ID | Votes | Profile Description |
---|---|---|
Blackmatter | 8 | BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention |
DarkSide | 7 | DarkSide is a threat actor known for its malicious activities, particularly in the realm of ransomware. This group was notably responsible for the major attack on the U.S. energy sector that targeted Colonial Pipeline Co. on May 7, 2021, using a ransomware-as-a-service operation. The DarkSide ransom |
Blackcat Ransomware Group | 7 | The BlackCat ransomware group, also known as Black Cat, is a notorious Ransomware-as-a-Service organization that has been active since November 2021. The group has targeted the computer networks of over 1,000 victims worldwide, launching malicious campaigns to exploit and damage systems. In one nota |
NoEscape | 6 | NoEscape is a form of malware, specifically ransomware, known for infiltrating victim networks and collaborating with other ransomware affiliates like Ransomhouse and ALPHV (also known as BlackCat). These groups work together to gain access to victim networks, lock them down, and strategize on how t |
Sphynx | 5 | Sphynx, a new variant of the BlackCat ransomware, was announced and launched by ALPHV Blackcat administrators in February 2023. This update, named ALPHV BlackCat Ransomware 2.0 Sphynx, was rewritten to provide additional features to affiliates, including improved defense evasion capabilities and add |
Noberus | 5 | Noberus, also known as ALPHV or BlackCat, is a significant threat actor in the cybersecurity landscape. The group, which primarily operates a ransomware-as-a-service (RaaS) model, was the second most active ransomware group in April 2023, responsible for 14% of total observed victims. Originating fr |
Trigona | 5 | Trigona was a significant strain of ransomware that emerged in 2022, known for its harmful effects on computer systems. The malware infiltrated systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it could steal personal information, disrupt ope |
FIN8 | 4 | FIN8, also known as Syssphinx, is a financially motivated cybercrime group that has been active since at least January 2016. This threat actor is notorious for targeting organizations across various sectors including hospitality, retail, entertainment, insurance, technology, chemicals, and finance. |
Black Cat | 3 | Black Cat, also known as AlphV, is a prominent threat actor known for its malicious activities in the cybersecurity landscape. The group gained significant attention when it launched an attack on Change Healthcare, a subsidiary of Optum and UnitedHealth Group (UHG), in late February. This ransomware |
BlackCat | 3 | BlackCat, also known as Alphv, is a Russian-based ransomware-as-a-service group that has recently targeted organizations in the healthcare and academic sectors. Lehigh Valley Health Network (LVHN), which operates 13 hospitals and numerous physician practices and clinics in eastern Pennsylvania, repo |
Blacksuit | 3 | BlackSuit is a highly potent and malicious ransomware that emerged as an evolution of the previously identified Royal ransomware, which was active from September 2022 through June 2023. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued joint alerts indicating t |
Lockbit Black | 2 | LockBit Black, also known as LockBit 3.0, is a malicious software that emerged in early 2022 following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. The malware has been developed to exploit and damage computer systems by encrypting files, often leading to ransom demands |
ID | Type | Votes | Profile Description |
---|---|---|---|
Lockbit | is related to | 18 | LockBit is a prominent malware that has been causing havoc in the cyber world. It is a ransomware, a type of malicious software designed to exploit and damage systems, often infiltrating through suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt operat |
Akira | Unspecified | 8 | Akira is a malicious software known for its persistent and damaging attacks on various systems. This ransomware has been active since at least 2023, as reported by Sophos, and it operates by infiltrating systems often through suspicious downloads, emails, or websites, encrypting data, and demanding |
Conti | Is from | 8 | Conti is a notorious malware and ransomware operation that has caused significant damage to computer systems worldwide. The Conti group, believed to have around 200 employees, operated like a regular business, with internal communications revealing the organization's structure and operations. It was |
REvil | is related to | 7 | REvil is a type of malware, specifically ransomware, that has been linked to significant cyber attacks. It emerged as part of the Ransomware as a Service (RaaS) model that gained popularity in 2020. This model established relationships between first-stage malware and subsequent ransomware attacks, s |
Blackbasta | Unspecified | 7 | BlackBasta is a notorious malware entity known for its malicious software attacks, often in the form of ransomware. The group has been linked to various forms of malware, including IcedID, NetSupport, Gozi, PikaBot, Pushdo, Quantum, Royal, and Nokoyawa. BlackBasta's operations have been significant |
Black Basta | Unspecified | 5 | Black Basta is a notorious malware group known for its ransomware activities. The group has been active since at least early 2022, during which time it has accumulated an estimated $107 million in Bitcoin ransom payments. It leverages malicious software to infiltrate and exploit computer systems, of |
Ragnar Locker | Unspecified | 4 | Ragnar Locker is a type of malware, specifically ransomware, known for its destructive impact on computer systems. It infiltrates systems primarily through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for rans |
AvosLocker | Unspecified | 4 | AvosLocker is a type of malware, specifically ransomware, known for its malicious intent to exploit and damage computer systems. This software often infiltrates systems undetected through suspicious downloads, emails, or websites, subsequently causing disruption in operations, theft of personal info |
Sardonic | Unspecified | 3 | Sardonic is a sophisticated piece of malware, or malicious software, first identified in 2021. It was designed to exploit and damage computer systems, often infiltrating without the user's knowledge through suspicious downloads, emails, or websites. The malware could disrupt operations, steal person |
Royal Ransomware | Unspecified | 3 | The Royal Ransomware, a harmful malware program designed to exploit and damage computer systems, operated from September 2022 through June 2023. It employed multi-threaded encryption to disrupt operations and hold data hostage for ransom. The ransomware was primarily disseminated through suspicious |
QakBot | Unspecified | 3 | Qakbot is a type of malware that has been linked to various cybercriminal activities, with its presence first observed as early as 2020. It gained notoriety for its role in the operations of the Black Basta ransomware group, which used Qakbot extensively in sophisticated phishing campaigns. The malw |
Nokoyawa | Unspecified | 3 | Nokoyawa is a prominent malware, specifically ransomware, that has been linked to numerous cybercrime activities since it first emerged in 2022. It has been associated with various other malware families including Quantum, Royal, BlackBasta, and a variety of others such as Emotet, IcedID, CobaltStri |
Ryuk | Unspecified | 3 | Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware inves |
Conti, Lockbit | Unspecified | 3 | None |
Emotet | Unspecified | 3 | Emotet is a highly dangerous and insidious type of malware that has been active, particularly during recent summers. It is distributed primarily through documents attached to emails, using conversations found in compromised accounts. Once an unsuspecting user clicks either the enable button or an im |
Cactus | is related to | 3 | Cactus is a malicious software (malware) that infiltrates systems to exploit and damage them. This malware, often delivered through suspicious downloads, emails, or websites, can steal personal information, disrupt operations, or hold data hostage for ransom. Cactus has been used in several high-pro |
Babuk | Unspecified | 2 | Babuk is a type of malware, specifically ransomware, that infiltrates systems to encrypt files and hold them for ransom. This malicious software can infect your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operations by enc |
Brute Ratel | Unspecified | 2 | Brute Ratel is a malicious software (malware) that has been increasingly used by cyber threat actors to exploit and damage computer systems. It is often delivered through suspicious downloads, emails, or websites and can infiltrate systems without the user's knowledge. Once inside, Brute Ratel can s |
Ghost | Unspecified | 2 | "Ghost" is a potent malware that has been plaguing the digital world. In 2020, the first signs of its impending threat emerged with the planning of a large bilateral CDU/MDANG Ex Cyber Ghost operation. However, it wasn't until Check Point Research (CPR) identified a network of GitHub accounts, dubbe |
Phobos | Unspecified | 2 | Phobos is a type of malware, specifically ransomware, that infiltrates computer systems with the intent to disrupt operations, steal personal information, or hold data hostage for ransom. The malicious software can infect devices through suspicious downloads, emails, or websites, often without the u |
Egregor | Unspecified | 2 | Egregor is a variant of the Sekhmet ransomware and operates as Ransomware-as-a-Service (RaaS). It emerged in 2020, suspected to be from former Maze affiliates. Known for its double extortion tactics, Egregor publicly shames its victims by leaking sensitive data if the ransom isn't paid. In one notab |
Maze | Unspecified | 2 | Maze is a type of malware, specifically ransomware, that gained notoriety in 2019 for its double extortion tactic. This malicious software infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Maze w |
ID | Type | Votes | Profile Description |
---|---|---|---|
Alphv Group | Unspecified | 9 | The Alphv group, a recognized threat actor in the cybersecurity landscape, has been involved in numerous malicious activities. Notably, they claimed responsibility for the hacking of Clarion, a global manufacturer of audio and video equipment for cars. This particular incident highlighted their capa |
Ransomhub | Unspecified | 9 | RansomHub, a threat actor group, has emerged as a significant cyber threat since its inception in February. The group employs a double-extortion strategy, which involves both encrypting IT systems and exfiltrating data to extort victims. RansomHub is known for its unique approach to ransom demands, |
Zeon | is related to | 7 | Zeon, a known threat actor in the cybersecurity landscape, has been linked to several high-profile ransomware attacks. It was instrumental in crypting SVCReady and CargoBay loaders, observed in Quantum and Royal ransomware attacks respectively. Zeon has also employed third-party ransomware such as B |
Alphv Ransomware Group | Unspecified | 7 | The ALPHV ransomware group, also known as BlackCat, is a significant cybersecurity threat that has been involved in several high-profile attacks. This threat actor, believed to be linked to Russian organized crime, has claimed responsibility for various cyberattacks, including the MGM Resorts breach |
Scattered Spider | is related to | 7 | Scattered Spider is a threat actor group known for its malicious cyber activities. The group's operations involve searching SharePoint repositories for sensitive information, maintaining persistence on targeted networks, and exfiltrating data for extortion purposes. They primarily gain access to vic |
Vice Society | Unspecified | 6 | Vice Society, a threat actor group known for its malicious activities, has been linked to a series of ransomware attacks targeting various sectors, most notably education and healthcare. Throughout 2022 and the first half of 2023, Vice Society, along with Royal Ransomware, were actively executing mu |
Medusa | Unspecified | 5 | Medusa, a malicious threat actor known for its ransomware attacks, has been increasingly active and dangerous. This group was responsible for a significant rise in data leaks and multi-extortion activities throughout 2023. Medusa, along with other ransomware groups like LockBit and ALPHV (BlackCat), |
FIN7 | Unspecified | 4 | FIN7, also known as Carbanak, is a Russian cybercrime group that has been active since mid-2015. The group primarily targets the restaurant, gambling, and hospitality industries in the U.S. to extract financial information for use in attacks or sale on cybercrime marketplaces. Recently, FIN7 has exp |
UNC3944 | Unspecified | 4 | UNC3944, also known as Scattered Spider and 0ktapus, is a financially motivated threat actor group that has been increasingly active in recent years. The group initially targeted telecommunication firms and tech companies but has now expanded its operations to include the hospitality, retail, media, |
Octo Tempest | Unspecified | 4 | Octo Tempest, a known threat actor in the cybersecurity landscape, has recently added RansomHub and Qilin ransomware to its arsenal of cyber weapons. This expansion of their capabilities marks a significant escalation in their potential for harm and demonstrates a clear evolution towards more sophis |
Bianlian | Unspecified | 3 | BianLian is a significant threat actor within the cybersecurity landscape, known for its malicious activities and cyber-attacks. The group has been particularly active in exploiting bugs in JetBrains TeamCity, a popular continuous integration and deployment system used by software development teams. |
Hive Ransomware | Unspecified | 3 | Hive ransomware, a notorious threat actor, emerged as one of the most prolific groups in 2022, executing a series of cyberattacks with malicious intent. This group was responsible for numerous ransomware attacks, causing significant disruptions and damage across various sectors. However, in January |
Rhysida | Unspecified | 2 | Rhysida, a threat actor active since May 2023, is responsible for a series of ransomware attacks, with a significant focus on the healthcare sector. It accounts for 8% of total cyberattacks, with 38% of its attacks targeting healthcare institutions. The group's modus operandi includes transferring R |
Fox Kitten | Unspecified | 2 | Fox Kitten, an Iranian-based cyber espionage group active since 2017, has been identified as a significant threat actor in the cybersecurity landscape. The group primarily gains initial access through VPN devices from Citrix, Fortinet, Palo Alto Networks, and Pulse Secure. Despite being backed by Ir |
Cicada3301 | Unspecified | 2 | Cicada3301 is a threat actor known for its malicious activities, most notably the distribution of Cicada3301 ransomware. This ransomware is being propagated by Repellent Scorpius, a newly emerged threat group that operates as a Ransomware-as-a-Service (RaaS) entity. The group's connection to a histo |
LockBitSupp | Unspecified | 2 | LockBitSupp, also known as Dmitry Yuryevich Khoroshev, is a threat actor who has been identified as the creator and operator of one of the most prolific ransomware variants known as LockBit. Based in Voronezh, Russia, Khoroshev allegedly began developing LockBit as early as September 2019 and contin |
Darkbit | Unspecified | 2 | DarkBit is a notable threat actor in the cybersecurity landscape, believed to be sponsored by the Iranian government. The group first gained significant attention following a ransomware and extortion attack on Technion, a leading research university in Israel, in February 2023. During this attack, a |
Qilin | Unspecified | 2 | The Qilin ransomware group, a malicious threat actor in the cybersecurity landscape, has been active since at least 2022 and gained significant attention in June 2024 for attacking Synnovis, a UK governmental service provider for healthcare. The group was later associated with Octo Tempest, which ad |
Sodinokibi | Unspecified | 2 | Sodinokibi, also known as REvil, is a significant threat actor first identified in April 2019. This ransomware family operates as a Ransomware-as-a-Service (RaaS) and has been responsible for one in three ransomware incidents responded to by IBM Security X-Force in 2020. The Sodinokibi ransomware st |
8base | Unspecified | 2 | 8base, a significant threat actor in the cybersecurity landscape, has been active between April 2022 and May 2023. This group, while not new, has recently increased its visibility with the activation of a public leak site used to pressure victims into paying ransoms. In the last month alone, 8base o |
Muddled Libra | Unspecified | 2 | Muddled Libra is a notable threat actor known for its sophisticated use of cloud services, particularly Amazon Web Services (AWS) and Microsoft Azure, to execute cyberattacks. The group leverages legitimate cloud service provider (CSP) features to efficiently exfiltrate data. In AWS, Muddled Libra t |
Shadowsyndicate | Unspecified | 2 | ShadowSyndicate, a threat actor that emerged in 2019, has been implicated in multiple ransomware operations according to cybersecurity firm Group-IB. The group is known for its affiliations with various ransomware groups and programs, and has been involved in several ransomware projects such as JSWO |
ID | Type | Votes | Profile Description |
---|---|---|---|
Citrix Bleed | Targets | 4 | Citrix Bleed, officially tracked as CVE-2023-4966, is a severe vulnerability in the design and implementation of Citrix Netscaler Gateway and Netscaler ADC products. This flaw, which has a CVSS score of 9.4, allows for sensitive information disclosure, providing deep system-level access that facilit |
CVE-2023-4966 | Unspecified | 2 | CVE-2023-4966, also known as "Citrix Bleed," is a critical zero-day vulnerability affecting Citrix Netscaler Gateway and Netscaler ADC products. This sensitive information disclosure vulnerability enables threat actors to bypass multifactor authentication using stolen session tokens, making it parti |
Unc3944 Scattered Spider | Unspecified | 2 | None |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
ESET | a day ago | CosmicBeetle steps up: Probation period at RansomHub | |
DARKReading | a day ago | How Law Enforcement's Ransomware Strategies Are Evolving | |
Unit42 | 2 days ago | Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware | |
Contagio | 5 days ago | 2024-08-30 Cicada ESXi Ransomware Sample | |
BankInfoSecurity | 7 days ago | RansomHub Claims Theft of Montana Planned Parenthood Data | |
BankInfoSecurity | 9 days ago | Halliburton Says Hackers Stole Data | |
DARKReading | 9 days ago | BlackCat Spin-off 'Cicada3301' Uses Stolen Creds on the Fly, Skirts EDR | |
InfoSecurity-magazine | 9 days ago | Active Ransomware Groups Surge by 56% in 2024 | |
InfoSecurity-magazine | 10 days ago | Cicada3301 Ransomware Group Emerges From the Ashes of ALPHV | |
Securityaffairs | 10 days ago | A new variant of Cicada ransomware targets VMware ESXi systems | |
BankInfoSecurity | 13 days ago | RansomHub Hits Powered by Ex-Affiliates of LockBit, BlackCat | |
CISA | 13 days ago | CISA and Partners Release Advisory on RansomHub Ransomware | CISA | |
DARKReading | 14 days ago | Iran's 'Fox Kitten' Group Aids Ransomware Attacks on US Targets | |
DARKReading | 14 days ago | Cyber Insurance: A Few Security Technologies, a Big Difference in Premiums | |
CISA | 14 days ago | #StopRansomware: RansomHub Ransomware | CISA | |
BankInfoSecurity | 14 days ago | Florida Department of Health Informs RansomHub Hack Victims | |
InfoSecurity-magazine | 14 days ago | Iranian Hackers Secretly Aid Ransomware Attacks on US | |
CISA | 15 days ago | Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations | CISA | |
BankInfoSecurity | 16 days ago | McLaren Health: IT Operations Fully Back Online Post-Attack | |
BankInfoSecurity | 22 days ago | Ransomware Again on Track to Achieve Record-Breaking Profits |