arvinclub

Arvin Club first appeared around early to mid-2021, debuting on its Tor leak site with posts dating back to May 5, 2021. While frequently characterized as ransomware, there is no verified evidence of file encryption or RaaS operations—its behavior aligns more closely with data-leak and hacktivist activity. The group actively publishes stolen data via its Onion site and maintains a prominent presence on Telegram, operating both official channels and group chats (notably with Persian-language content). A known target includes India's Kendriya Vidyalaya school network among others. Arvin Club has shown ideological leanings (notably support for REvil) and claims to have “hacktivist” motivations, including activities against the Iranian regime. No encryption algorithms, file extensions, or ransom notes have been publicly documented.