

    No description available.
    | Victims: 9
  • Added on: N/A

    Cybereason Nocturnus describes Moses Staff as an Iranian hacker group, first spotted in October 2021. Their motivation a
    | Victims: 16
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    N3tw0rm ransomware group is linked to Iran by many security researchers especially for the fact that the group targeting
    | Victim: 0
  • Added on: N/A

    According to Vitali Kremez and Michael Gillespie, this ransomware shares much code with Nemty 2.5. A difference is remov
    | Victims: 15
  • Added on: N/A

    Nemty is a ransomware that was discovered in September 2019. Fortinet states that they found it being distributed throug
    | Victim: 0
  • Added on: N/A

    NetWalker ransomware group operates by the threat actor known as "CIRCUS SPIDER". The NetWalker ransomware was discovere
    | Victims: 26
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 2
  • Added on: 2025-03-12

    No description available.
    | Victims: 49
  • Added on: N/A

    No description available.
    | Victims: 25
  • Added on: N/A

    No description available.
    | Victims: 126
  • Added on: N/A

    No description available.
    | Victims: 36
  • Added on: N/A

    No description available.
    | Victims: 3
  • Added on: 2025-04-28

    Rebrand of RALord
    | Victims: 18
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 28
  • Added on: N/A

    No description available.
    | Victims: 4
  • Added on: N/A

    Pandora ransomware was obtained by vx-underground at 2022-03-14.
    | Victims: 5
  • Added on: N/A

    Pay2Key is ransomware that has been used by the threat actor Fox Kitten. The group seems to operate since July 2020, tar
    | Victims: 7
  • Added on: N/A

    No description available.
    | Victims: 29
  • Added on: N/A

    Initially observed in June 2022, the Play ransomware (a.k.a PlayCrypt) operates through double extortion, targeting nume
    | Victims: 889
  • Added on: N/A

    No description available.
    | Victims: 1
  • Added on: N/A

    No description available.
    | Victims: 5
  • Added on: N/A

    PwndLocker is a ransomware that was observed in late 2019 and is reported to have been used to target businesses and loc
    | Victims: 2
  • Added on: N/A

    Ransomware written in .NET, apparently derived from the codebase of win.hakbit (Thanos) ransomware.
    | Victim: 0
  • Added on: N/A

    Mespinosa is a ransomware which encrypts file using an asymmetric encryption and adds .pysa as file extension. According
    | Victims: 311
  • Added on: N/A

    Qilin ransomware was first observed in July of 2022. Qilin Ransomware is written in Golang and supports multiple encrypt
    | Victims: 454
  • Added on: N/A

    No description available.
    | Victims: 8
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 68
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 128
  • Added on: N/A

    According to Bleeping Computer, the ransomware is used in targeted attacks against unpatched Citrix servers. It excludes
    | Victims: 3
  • Added on: 2025-03-26

    No description available.
    | Victims: 19
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 6
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: 2025-05-13

    Launched on April 24th, 2025 RansomBay is a new project operating under the DragonForce initiative
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 4
  • Added on: N/A

    No description available.
    | Victims: 68
  • Added on: N/A

    RansomExx is a ransomware family that targeted multiple companies starting in mid-2020. It shares commonalities with Def
    | Victims: 83
  • Added on: N/A

    No description available.
    | Victims: 133
  • Added on: N/A

    The group emerged in mid-February 2024 and has already listed several organizations as alleged victims of their attacks,
    | Victims: 844
  • Added on: N/A

    No description available.
    | Victims: 1
  • Added on: N/A

    Ranzy Locker, Former known as ThunderX. The group hosting a data leak site in the darknet where they posting sensitive i
    | Victim: 0
  • Added on: N/A

    RA Group, also known as RA World, first surfaced in April 2023, utilizing a custom variant of the Babuk ransomware.
    | Victims: 137
  • Added on: N/A

    RANSOMED.VC aka Raznatovic
    | Victims: 5
  • Added on: N/A

    No description available.
    | Victims: 6
  • Added on: N/A

    No description available.
    | Victims: 16
  • Added on: N/A

    Sodinokibi ransomware group also known as REvil (Ransomware Evil) operates as a ransomware-as-a-service (RaaS) model. Af
    | Victims: 98
  • Added on: N/A

    Rhysida is a ransomware-as-a-service (RAAS) group that emerged in May 2023. The group utilizes a namesake ransomware thr
    | Victims: 203
  • Added on: N/A

    No description available.
    | Victims: 1
  • Added on: N/A

    According to PCrisk, Rook is ransomware (an updated variant of Babuk) that prevents victims from accessing/opening files
    | Victims: 9
  • Added on: N/A

    According to Trendmicro, Royal ransomware was first observed in September 2022, and the threat actors behind it are beli
    | Victims: 211
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: 2025-02-27

    No description available.
    | Victims: 5
  • Added on: N/A

    No description available.
    | Victims: 17
  • Added on: N/A

    No description available.
    | Victims: 169
  • Added on: N/A

    No description available.
    | Victims: 99
  • Added on: 2025-03-14

    Encrypted Extension: .vanhelsing, .vanlocker. Targets Windows Platform only
    | Victims: 1
  • Added on: N/A

    No description available.
    | Victims: 2
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 4
  • Added on: N/A

    Not a ransomware group but a hacktivist group that appeared coincidentally days before Russia’s invasion of Ukraine
    | Victims: 19
  • Added on: 2025-04-23

    Unlike many other groups, Silent claims to operate with a high level of anonymity and discretion. According to their own
    | Victims: 5
  • Added on: 2025-05-06

    a former Conti team
    | Victims: 72
  • Added on: 2025-03-06

    No description available.
    | Victims: 7
  • Added on: N/A

    No description available.
    | Victims: 1
  • Added on: N/A

    Snatch is a ransomware which infects victims by rebooting the PC into Safe Mode. Most of the existing security protectio
    | Victims: 142
  • Added on: N/A

    Ransomware, written in .NET.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 67
  • Added on: N/A

    No description available.
    | Victims: 16
  • Added on: N/A

    No description available.
    | Victims: 35
  • Added on: N/A

    No description available.
    | Victims: 135
  • Added on: N/A

    Ransomware, written in Delphi.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 32
  • Added on: N/A

    No description available.
    | Victims: 1
  • Added on: N/A

    No description available.
    | Victims: 23
  • Added on: N/A

    A new Ransomware family identified by the name '3AM' or 'ThreeAM' in September 2023. The ransomware operation was observ
    | Victims: 55
  • Added on: N/A

    Pro-Palestinian Group
    | Victims: 117
  • Added on: N/A

    According to PCrisk, Trigona is ransomware that encrypts files and appends the ._locked extension to filenames. Also, it
    | Victims: 49
  • Added on: N/A

    No description available.
    | Victims: 18
  • Added on: N/A

    No description available.
    | Victims: 3
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 24
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    A group which seems to recycle leak from other ransomware groups
    | Victims: 14
  • Added on: N/A

    No description available.
    | Victims: 5
  • Added on: 2025-03-17

    No description available.
    | Victims: 8
  • Added on: N/A

    No description available.
    | Victims: 3
  • Added on: N/A

    Ransomware, which appears to be a rebranding of win.cuba.
    | Victims: 3
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    Vice Society ransomware appends the .v-society extension when encrypting Linux machines. Running a leak site on the dark
    | Victims: 189
  • Added on: N/A

    WannaCry ransomware is a cyber attack that spreads by exploiting vulnerabilities in the Windows operating system. At its
    | Victims: 33
  • Added on: N/A

    No description available.
    | Victims: 26
  • Added on: 2025-03-06

    No description available.
    | Victims: 9
  • Added on: 2025-05-16

    World Leaks emerged in January 2025 as a rebrand of the Hunters International ransomware operation, shifting its focus f
    | Victims: 3
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 21
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: N/A

    According to PCrisk, Yanluowang is ransomware that encrypts (and renames) files, ends all running processes, stops servi
    | Victims: 6
  • Added on: N/A

    No description available.
    | Victim: 0
  • Added on: 2025-04-28

    No description available.
    | Victim: 0
  • Added on: N/A

    No description available.
    | Victims: 1