Sponsored by Hudson Rock – Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business
Added on: N/A
Last victim: 2025-02-01
The 8base Ransomware group made its first appearance in early March 2022, remaining somewhat quiet after the attacks. ThAdded on: N/A
Last victim: 2025-11-07
The Akira ransomware group is said to have emerged in March 2023, and there's much speculation about its ties to the forAdded on: N/A
Last victim: N/A
A Windows ransomware that will run certain tasks to prepare the target system for the encryption of files. MedusaLockerAdded on: N/A
Last victim: 2021-09-09
Avaddon is a ransomware malware targeting Windows systems often spread via malicious spam. The first known attack whereAdded on: N/A
Last victim: 2021-07-27
Babuk Ransomware is a sophisticated ransomware compiled for several platforms. Windows and ARM for Linux are the most usAdded on: N/A
Last victim: 2025-03-31
BianLian ransomware operations began in late 2021. The group practices multi-pronged extortion, demanding payment for aAdded on: N/A
Last victim: 2025-01-11
"Black Basta" is a new ransomware strain discovered during April 2022 - looks in dev since at least early February 2022Added on: N/A
Last victim: 2025-07-30
Ransomware. Uses dropper written in JavaScript to deploy a .NET payload.Added on: 2025-05-16
Last victim: 2025-07-02
BlackLock is a rebranded version of another ransomware group known as Eldorado. It has since become one of the most actiAdded on: 2025-08-06
Last victim: 2025-10-21
No description available.Added on: N/A
Last victim: 2025-05-29
According to Trend Micro, this ransomware has significant code overlap with Royal Ransomware.Added on: 2025-08-19
Last victim: N/A
Blue Locker targets Pakistan’s vital energy sector, particularly Pakistan PetroleumAdded on: 2024-07-01
Last victim: 2025-10-29
Brain Cipher emerged in July 2024. Both Windows and Linux variants are available. Brain Cipher using the leaked build ofAdded on: N/A
Last victim: 2025-03-17
The CACTUS ransomware is said to have emerged around March 2023. The group became known for exploiting vulnerabilities tAdded on: N/A
Last victim: 2025-11-07
The ransomware group known as Cl0p is a variant of a previously known strain dubbed CryptoMix. It is worth noting that tAdded on: 2025-09-15
Last victim: 2025-11-04
CoinbaseCartel specializes in data acquisition through system access and strategic partnerships. It focus exclusively onAdded on: N/A
Last victim: N/A
RAAS - Ransomware intégré à un fichier PDF, à faire ouvrir à vos victimes ou à insérer vous-même, Windows et Mac, ne fonAdded on: N/A
Last victim: 2022-06-07
Conti is an extremely damaging ransomware due to the speed with which it encrypts data and spreads to other systems. ItAdded on: N/A
Last victim: 2023-04-19
According to OALabs, this ransomware has the following features: * Files are encrypted with AES CBC using a generated 2Added on: N/A
Last victim: 2024-02-01
The Cuba Ransomware, also known as Colddraw Ransomware, was first identified in the threat landscape in 2019 and built aAdded on: N/A
Last victim: 2021-05-13
Darkside ransomware group has started its operation in August of 2020 with the model of RaaS (Ransomware-as-a-Service).Added on: 2025-04-06
Last victim: 2025-11-05
Former RansomHub and INC Ransom affiliate.Added on: N/A
Last victim: N/A
A ransomware with potential ties to Wizard Spider.Added on: N/A
Last victim: 2024-08-11
This is not a ransomware group but a data brokerAdded on: N/A
Last victim: 2021-04-10
Doppelpaymer is a ransomware family that encrypts user data and later on it asks for a ransom in order to restore originAdded on: N/A
Last victim: 2024-12-16
Dragon Ransomware, is promising rapid and customizable ransomware operations for Windows systems. Key features include aAdded on: N/A
Last victim: N/A
The QNAPCrypt ransomware works similarly to other ransomware, including encrypting all files and delivering a ransom notAdded on: N/A
Last victim: 2025-01-24
In September The El Dorado ransomware group have been rebrand as BlackLockAdded on: N/A
Last victim: N/A
Entropy is a ransomware first seen in 1st quarter of 2022, is being used in conjunction of Dridex infection. The ransomwAdded on: N/A
Last victim: 2025-11-06
Everest ransom group collects and analyzes information about their victims. They specialize in customer privacy data, fiAdded on: N/A
Last victim: N/A
According to PCrisk, Exorcist is a ransomware-type malicious program. Systems infected with this malware experience dataAdded on: N/A
Last victim: 2025-03-20
Fog, which uses the .flocked extension for encrypted files, was first observed in May in campaigns by Storm-0844, a threAdded on: N/A
Last victim: N/A
New possible leak site posted to a forum on November 20th, 2022, no victims at present. Unclear if its for a ransomwareAdded on: 2025-01-24
Last victim: 2025-01-26
Our team members are from different countries and we are not interested in anything else, we are only interested in dollAdded on: N/A
Last victim: 2021-06-30
Doppelpaymer is a ransomware family that encrypts user data and later on it asks for a ransom in order to restore originAdded on: N/A
Last victim: 2020-12-15
According to PCrisk, Hades Locker is an updated version of WildFire Locker ransomware that infiltrates systems and encryAdded on: N/A
Last victim: N/A
Unit42 states that HelloKitty is a ransomware family that first surfaced at the end of 2020, primarily targeting WindowsAdded on: N/A
Last victim: 2023-01-16
Hive is a strain of ransomware that was first discovered in June 2021. Hive was designed to be used by Ransomware-as-a-sAdded on: N/A
Last victim: 2025-05-27
In mid-October 2023, just a few days before the Europol operation, the source code of the Ransomware Hive was sold, alonAdded on: 2025-06-27
Last victim: 2025-07-28
No description available.Added on: N/A
Last victim: 2022-06-25
ℹ️ La Piovra Ransomware is an exercise of the company Offensive Security (also known as OffSec)Added on: N/A
Last victim: 2025-04-28
LockBit, also recognized as LockBit Black or Lockbit 3.0, is one of the largest Ransomware Groups in the world and has oAdded on: N/A
Last victim: 2023-12-01
Tesorion describes Lorenz as a ransomware with design and implementation flaws, leading to impossible decryption with toAdded on: N/A
Last victim: 2022-11-27
LV ransomware group main message: "Here are companies which didn't meet consumer data protection obligations. They rejecAdded on: N/A
Last victim: 2024-07-14
This ransomware uses a combination of different crypto algorithms (ChaCha20, AES-128, Curve25519). The activity of thisAdded on: N/A
Last victim: 2020-09-11
Maze ransomware group is one of the most known ransomware gangs, they targeted organizations worldwide across many indusAdded on: N/A
Last victim: 2025-09-14
Medusa is a DDoS bot written in .NET 2.0. In its current incarnation its C&C protocol is based on HTTP, while its predecAdded on: N/A
Last victim: 2022-04-14
This malware written in C# is a variant of the Thanos ransomware family and emerged in October 2021 and is obfuscated usAdded on: N/A
Last victim: 2022-05-05
Ransomware, potential rebranding of win.sfile.Added on: N/A
Last victim: 2025-08-04
No description available.Added on: N/A
Last victim: 2021-12-18
Cybereason Nocturnus describes Moses Staff as an Iranian hacker group, first spotted in October 2021. Their motivation aAdded on: N/A
Last victim: N/A
N3tw0rm ransomware group is linked to Iran by many security researchers especially for the fact that the group targetingAdded on: N/A
Last victim: 2021-09-09
According to Vitali Kremez and Michael Gillespie, this ransomware shares much code with Nemty 2.5. A difference is removAdded on: N/A
Last victim: N/A
Nemty is a ransomware that was discovered in September 2019. Fortinet states that they found it being distributed througAdded on: N/A
Last victim: 2020-12-12
NetWalker ransomware group operates by the threat actor known as "CIRCUS SPIDER". The NetWalker ransomware was discovereAdded on: 2025-04-28
Last victim: 2025-11-02
Nova (formerly RALord) is a ransomware-as-a-service (RaaS) group that encrypts victims’files and uses double-extortion tAdded on: N/A
Last victim: 2022-03-30
Pandora ransomware was obtained by vx-underground at 2022-03-14.Added on: N/A
Last victim: 2021-09-09
Pay2Key is ransomware that has been used by the threat actor Fox Kitten. The group seems to operate since July 2020, tarAdded on: 2025-07-07
Last victim: 2025-11-04
No description available.Added on: 2025-08-05
Last victim: 2025-10-29
Pure Extraction And Ransom (PEAR) Team is the community of highly responsible and strictly disciplined members. We are aAdded on: N/A
Last victim: 2025-11-04
Initially observed in June 2022, the Play ransomware (a.k.a PlayCrypt) operates through double extortion, targeting numeAdded on: N/A
Last victim: 2020-04-25
PwndLocker is a ransomware that was observed in late 2019 and is reported to have been used to target businesses and locAdded on: N/A
Last victim: N/A
Ransomware written in .NET, apparently derived from the codebase of win.hakbit (Thanos) ransomware.Added on: 2025-08-26
Last victim: N/A
First known AI-powered ransomware. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the OllamaAdded on: N/A
Last victim: 2022-09-20
Mespinosa is a ransomware which encrypts file using an asymmetric encryption and adds .pysa as file extension. AccordingAdded on: N/A
Last victim: 2025-11-08
Qilin ransomware was first observed in July of 2022. Qilin Ransomware is written in Golang and supports multiple encryptAdded on: N/A
Last victim: 2021-12-30
According to Bleeping Computer, the ransomware is used in targeted attacks against unpatched Citrix servers. It excludesAdded on: 2025-05-13
Last victim: N/A
Launched on April 24th, 2025 RansomBay is a new project operating under the DragonForce initiativeAdded on: N/A
Last victim: 2025-03-07
RansomExx is a ransomware family that targeted multiple companies starting in mid-2020. It shares commonalities with DefAdded on: N/A
Last victim: 2025-03-31
The group emerged in mid-February 2024 and has already listed several organizations as alleged victims of their attacks,Added on: N/A
Last victim: N/A
Ranzy Locker, Former known as ThunderX. The group hosting a data leak site in the darknet where they posting sensitive iAdded on: 2025-07-08
Last victim: 2025-07-09
No description available.Added on: N/A
Last victim: 2022-11-28
Sodinokibi ransomware group also known as REvil (Ransomware Evil) operates as a ransomware-as-a-service (RaaS) model. AfAdded on: N/A
Last victim: 2025-11-05
Rhysida is a ransomware-as-a-service (RAAS) group that emerged in May 2023. The group utilizes a namesake ransomware thrAdded on: N/A
Last victim: 2022-01-08
According to PCrisk, Rook is ransomware (an updated variant of Babuk) that prevents victims from accessing/opening filesAdded on: N/A
Last victim: 2023-07-19
According to Trendmicro, Royal ransomware was first observed in September 2022, and the threat actors behind it are beliAdded on: 2025-03-14
Last victim: 2025-03-14
Encrypted Extension: .vanhelsing, .vanlocker. Targets Windows Platform onlyAdded on: N/A
Last victim: 2023-12-09
Not a ransomware group but a hacktivist group that appeared coincidentally days before Russia’s invasion of UkraineAdded on: 2025-04-23
Last victim: 2025-06-21
Unlike many other groups, Silent claims to operate with a high level of anonymity and discretion. According to their ownAdded on: 2025-05-06
Last victim: 2025-10-24
a former Conti teamAdded on: N/A
Last victim: 2024-05-15
Snatch is a ransomware which infects victims by rebooting the PC into Safe Mode. Most of the existing security protectioAdded on: N/A
Last victim: 2024-03-30
According to PCrisk, Trigona is ransomware that encrypts files and appends the ._locked extension to filenames. Also, itAdded on: N/A
Last victim: 2024-01-14
A group which seems to recycle leak from other ransomware groupsAdded on: N/A
Last victim: 2023-02-27
Ransomware, which appears to be a rebranding of win.cuba.Added on: N/A
Last victim: 2023-06-20
Vice Society ransomware appends the .v-society extension when encrypting Linux machines. Running a leak site on the darkAdded on: N/A
Last victim: 2018-02-23
WannaCry ransomware is a cyber attack that spreads by exploiting vulnerabilities in the Windows operating system. At itsAdded on: 2025-06-10
Last victim: 2025-11-06
The Warlock ransomware and operator(s) are believed to be attributed to Storm-2603, a China-based threat actor who is alAdded on: 2025-05-16
Last victim: 2025-11-06
World Leaks emerged in January 2025 as a rebrand of the Hunters International ransomware operation, shifting its focus fAdded on: N/A
Last victim: 2022-08-10
According to PCrisk, Yanluowang is ransomware that encrypts (and renames) files, ends all running processes, stops servi