| ID | Votes | Profile Description |
|---|---|---|
| Rorschach | 4 | Rorschach, also known as BabLock, is a malware variant that has been recognized for its speed and sophistication. It is a form of ransomware that encrypts files on infected systems at an unprecedented rate, with Check Point researchers noting it as one of the fastest ransomware variants ever observe |
| RTM Locker | 4 | RTM Locker is a recently emerged ransomware that targets enterprise systems, specifically Linux virtual machines on VMware ESXi servers. This malicious software was developed from the leaked source code of the now-defunct Babuk ransomware, which was made public by an alleged member of the Babuk grou |
| Tortilla | 4 | Tortilla is a variant of the Babuk ransomware, a malicious software that encrypts victims' files and demands a ransom for their release. This malware, like others of its kind, can infiltrate systems through dubious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can di |
| Dark Angels | 2 | Dark Angels, a Russia-based cybercrime syndicate, emerged as a significant threat actor in the cybersecurity landscape since its first appearance in May 2022. Known for stealing substantial amounts of data from major companies across diverse sectors such as healthcare, finance, government, and educa |
| Dunghill Leak | 2 | The Dunghill Leak is a relatively new ransomware and extortion group that emerged from the Dark Angels ransomware, which itself originated from the Babuk ransomware. It first came to light in April 2023 when the Dark Angels launched their victim shaming site called Dunghill Leak. This platform, alth |
| Rapture | 2 | Rapture is a prominent malware that has emerged as a significant threat in the cybersecurity landscape. It appears to have adapted and evolved from the Paradise crypto-locker source code, which leaked in mid-2021. Further enhancements were made using the Babuk source code that was leaked later the s |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Lockbit | Unspecified | 8 | LockBit is a malicious software, or malware, that has been notably active and damaging in the cyber world. Known for its ability to infiltrate systems often without detection, it can steal personal information, disrupt operations, and even hold data hostage for ransom. In the first half of 2024, Loc |
| REvil | Unspecified | 6 | REvil is a type of malware, specifically ransomware, that has been linked to significant cyber attacks. It emerged as part of the Ransomware as a Service (RaaS) model that gained popularity in 2020. This model established relationships between first-stage malware and subsequent ransomware attacks, s |
| Hive | Unspecified | 5 | Hive is a malicious software (malware) that has been used by the cybercriminal group, Hunters International, to launch ransomware attacks since October of last year. The group operates as a ransomware-as-a-service (RaaS) provider, spreading Hive rapidly through collaborations with less sophisticated |
| Conti | Unspecified | 5 | Conti is a notorious malware and ransomware operation that has caused significant damage to computer systems worldwide. The Conti group, believed to have around 200 employees, operated like a regular business, with internal communications revealing the organization's structure and operations. It was |
| RTM | Unspecified | 4 | RTM is a malicious software, first reported as the RTM banking Trojan, that was initially detected by vendors such as Symantec and Microsoft in 2017. This malware operates on Windows 7 RTM (7600) and was later updated to a variant known as Redaman. The leaked source code of RTM has been utilized to |
| Rook | Unspecified | 4 | Rook is a malicious software (malware) linked to several ransomware activities, including LockFile, AtomSilo, Night Sky, and Pandora. These activities are associated with the deployment of HUI Loader, which has been used in loading Cobalt Strike Beacon. A CTU analysis revealed that these five ransom |
| Ragnar Locker | Unspecified | 2 | Ragnar Locker is a type of malware, specifically ransomware, known for its destructive impact on computer systems. It infiltrates systems primarily through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for rans |
| Babuk Tortilla | Unspecified | 2 | Babuk Tortilla is a variant of malware, specifically ransomware, that was first discovered by Cisco Talos researchers in October 2021. This malicious software infiltrates computer systems, often unbeknownst to the user, through suspicious downloads, emails, or websites, and can cause significant har |
| Locker Ransomware | Unspecified | 2 | Locker ransomware, a type of malware, poses significant risks to computer systems and data. Unlike crypto-ransomware which encrypts user data, locker ransomware locks users out of their devices entirely, demanding a ransom payment to restore access without any data encryption. This threat has evolve |
| Ryuk | Unspecified | 2 | Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware inves |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| DarkSide | Unspecified | 4 | DarkSide is a threat actor known for its malicious activities, particularly in the realm of ransomware. This group was notably responsible for the major attack on the U.S. energy sector that targeted Colonial Pipeline Co. on May 7, 2021, using a ransomware-as-a-service operation. The DarkSide ransom |
| Wazawaka | Unspecified | 3 | Wazawaka, identified by the FBI as Mikhail Matveev, is a significant threat actor in the cybercrime landscape. Known for his affiliations with multiple ransomware groups, including LockBit, throughout 2020 and 2021, he became a central figure in the Babuk ransomware-as-a-service gang. Matveev's oper |
| Boriselcin | Unspecified | 3 | Mikhail Pavlovich Matveev, also known as Boriselcin, is a threat actor that has been implicated in significant cybercrime activities. Beginning at least as early as 2020, Matveev has been allegedly involved in deploying three ransomware variants: LockBit, Babuk, and Hive. These attacks targeted vari |
| Mikhail Matveev | Unspecified | 2 | Mikhail Matveev, also known by his online pseudonyms "Wazawaka," "m1x," "Boriselcin," and "Uhodiransomwar," is a prominent figure in the cybercrime underworld with previous affiliations to LockBit ransomware. Identified as a 31-year-old from Abaza, Russia, Matveev was initially exposed by KrebsOnSec |
| Hive Ransomware | Unspecified | 2 | Hive ransomware, a notorious threat actor, emerged as one of the most prolific groups in 2022, executing a series of cyberattacks with malicious intent. This group was responsible for numerous ransomware attacks, causing significant disruptions and damage across various sectors. However, in January |
| Mikhail Pavlovich Matveev | Unspecified | 2 | Mikhail Pavlovich Matveev, a Russian national also known by the online monikers Wazawaka, m1x, Boriselcin, and Uhodiransomwar, is identified as a significant threat actor in the global cybersecurity landscape. He is one of five Russians charged over Lockbit, considered to be the world's most dangero |
| Alphv | Unspecified | 2 | Alphv is a threat actor group known for its malicious activities in the cyber world. They have been particularly active in deploying ransomware attacks, with one of their most significant actions being the theft of 5TB of data from Morrison Community Hospital. This act not only disrupted hospital op |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Proxyshell | Unspecified | 2 | ProxyShell is a series of vulnerabilities affecting Microsoft Exchange email servers. These flaws in software design or implementation have been exploited by threat actors to gain unauthorized access and control over targeted systems. The ProxyShell vulnerability, officially tracked as CVE-2021-3447 |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| Securityaffairs | 3 days ago | Head Mare hacktivist group targets Russia and Belarus | |
| Securelist | 5 days ago | Head Mare hacktivists: attacks on companies in Russia and Belarus | |
| Securityaffairs | a month ago | SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6 | |
| Securityaffairs | a month ago | security-affairs-malware-newsletter-round-5 | |
| DARKReading | a month ago | Fortune 50 Co. Pays Record-Breaking $75M Ransomware Demand | |
| CERT-EU | 8 months ago | Medusa and Akira Rage; Tortilla Disrupted | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | |
| Securelist | a month ago | Ransomware variants available online give rise to new cybercrime groups | |
| Unit42 | 2 months ago | From RA Group to RA World: Evolution of a Ransomware Group | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 3 | |
| Securityaffairs | 2 months ago | Russian nationals plead guilty to participating in the LockBit ransomware group | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 3 | |
| Securityaffairs | 2 months ago | Russian nationals plead guilty to participating in the LockBit ransomware group | |
| DARKReading | 2 months ago | SEXi Ransomware Rebrands as 'APT Inc.,' Keeps Old Methods | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 2 | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 1 | |
| Securityaffairs | 2 months ago | Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| RIA - Information System Authority | 3 months ago | End of the year in Estonian cyberspace: more serious attacks and major service disruptions | |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION |