Sponsored by Hudson Rock – Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business
Added on: N/A
The 8base Ransomware group made its first appearance in early March 2022, remaining somewhat quiet after the attacks. ThAdded on: N/A
The Akira ransomware group is said to have emerged in March 2023, and there's much speculation about its ties to the forAdded on: N/A
A Windows ransomware that will run certain tasks to prepare the target system for the encryption of files. MedusaLockerAdded on: N/A
Avaddon is a ransomware malware targeting Windows systems often spread via malicious spam. The first known attack whereAdded on: N/A
Babuk Ransomware is a sophisticated ransomware compiled for several platforms. Windows and ARM for Linux are the most usAdded on: N/A
BianLian ransomware operations began in late 2021. The group practices multi-pronged extortion, demanding payment for aAdded on: N/A
"Black Basta" is a new ransomware strain discovered during April 2022 - looks in dev since at least early February 2022Added on: N/A
Ransomware. Uses dropper written in JavaScript to deploy a .NET payload.Added on: 2025-05-16
BlackLock is a rebranded version of another ransomware group known as Eldorado. It has since become one of the most actiAdded on: N/A
According to Trend Micro, this ransomware has significant code overlap with Royal Ransomware.Added on: 2024-07-01
Brain Cipher emerged in July 2024. Both Windows and Linux variants are available. Brain Cipher using the leaked build ofAdded on: N/A
The CACTUS ransomware is said to have emerged around March 2023. The group became known for exploiting vulnerabilities tAdded on: N/A
The ransomware group known as Cl0p is a variant of a previously known strain dubbed CryptoMix. It is worth noting that tAdded on: N/A
RAAS - Ransomware intégré à un fichier PDF, à faire ouvrir à vos victimes ou à insérer vous-même, Windows et Mac, ne fonAdded on: N/A
Conti is an extremely damaging ransomware due to the speed with which it encrypts data and spreads to other systems. ItAdded on: N/A
According to OALabs, this ransomware has the following features: * Files are encrypted with AES CBC using a generated 2Added on: N/A
The Cuba Ransomware, also known as Colddraw Ransomware, was first identified in the threat landscape in 2019 and built aAdded on: N/A
Darkside ransomware group has started its operation in August of 2020 with the model of RaaS (Ransomware-as-a-Service).Added on: N/A
Doppelpaymer is a ransomware family that encrypts user data and later on it asks for a ransom in order to restore originAdded on: N/A
Dragon Ransomware, is promising rapid and customizable ransomware operations for Windows systems. Key features include aAdded on: N/A
The QNAPCrypt ransomware works similarly to other ransomware, including encrypting all files and delivering a ransom notAdded on: N/A
In September The El Dorado ransomware group have been rebrand as BlackLockAdded on: N/A
Entropy is a ransomware first seen in 1st quarter of 2022, is being used in conjunction of Dridex infection. The ransomwAdded on: N/A
Everest ransom group collects and analyzes information about their victims. They specialize in customer privacy data, fiAdded on: N/A
According to PCrisk, Exorcist is a ransomware-type malicious program. Systems infected with this malware experience dataAdded on: N/A
Fog, which uses the .flocked extension for encrypted files, was first observed in May in campaigns by Storm-0844, a threAdded on: N/A
New possible leak site posted to a forum on November 20th, 2022, no victims at present. Unclear if its for a ransomwareAdded on: 2025-01-24
Our team members are from different countries and we are not interested in anything else, we are only interested in dollAdded on: N/A
Doppelpaymer is a ransomware family that encrypts user data and later on it asks for a ransom in order to restore originAdded on: N/A
According to PCrisk, Hades Locker is an updated version of WildFire Locker ransomware that infiltrates systems and encryAdded on: N/A
Unit42 states that HelloKitty is a ransomware family that first surfaced at the end of 2020, primarily targeting WindowsAdded on: N/A
Hive is a strain of ransomware that was first discovered in June 2021. Hive was designed to be used by Ransomware-as-a-sAdded on: N/A
In mid-October 2023, just a few days before the Europol operation, the source code of the Ransomware Hive was sold, alonAdded on: N/A
ℹ️ La Piovra Ransomware is an exercise of the company Offensive Security (also known as OffSec)Added on: N/A
LockBit, also recognized as LockBit Black or Lockbit 3.0, is one of the largest Ransomware Groups in the world and has oAdded on: N/A
Tesorion describes Lorenz as a ransomware with design and implementation flaws, leading to impossible decryption with toAdded on: N/A
LV ransomware group main message: "Here are companies which didn't meet consumer data protection obligations. They rejecAdded on: N/A
This ransomware uses a combination of different crypto algorithms (ChaCha20, AES-128, Curve25519). The activity of thisAdded on: N/A
Maze ransomware group is one of the most known ransomware gangs, they targeted organizations worldwide across many indusAdded on: N/A
Medusa is a DDoS bot written in .NET 2.0. In its current incarnation its C&C protocol is based on HTTP, while its predecAdded on: N/A
This malware written in C# is a variant of the Thanos ransomware family and emerged in October 2021 and is obfuscated usAdded on: N/A
Cybereason Nocturnus describes Moses Staff as an Iranian hacker group, first spotted in October 2021. Their motivation aAdded on: N/A
N3tw0rm ransomware group is linked to Iran by many security researchers especially for the fact that the group targetingAdded on: N/A
According to Vitali Kremez and Michael Gillespie, this ransomware shares much code with Nemty 2.5. A difference is removAdded on: N/A
Nemty is a ransomware that was discovered in September 2019. Fortinet states that they found it being distributed througAdded on: N/A
NetWalker ransomware group operates by the threat actor known as "CIRCUS SPIDER". The NetWalker ransomware was discovereAdded on: N/A
Pay2Key is ransomware that has been used by the threat actor Fox Kitten. The group seems to operate since July 2020, tarAdded on: N/A
Initially observed in June 2022, the Play ransomware (a.k.a PlayCrypt) operates through double extortion, targeting numeAdded on: N/A
PwndLocker is a ransomware that was observed in late 2019 and is reported to have been used to target businesses and locAdded on: N/A
Ransomware written in .NET, apparently derived from the codebase of win.hakbit (Thanos) ransomware.Added on: N/A
Mespinosa is a ransomware which encrypts file using an asymmetric encryption and adds .pysa as file extension. AccordingAdded on: N/A
Qilin ransomware was first observed in July of 2022. Qilin Ransomware is written in Golang and supports multiple encryptAdded on: N/A
According to Bleeping Computer, the ransomware is used in targeted attacks against unpatched Citrix servers. It excludesAdded on: 2025-05-13
Launched on April 24th, 2025 RansomBay is a new project operating under the DragonForce initiativeAdded on: N/A
RansomExx is a ransomware family that targeted multiple companies starting in mid-2020. It shares commonalities with DefAdded on: N/A
The group emerged in mid-February 2024 and has already listed several organizations as alleged victims of their attacks,Added on: N/A
Ranzy Locker, Former known as ThunderX. The group hosting a data leak site in the darknet where they posting sensitive iAdded on: N/A
RA Group, also known as RA World, first surfaced in April 2023, utilizing a custom variant of the Babuk ransomware.Added on: N/A
Sodinokibi ransomware group also known as REvil (Ransomware Evil) operates as a ransomware-as-a-service (RaaS) model. AfAdded on: N/A
Rhysida is a ransomware-as-a-service (RAAS) group that emerged in May 2023. The group utilizes a namesake ransomware thrAdded on: N/A
According to PCrisk, Rook is ransomware (an updated variant of Babuk) that prevents victims from accessing/opening filesAdded on: N/A
According to Trendmicro, Royal ransomware was first observed in September 2022, and the threat actors behind it are beliAdded on: 2025-03-14
Encrypted Extension: .vanhelsing, .vanlocker. Targets Windows Platform onlyAdded on: N/A
Not a ransomware group but a hacktivist group that appeared coincidentally days before Russia’s invasion of UkraineAdded on: 2025-04-23
Unlike many other groups, Silent claims to operate with a high level of anonymity and discretion. According to their ownAdded on: N/A
Snatch is a ransomware which infects victims by rebooting the PC into Safe Mode. Most of the existing security protectioAdded on: N/A
According to PCrisk, Trigona is ransomware that encrypts files and appends the ._locked extension to filenames. Also, itAdded on: N/A
Vice Society ransomware appends the .v-society extension when encrypting Linux machines. Running a leak site on the darkAdded on: N/A
WannaCry ransomware is a cyber attack that spreads by exploiting vulnerabilities in the Windows operating system. At itsAdded on: 2025-05-16
World Leaks emerged in January 2025 as a rebrand of the Hunters International ransomware operation, shifting its focus fAdded on: N/A
According to PCrisk, Yanluowang is ransomware that encrypts (and renames) files, ends all running processes, stops servi