| ID | Votes | Profile Description |
|---|---|---|
| Blackmatter | 9 | BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention |
| Alphv | 7 | AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car |
| WannaCry | 1 | WannaCry is a type of malware, specifically ransomware, that caused significant global disruption in 2017. It exploited Windows SMBv1 Remote Code Execution Vulnerabilities (CVE-2017-0144, CVE-2017-0145, CVE-2017-0143), which allowed it to spread rapidly and infect over 200,000 machines across more t |
| NotPetya | 1 | NotPetya is a notorious malware that was unleashed in 2017, primarily targeting Ukraine but eventually impacting systems worldwide. This malicious software, which initially appeared to be ransomware, was later revealed to be data destructive malware, causing widespread disruption rather than seeking |
| petya | 1 | Petya is a type of malware, specifically ransomware, that infected Windows-based systems primarily through phishing emails. It was notorious for its ability to disrupt operations and hold data hostage for ransom. Petya, along with other types of ransomware like WannaCry, NotPetya, TeslaCrypt, and Da |
| Teslacrypt | 1 | TeslaCrypt is a notable threat actor that emerged with a focus on targeting computer gamers. This malicious entity was responsible for executing ransomware attacks, encrypting victims' files and demanding payment for their release. The group gained notoriety with several versions of their ransomware |
| Alcatraz Locker | 1 | None |
| Apocalypse | 1 | Apocalypse is a threat actor known for its malicious intent in the cybersecurity world. It's associated with a variety of ransomware, including a variant named Al-Namrood. The Apocalypse ransomware and its variants have been a significant concern due to their capacity to encrypt files, making them i |
| Badblock | 1 | BadBlock is a recognized threat actor in the cybersecurity industry, known for its involvement in malicious activities. These activities typically involve the execution of ransomware attacks that encrypt user files and demand a ransom for their decryption. This group has been linked to major ransomw |
| Btcware | 1 | None |
| Encryptile | 1 | None |
| Hades | 1 | Hades is a notable threat actor, known for its distinctive tactics and infrastructure in executing cyber attacks. The cybersecurity industry first observed Hades' operations in June 2021, with its activities marked by the use of advanced tools such as Advanced Port Scanner, MegaSync, Rclone, and Mal |
| Gold Waterfall | 1 | GOLD WATERFALL is a notable threat actor in the cybersecurity landscape, known for its operation of the Darkside ransomware. This group was previously affiliated with REvil before developing and deploying its own ransomware, Darkside. Within less than a year of operation, GOLD WATERFALL reportedly a |
| fin11 | 1 | FIN11, a threat actor group also known as Lace Tempest or TA505, has been linked to the development and deployment of Cl0p ransomware. This malicious software is believed to be a variant of another ransomware, CryptoMix, and is typically used by FIN11 to encrypt files on a victim's network after ste |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| REvil | is related to | 9 | REvil is a notorious form of malware, specifically ransomware, that infiltrates systems to disrupt operations and steal data. The ransomware operates on a Ransomware as a Service (RaaS) model, which gained traction in 2020. In this model, REvil, like other first-stage malware such as Dridex and Goot |
| Lockbit | Unspecified | 6 | LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt |
| Avaddon | Unspecified | 5 | Avaddon is a type of malware, specifically ransomware, designed to exploit and damage computer systems. It was notable for its compatibility with older systems such as Windows XP and Windows 2003, distinguishing it from other ransomware like Darkside and Babuk which targeted more modern systems like |
| Maze | Unspecified | 5 | Maze is a type of malware, specifically ransomware, that gained notoriety in 2019 for its double extortion tactic. This malicious software infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Maze w |
| Babuk | Unspecified | 4 | Babuk is a type of malware, specifically ransomware, which is designed to infiltrate systems and hold data hostage for ransom. It can be delivered through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, Babuk can disrupt operations and steal perso |
| Conti | Unspecified | 4 | Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in |
| Hive | Unspecified | 3 | Hive is a malicious software, or malware, that infiltrates systems to exploit and damage them. This malware has been associated with Volt Typhoon, who exfiltrated NTDS.dit and SYSTEM registry hive to crack passwords offline. The Hive operation was primarily involved in port scanning, credential thef |
| Ragnar Locker | Unspecified | 3 | Ragnar Locker is a type of malware, specifically a ransomware, that has been designed to infiltrate computer systems, often without the user's knowledge. It can enter systems through suspicious downloads, emails, or websites and once inside, it has the capability to steal personal information, disru |
| Clop | Unspecified | 3 | Clop is a notorious malware, short for malicious software, known for its disruptive and damaging effects on computer systems. It primarily infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Clop can steal personal information, disrupt o |
| Ryuk | Unspecified | 3 | Ryuk is a sophisticated malware, specifically a ransomware variant, that has been extensively used by cybercriminal group ITG23. The group has been employing crypting techniques for several years to obfuscate their malware, with Ryuk often seen in tandem with other malicious software such as Trickbo |
| Bablock | Unspecified | 2 | BabLock, also known as Rorschach, is a type of malware that operates as ransomware. First identified by Check Point Research in April 2023, this harmful software infiltrates computer systems and devices, often without the user's knowledge, with the aim to exploit, damage, and potentially hold data h |
| Revil/sodinokibi | Unspecified | 2 | REvil/Sodinokibi is a type of malware, specifically ransomware, first identified on September 24, 2019. This malicious software is designed to infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, it can steal personal information, |
| Maze Ransomware | Unspecified | 2 | Maze ransomware is a type of malware that emerged in 2019, employing a double extortion tactic to wreak havoc on its victims. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for |
| Trigona | Unspecified | 2 | Trigona, a malware identified in 2022, emerged as a significant ransomware threat. This malicious software, designed to exploit and damage computer systems, infected devices through suspicious downloads, emails, or websites. The malware was particularly notorious for targeting Microsoft SQL servers, |
| Lockbit Black | Unspecified | 2 | LockBit Black, also known as LockBit 3.0, is a malware that emerged in early 2022, following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. This malicious software, designed to exploit and damage computer systems, encrypts files and often holds them hostage for ransom. The |
| Cheerscrypt | Unspecified | 2 | Cheerscrypt is a malicious software (malware) that was discovered in May 2022, specifically designed to target ESXi servers, which are extensively used by enterprises for server virtualization. This discovery was made following the reporting of DarkSide ransomware variants in May 2021. Cheerscrypt, |
| Rorschach | Unspecified | 1 | Rorschach, also known as BabLock, is a malware variant that has been recognized for its speed and sophistication. It is a form of ransomware that encrypts files on infected systems at an unprecedented rate, with Check Point researchers noting it as one of the fastest ransomware variants ever observe |
| FIVEHANDS | Unspecified | 1 | FiveHands, also known as HelloKitty, is a sophisticated form of malware that primarily targets financial institutions. It was first reported by Mandiant in April 2021 as part of a cyber threat posed by the UNC2447 group. The ransomware is typically delivered through Encryptor.exe, a loader that init |
| NoEscape | Unspecified | 1 | NoEscape is a malicious software that emerged as a rebrand of 'Avaddon,' known for its successful multi-extortion tactics. In October 2023, the French basketball team ASVEL fell victim to a data breach orchestrated by the NoEscape ransomware gang. This incident was part of a broader trend in the las |
| Nokoyawa | Unspecified | 1 | Nokoyawa is a notorious malware, particularly known for its ransomware capabilities. It has been associated with various other malicious software including Quantum, Royal, BlackBasta, Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2, Vidar, Gozi, Cany |
| SMOKEDHAM | Unspecified | 1 | Smokedham is a .NET-based malware, characterized as a backdoor that supports commands such as screen capture, keystroke capture, and execution of arbitrary .NET commands. The malware's source code is embedded as an encrypted string within a dropper, which is utilized to infiltrate systems. This drop |
| Systembc | Unspecified | 1 | SystemBC is a malicious software (malware) that has been used in various cyber attacks to exploit and damage computer systems. This malware was observed in 2023, being heavily used with BlackBasta and Quicksand. It has been deployed by teams using BlackBasta during their attacks. Play ransomware act |
| Snatch | Unspecified | 1 | Snatch is a type of malware, specifically ransomware, designed to infiltrate systems undetected, often through suspicious downloads, emails, or websites. Once inside the system, it can wreak havoc by stealing personal information, disrupting operations, or holding data hostage for ransom. The Snatch |
| Conti, Lockbit | Unspecified | 1 | None |
| Hades Ransomware | Unspecified | 1 | Hades ransomware is a variant of the WastedLocker malware, which is designed to exploit and damage computers or devices. It was observed by CTU researchers being used in conjunction with Advanced Port Scanner, MegaSync, and Malleable C2 tools in various cyberattack incidents. These tools have been l |
| Emotet | Unspecified | 1 | Emotet is a highly dangerous and insidious malware that has resurfaced with increased activity this summer. Originally distributed via email attachments, it infiltrates systems often without the user's knowledge, forming botnets under the control of criminals for large-scale attacks. Once infected, |
| Royal Ransomware | Unspecified | 1 | Royal Ransomware is a type of malware that has been causing significant disruptions in various sectors, particularly in the United States. Originating from the now-defunct Conti ransomware operation, Royal Ransomware was notorious for its multi-threaded encryption and ability to kill processes withi |
| Black Basta | Unspecified | 1 | Black Basta is a notorious malware entity known for its devastating ransomware attacks. First emerging in June 2022, the group has since been associated with a series of high-profile cyber-attacks worldwide. This malware, like others, infiltrates systems through suspicious downloads, emails, or webs |
| Netwalker | Unspecified | 1 | NetWalker is a highly profitable ransomware kit, known for its ability to disable antivirus software on Windows 10 systems and encrypt files, adding a random extension to the encrypted ones. Once executed, it disrupts operations and can even hold data hostage for ransom. It has been observed that Ne |
| HELLOKITTY | Unspecified | 1 | HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| FIN7 | Unspecified | 4 | FIN7, a notorious threat actor group known for its malicious activities, has recently been identified as targeting a large U.S. carmaker with phishing attacks. This group, which has previously operated behind fake cybersecurity companies such as Combi Security and Bastion Secure to recruit security |
| Sodinokibi | Unspecified | 3 | Sodinokibi, also known as REvil, is a significant threat actor first identified in April 2019. This ransomware family operates as a Ransomware-as-a-Service (RaaS) and has been responsible for one in three ransomware incidents responded to by IBM Security X-Force in 2020. The Sodinokibi ransomware st |
| Sangria Tempest | Unspecified | 2 | Sangria Tempest, also known as FIN7, Carbon Spider, and ELBRUS, is a threat actor that has been active since 2014. This Russian advanced persistent threat (APT) group is known for its malicious activities, including spear-phishing campaigns, malware distribution, and theft of payment card data. In m |
| LockBitSupp | Unspecified | 2 | LockBitSupp, also known as LockBit and putinkrab, is a notorious threat actor responsible for creating and operating one of the most prolific ransomware variants. The individual behind this persona, Dmitry Yuryevich Khoroshev, has been actively involved in ransomware attacks against organizations fo |
| Sodin | Unspecified | 1 | Sodin, also known as Sodinokibi or REvil, is a sophisticated threat actor that emerged in the first half of 2019. This entity quickly drew attention due to its unique methods of distribution and attack. It exploited an Oracle Weblogic vulnerability to distribute itself and targeted Managed Service P |
| Frankenstein | Unspecified | 1 | Frankenstein, also known as TA402, Molerats, and Gaza Cybergang, is a threat actor identified by Proofpoint researchers. Active for over a decade, this Middle Eastern advanced persistent threat (APT) group has historically operated in the interests of the Palestinian Territories. In mid-2023, Franke |
| TA505 | Unspecified | 1 | TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec |
| Aquatic Panda | Unspecified | 1 | Aquatic Panda, also known as Budworm, Charcoal Typhoon, ControlX, RedHotel, and Bronze University, is a significant threat actor suspected of state-backed cyber espionage activities. This group has been particularly active in the recent quarter, ranking amongst the top geopolitical groups targeting |
| Hunters International | Unspecified | 1 | Hunters International, a threat actor group in the cybersecurity realm, has recently gained notoriety for its malicious activities. The group is believed to have taken over Hive Ransomware, a notorious malware used for cyberattacks, after Hive's takedown in 2023. Despite disputes from Hunters Intern |
| Vice Society | Unspecified | 1 | Vice Society, a threat actor group known for its malicious activities, has been linked to a series of ransomware attacks targeting various sectors, most notably education and healthcare. Throughout 2022 and the first half of 2023, Vice Society, along with Royal Ransomware, were actively executing mu |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2021-20016 | Unspecified | 2 | None |
| CVE-2021-22893 | Unspecified | 1 | CVE-2021-22893 is a significant software vulnerability that was identified in Pulse Secure VPN appliances. This flaw in software design or implementation, also known as a zero-day vulnerability, was targeted in multiple campaigns, posing a severe threat to cybersecurity. The exploit allowed unauthor |
| Gold Waterfall (Darkside | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| DARKReading | 9 days ago | Security End-Run: 'AuKill' Shuts Down Windows-Reliant EDR Processes |
| BankInfoSecurity | 24 days ago | Millions Affected by Prudential Ransomware Hack in February |
| Quick Heal Technologies Ltd. | 2 months ago | Doubt Your Vulnerability to Ransomware Attacks? Know How Quick Heal’s Protection Will Save You! |
| BankInfoSecurity | 3 months ago | FIN7 Targeted US Automotive Giant In Failed Attack |
| CERT-EU | 4 months ago | Protecting branch office environments from ransomware |
| CERT-EU | 4 months ago | Ransomware's appetite for US healthcare sees known attacks double in a year | Malwarebytes |
| CERT-EU | 4 months ago | Ransomware Talent Surges to Akira After LockBit's Demise |
| BankInfoSecurity | 4 months ago | Ransomware Talent Surges to Akira After LockBit's Demise |
| CERT-EU | 5 months ago | The Change Healthcare attack: Explaining how it happened | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting |
| CERT-EU | 5 months ago | Operational Technology Threats - ReliaQuest |
| CERT-EU | 5 months ago | The Great BlackCat Ransomware Heist |
| CERT-EU | 5 months ago | Cybersecurity tips to follow to keep your information safe | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting |
| CERT-EU | 5 months ago | ALPHV/BlackCat gang vanishes amid ransomware ‘turmoil‘ | #ransomware | #cybercrime | National Cyber Security Consulting |
| CERT-EU | 5 months ago | Ransomware group behind Change Healthcare attack goes dark |
| CERT-EU | 5 months ago | Calls grow for federal funding after Change Healthcare cyberattack |
| CERT-EU | 5 months ago | Blackcat ransomware site reportedly seized but UK agency denies responsibility | #ransomware | #cybercrime | National Cyber Security Consulting |
| InfoSecurity-magazine | 5 months ago | ALPHV/BlackCat Ransomware Servers Go Down |
| CERT-EU | 5 months ago | BlackCat ransomware turns off servers amid claim they stole $22 million ransom |
| CERT-EU | 5 months ago | FBI El Paso Holds Second Annual Cyber Symposium | #cybercrime | #infosec | National Cyber Security Consulting |
| CERT-EU | 5 months ago | US prescription market hamstrung for 9 days (so far) by ransomware attack | #ransomware | #cybercrime | National Cyber Security Consulting |