| ID | Votes | Profile Description |
|---|---|---|
| Blackmatter | 8 | BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention |
| Blackcat Ransomware Group | 7 | The BlackCat ransomware group, also known as Black Cat, is a notorious Ransomware-as-a-Service organization that has been active since November 2021. The group has targeted the computer networks of over 1,000 victims worldwide, launching malicious campaigns to exploit and damage systems. In one nota |
| DarkSide | 7 | DarkSide is a threat actor known for its malicious activities, particularly in the realm of ransomware. This group was notably responsible for the major attack on the U.S. energy sector that targeted Colonial Pipeline Co. on May 7, 2021, using a ransomware-as-a-service operation. The DarkSide ransom |
| NoEscape | 6 | NoEscape is a form of malware, specifically ransomware, known for infiltrating victim networks and collaborating with other ransomware affiliates like Ransomhouse and ALPHV (also known as BlackCat). These groups work together to gain access to victim networks, lock them down, and strategize on how t |
| Sphynx | 5 | Sphynx, a new variant of the BlackCat ransomware, was announced and launched by ALPHV Blackcat administrators in February 2023. This update, named ALPHV BlackCat Ransomware 2.0 Sphynx, was rewritten to provide additional features to affiliates, including improved defense evasion capabilities and add |
| Noberus | 5 | Noberus, also known as ALPHV or BlackCat, is a significant threat actor in the cybersecurity landscape. The group, which primarily operates a ransomware-as-a-service (RaaS) model, was the second most active ransomware group in April 2023, responsible for 14% of total observed victims. Originating fr |
| Trigona | 5 | Trigona was a significant strain of ransomware that emerged in 2022, known for its harmful effects on computer systems. The malware infiltrated systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it could steal personal information, disrupt ope |
| FIN8 | 4 | FIN8, also known as Syssphinx, is a financially motivated cybercrime group that has been active since at least January 2016. This threat actor is notorious for targeting organizations across various sectors including hospitality, retail, entertainment, insurance, technology, chemicals, and finance. |
| Black Cat | 3 | Black Cat, also known as AlphV, is a prominent threat actor known for its malicious activities in the cybersecurity landscape. The group gained significant attention when it launched an attack on Change Healthcare, a subsidiary of Optum and UnitedHealth Group (UHG), in late February. This ransomware |
| BlackCat | 3 | BlackCat, also known as Alphv, is a Russian-based ransomware-as-a-service group that has recently targeted organizations in the healthcare and academic sectors. Lehigh Valley Health Network (LVHN), which operates 13 hospitals and numerous physician practices and clinics in eastern Pennsylvania, repo |
| Blacksuit | 3 | BlackSuit is a highly potent and malicious ransomware that emerged as an evolution of the previously identified Royal ransomware, which was active from September 2022 through June 2023. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued joint alerts indicating t |
| Lockbit Black | 2 | LockBit Black, also known as LockBit 3.0, is a sophisticated malware variant that emerged in early 2022. This malicious software encrypts files and disrupts operations on infected devices, often demanding a ransom for the restoration of data. Developed as an iteration of LockBit 2.0 (LockBit Red) re |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Lockbit | is related to | 18 | LockBit is a malicious software, or malware, that has been notably active and damaging in the cyber world. Known for its ability to infiltrate systems often without detection, it can steal personal information, disrupt operations, and even hold data hostage for ransom. In the first half of 2024, Loc |
| Conti | Is from | 8 | Conti is a notorious malware and ransomware operation that has caused significant damage to computer systems worldwide. The Conti group, believed to have around 200 employees, operated like a regular business, with internal communications revealing the organization's structure and operations. It was |
| Akira | Unspecified | 8 | Akira is a malicious software or malware that has been causing significant damage to various organizations and systems worldwide. The ransomware, known for its persistent and harmful attacks, has successfully infiltrated numerous systems, often without the knowledge of the users, disrupting operatio |
| REvil | is related to | 7 | REvil is a type of malware, specifically ransomware, that has been linked to significant cyber attacks. It emerged as part of the Ransomware as a Service (RaaS) model that gained popularity in 2020. This model established relationships between first-stage malware and subsequent ransomware attacks, s |
| Blackbasta | Unspecified | 7 | BlackBasta is a notorious malware, specifically ransomware, that has been associated with several high-profile cyber-attacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, |
| Black Basta | Unspecified | 5 | Black Basta is a notorious malware group known for its ransomware activities. The group has been active since at least early 2022, during which time it has accumulated an estimated $107 million in Bitcoin ransom payments. It leverages malicious software to infiltrate and exploit computer systems, of |
| AvosLocker | Unspecified | 4 | AvosLocker is a type of malware, specifically ransomware, known for its malicious intent to exploit and damage computer systems. This software often infiltrates systems undetected through suspicious downloads, emails, or websites, subsequently causing disruption in operations, theft of personal info |
| Ragnar Locker | Unspecified | 4 | Ragnar Locker is a type of malware, specifically ransomware, known for its destructive impact on computer systems. It infiltrates systems primarily through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for rans |
| Royal Ransomware | Unspecified | 3 | The Royal Ransomware, a harmful malware program designed to exploit and damage computer systems, operated from September 2022 through June 2023. It employed multi-threaded encryption to disrupt operations and hold data hostage for ransom. The ransomware was primarily disseminated through suspicious |
| Emotet | Unspecified | 3 | Emotet is a highly dangerous and insidious type of malware that has been active, particularly during recent summers. It is distributed primarily through documents attached to emails, using conversations found in compromised accounts. Once an unsuspecting user clicks either the enable button or an im |
| Sardonic | Unspecified | 3 | Sardonic is a sophisticated piece of malware, or malicious software, first identified in 2021. It was designed to exploit and damage computer systems, often infiltrating without the user's knowledge through suspicious downloads, emails, or websites. The malware could disrupt operations, steal person |
| QakBot | Unspecified | 3 | Qakbot is a type of malware that has been linked to various cybercriminal activities, with its presence first observed as early as 2020. It gained notoriety for its role in the operations of the Black Basta ransomware group, which used Qakbot extensively in sophisticated phishing campaigns. The malw |
| Conti, Lockbit | Unspecified | 3 | None |
| Cactus | is related to | 3 | Cactus is a malicious software (malware) that infiltrates systems to exploit and damage them. This malware, often delivered through suspicious downloads, emails, or websites, can steal personal information, disrupt operations, or hold data hostage for ransom. Cactus has been used in several high-pro |
| Ryuk | Unspecified | 3 | Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware inves |
| Babuk | Unspecified | 2 | Babuk is a type of malware, specifically ransomware, that infiltrates systems to encrypt files and hold them for ransom. This malicious software can infect your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operations by enc |
| Egregor | Unspecified | 2 | Egregor is a variant of the Sekhmet ransomware and operates as Ransomware-as-a-Service (RaaS). It emerged in 2020, suspected to be from former Maze affiliates. Known for its double extortion tactics, Egregor publicly shames its victims by leaking sensitive data if the ransom isn't paid. In one notab |
| Nokoyawa | Unspecified | 2 | Nokoyawa is a notorious malware, particularly known for its ransomware capabilities. It has been associated with various other malicious software including Quantum, Royal, BlackBasta, Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2, Vidar, Gozi, Cany |
| Maze | Unspecified | 2 | Maze is a type of malware, specifically ransomware, that gained notoriety in 2019 for its double extortion tactic. This malicious software infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Maze w |
| Brute Ratel | Unspecified | 2 | Brute Ratel is a malicious software (malware) that has been increasingly used by cyber threat actors to exploit and damage computer systems. It is often delivered through suspicious downloads, emails, or websites and can infiltrate systems without the user's knowledge. Once inside, Brute Ratel can s |
| Ghost | Unspecified | 2 | "Ghost" is a potent malware that has been plaguing the digital world. In 2020, the first signs of its impending threat emerged with the planning of a large bilateral CDU/MDANG Ex Cyber Ghost operation. However, it wasn't until Check Point Research (CPR) identified a network of GitHub accounts, dubbe |
| Phobos | Unspecified | 2 | Phobos is a type of malware, specifically ransomware, that infiltrates computer systems with the intent to disrupt operations, steal personal information, or hold data hostage for ransom. The malicious software can infect devices through suspicious downloads, emails, or websites, often without the u |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Alphv Group | Unspecified | 9 | The Alphv group, a recognized threat actor in the cybersecurity landscape, has been involved in numerous malicious activities. Notably, they claimed responsibility for the hacking of Clarion, a global manufacturer of audio and video equipment for cars. This particular incident highlighted their capa |
| Ransomhub | Unspecified | 8 | RansomHub, a threat actor group, has emerged as a significant cyber threat since its inception in February. The group employs a double-extortion strategy, which involves both encrypting IT systems and exfiltrating data to extort victims. RansomHub is known for its unique approach to ransom demands, |
| Scattered Spider | is related to | 7 | Scattered Spider is a threat actor group known for its malicious cyber activities. The group's operations involve searching SharePoint repositories for sensitive information, maintaining persistence on targeted networks, and exfiltrating data for extortion purposes. They primarily gain access to vic |
| Zeon | is related to | 7 | Zeon, a known threat actor in the cybersecurity landscape, has been linked to several high-profile ransomware attacks. It was instrumental in crypting SVCReady and CargoBay loaders, observed in Quantum and Royal ransomware attacks respectively. Zeon has also employed third-party ransomware such as B |
| Alphv Ransomware Group | Unspecified | 6 | The ALPHV ransomware group, also known as BlackCat, is a threat actor that has been responsible for a series of high-profile cyberattacks on various sectors. The group, which is believed to be connected to Russian organized crime, first gained notoriety when it claimed responsibility for the MGM Res |
| Vice Society | Unspecified | 6 | Vice Society, a threat actor group known for its malicious activities, has been linked to a series of ransomware attacks targeting various sectors, most notably education and healthcare. Throughout 2022 and the first half of 2023, Vice Society, along with Royal Ransomware, were actively executing mu |
| Medusa | Unspecified | 5 | Medusa, a malicious threat actor known for its ransomware attacks, has been increasingly active and dangerous. This group was responsible for a significant rise in data leaks and multi-extortion activities throughout 2023. Medusa, along with other ransomware groups like LockBit and ALPHV (BlackCat), |
| FIN7 | Unspecified | 4 | FIN7, a prominent threat actor in the cybercrime landscape, has been noted for its malicious activities and innovative tactics. Known for their relentless attacks on large corporations, FIN7 recently targeted a significant U.S. carmaker with phishing attacks, demonstrating their continued evolution |
| Octo Tempest | Unspecified | 4 | Octo Tempest, a known threat actor in the cybersecurity landscape, has recently added RansomHub and Qilin ransomware to its arsenal of cyber weapons. This expansion of their capabilities marks a significant escalation in their potential for harm and demonstrates a clear evolution towards more sophis |
| UNC3944 | Unspecified | 4 | UNC3944, also known as Scattered Spider and 0ktapus, is a financially motivated threat actor group that has been increasingly active in recent years. The group initially targeted telecommunication firms and tech companies but has now expanded its operations to include the hospitality, retail, media, |
| Bianlian | Unspecified | 3 | BianLian is a significant threat actor within the cybersecurity landscape, known for its malicious activities and cyber-attacks. The group has been particularly active in exploiting bugs in JetBrains TeamCity, a popular continuous integration and deployment system used by software development teams. |
| Hive Ransomware | Unspecified | 3 | Hive ransomware, a notorious threat actor, emerged as one of the most prolific groups in 2022, executing a series of cyberattacks with malicious intent. This group was responsible for numerous ransomware attacks, causing significant disruptions and damage across various sectors. However, in January |
| 8base | Unspecified | 2 | 8base, a significant threat actor in the cybersecurity landscape, has been active between April 2022 and May 2023. This group, while not new, has recently increased its visibility with the activation of a public leak site used to pressure victims into paying ransoms. In the last month alone, 8base o |
| Qilin | Unspecified | 2 | The Qilin ransomware group, a malicious threat actor in the cybersecurity landscape, has been active since at least 2022 and gained significant attention in June 2024 for attacking Synnovis, a UK governmental service provider for healthcare. The group was later associated with Octo Tempest, which ad |
| Muddled Libra | Unspecified | 2 | Muddled Libra is a notable threat actor known for its sophisticated use of cloud services, particularly Amazon Web Services (AWS) and Microsoft Azure, to execute cyberattacks. The group leverages legitimate cloud service provider (CSP) features to efficiently exfiltrate data. In AWS, Muddled Libra t |
| Rhysida | Unspecified | 2 | Rhysida, a threat actor active since May 2023, is responsible for a series of ransomware attacks, with a significant focus on the healthcare sector. It accounts for 8% of total cyberattacks, with 38% of its attacks targeting healthcare institutions. The group's modus operandi includes transferring R |
| Fox Kitten | Unspecified | 2 | Fox Kitten, an Iranian-based cyber espionage group active since 2017, has been identified as a significant threat actor in the cybersecurity landscape. The group primarily gains initial access through VPN devices from Citrix, Fortinet, Palo Alto Networks, and Pulse Secure. Despite being backed by Ir |
| LockBitSupp | Unspecified | 2 | LockBitSupp, also known as Dmitry Yuryevich Khoroshev, is a threat actor who has been identified as the creator and operator of one of the most prolific ransomware variants known as LockBit. Based in Voronezh, Russia, Khoroshev allegedly began developing LockBit as early as September 2019 and contin |
| Darkbit | Unspecified | 2 | DarkBit is a notable threat actor in the cybersecurity landscape, believed to be sponsored by the Iranian government. The group first gained significant attention following a ransomware and extortion attack on Technion, a leading research university in Israel, in February 2023. During this attack, a |
| Sodinokibi | Unspecified | 2 | Sodinokibi, also known as REvil, is a significant threat actor first identified in April 2019. This ransomware family operates as a Ransomware-as-a-Service (RaaS) and has been responsible for one in three ransomware incidents responded to by IBM Security X-Force in 2020. The Sodinokibi ransomware st |
| Shadowsyndicate | Unspecified | 2 | ShadowSyndicate, a threat actor that emerged in 2019, has been implicated in multiple ransomware operations according to cybersecurity firm Group-IB. The group is known for its affiliations with various ransomware groups and programs, and has been involved in several ransomware projects such as JSWO |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Citrix Bleed | Targets | 4 | Citrix Bleed, officially tracked as CVE-2023-4966, is a severe vulnerability in the design and implementation of Citrix Netscaler Gateway and Netscaler ADC products. This flaw, which has a CVSS score of 9.4, allows for sensitive information disclosure, providing deep system-level access that facilit |
| Unc3944 Scattered Spider | Unspecified | 2 | None |
| CVE-2023-4966 | Unspecified | 2 | CVE-2023-4966, also known as "Citrix Bleed," is a critical zero-day vulnerability affecting Citrix Netscaler Gateway and Netscaler ADC products. This sensitive information disclosure vulnerability enables threat actors to bypass multifactor authentication using stolen session tokens, making it parti |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| BankInfoSecurity | 2 days ago | RansomHub Claims Theft of Montana Planned Parenthood Data | |
| BankInfoSecurity | 4 days ago | Halliburton Says Hackers Stole Data | |
| DARKReading | 4 days ago | BlackCat Spin-off 'Cicada3301' Uses Stolen Creds on the Fly, Skirts EDR | |
| InfoSecurity-magazine | 4 days ago | Active Ransomware Groups Surge by 56% in 2024 | |
| InfoSecurity-magazine | 6 days ago | Cicada3301 Ransomware Group Emerges From the Ashes of ALPHV | |
| Securityaffairs | 6 days ago | A new variant of Cicada ransomware targets VMware ESXi systems | |
| BankInfoSecurity | 8 days ago | RansomHub Hits Powered by Ex-Affiliates of LockBit, BlackCat | |
| CISA | 8 days ago | CISA and Partners Release Advisory on RansomHub Ransomware | CISA | |
| DARKReading | 9 days ago | Iran's 'Fox Kitten' Group Aids Ransomware Attacks on US Targets | |
| DARKReading | 9 days ago | Cyber Insurance: A Few Security Technologies, a Big Difference in Premiums | |
| CISA | 9 days ago | #StopRansomware: RansomHub Ransomware | CISA | |
| BankInfoSecurity | 9 days ago | Florida Department of Health Informs RansomHub Hack Victims | |
| InfoSecurity-magazine | 10 days ago | Iranian Hackers Secretly Aid Ransomware Attacks on US | |
| CISA | 10 days ago | Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations | CISA | |
| BankInfoSecurity | 11 days ago | McLaren Health: IT Operations Fully Back Online Post-Attack | |
| BankInfoSecurity | 17 days ago | Ransomware Again on Track to Achieve Record-Breaking Profits | |
| InfoSecurity-magazine | 17 days ago | Healthcare Hit by a Fifth of Ransomware Incidents | |
| BankInfoSecurity | 18 days ago | McLaren Health Expects IT Disruption to Last Through August | |
| Securityaffairs | 18 days ago | Ransomware payments rose from $449.1 million to $459.8 million | |
| InfoSecurity-magazine | 18 days ago | Jewish Home Lifecare Notifies 100,000 Victims of Ransomware Breach |