Threat Groups

Ransomware group active in data extortion.

Active ransomware group with data extortion operations.

Major RaaS operation disrupted by FBI in January 2023.

Former RansomHub and INC Ransom affiliate.

Babuk 2.0/SatanLock. Impersonates original Babuk.

CoinbaseCartel specializes in data acquisition through system access and strategic partnerships. It focus exclusively on...

Active ransomware and data leak group.

RA Group, also known as RA World, first surfaced in April 2023, utilizing a custom variant of the Babuk ransomware.

Pro-Palestinian Group

Nova (formerly RALord) is a ransomware-as-a-service (RaaS) group that encrypts victims’files and uses double-extortion t...

Pure Extraction And Ransom (PEAR) Team is the community of highly responsible and strictly disciplined members. We are a...

a former Conti team

The Warlock ransomware and operator(s) are believed to be attributed to Storm-2603, a China-based threat actor who is al...

Ransomware group active in data extortion.

Ransomware group active in data extortion.

BlackLock is a rebranded version of another ransomware group known as Eldorado. It has since become one of the most acti...

Ransomware group active in data extortion.

Medusa is a DDoS bot written in .NET 2.0. In its current incarnation its C&C protocol is based on HTTP, while its predec...

WannaCry ransomware is a cyber attack that spreads by exploiting vulnerabilities in the Windows operating system. At its...

Dragon Ransomware, is promising rapid and customizable ransomware operations for Windows systems. Key features include a...

Ransomware group active in data extortion.

A group which seems to recycle leak from other ransomware groups

Encrypted Extension: .vanhelsing, .vanlocker. Targets Windows Platform only

Unlike many other groups, Silent claims to operate with a high level of anonymity and discretion. According to their own...

RANSOMED.VC aka Raznatovic

RAAS - Ransomware intégré à un fichier PDF, à faire ouvrir à vos victimes ou à insérer vous-même, Windows et Mac, ne fon...

ℹ️ La Piovra Ransomware is an exercise of the company Offensive Security (also known as OffSec)

Our team members are from different countries and we are not interested in anything else, we are only interested in doll...

First known AI-powered ransomware. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama ...

New possible leak site posted to a forum on November 20th, 2022, no victims at present. Unclear if its for a ransomware ...

Likely associated with the cybercrime group BlingLibra (ShinyHunters)

Blue Locker targets Pakistan’s vital energy sector, particularly Pakistan Petroleum

The group appears unreliable. Most, if not all, of its alleged victims cannot be verified and appear to be randomly sele...

Launched on April 24th, 2025 RansomBay is a new project operating under the DragonForce initiative