Comprehensive profiles of tracked ransomware groups with intelligence on capabilities, tools, and victim data.
20
Groups Tracked
13
Online
7
Offline
10,143
Total Victims
One of the most prolific RaaS operations. Disrupted by Operation Cronos in Feb 2024.
Emerged March 2023, speculated ties to former Conti members. Targets enterprise environments with double-extortion.
Variant of CryptoMix, known for mass exploitation of file transfer vulnerabilities (MOVEit, GoAnywhere).
Written in Rust. Operated as RaaS with sophisticated affiliate program. Taken down by FBI.
Known for exploiting FortiOS and Microsoft Exchange vulnerabilities.
Multi-pronged extortion. Shifted from encryption to pure data extortion.
Discovered April 2022, suspected Conti offshoot. Uses double-extortion.
First appeared March 2022, remained quiet before significant escalation.
Written in Rust/Go, cross-platform capable. Growing rapidly in 2025-2026.
Extremely damaging ransomware. Disbanded after internal leaks during Russia-Ukraine conflict.
Known for exploiting VPN vulnerabilities for initial access. Self-encrypting binary.
Rapidly growing group with aggressive tactics and frequent victim postings.
Significant code overlap with Royal Ransomware.
Targets healthcare, education, and government. Uses double extortion.
Stealthy extortion group operating in the shadows.
Uses dropper written in JavaScript to deploy .NET payload.
Targeting Windows systems, often spread via malicious spam. Released keys on shutdown.
Data extortion group with growing victim count.
Known as Colddraw Ransomware, built a sophisticated ecosystem since 2019.
Newer group targeting European organizations.