2023.02.01

ランサムウェア／攻撃グループの変遷と繋がり (Rev.2) 【更新: 2025年2月14日】

本図は世界で確認されてきた主なランサムウェア攻撃グループ(※1)のうち、「リブランド」を軸とした複合的視点による組織間の繋がりを図示したものである(※2)。

本Rev.2は、2022年5月に公開し好評を頂いたRev. 1から、日々移り変わる様々な観点の関連情報を多数追加し大きくアップデートした更新版となる。現在までに確認されてきたランサムウェア攻撃グループに関するあらゆる繋がりを可能な限り盛り込んだ。

本図から、ランサムウェア攻撃グループの多くがお互いに何からの関連性を持ち活動している背景が浮かび上がる。CONTIやBABUKをはじめソースコードの流出やグループの解散／テイクダウンなどの影響が他の新種出現へ顕著に繋がる流れが見て取れる。一方、NIGHT SKYなどのように、周辺グループとの繋がりから特定国に帰属する攻撃者像が浮き上がってくるケースもある。全体を通して見え隠れするアフィリエイトの共通性などから、ランサムウェア攻撃グループの表面的な組織数とは裏腹に、背後にいる攻撃者らの絶対数は一般に想像されるよりも少ない可能性などもここから推測できるだろう。

本図では、暴露活動の有無や活動拠点の概要なども一覧で把握できるようにしており、攻撃グループ名の索引も付録として添えているため、インシデント発生時の情報収集用途など辞書的な使い方としても是非活用してほしい。

(※1) 暴露型や話題性の高いグループを選抜。攻撃グループが使用するランサムウェアの名称も一部含む。
(※2) MBSDの独自調査の他、世界各国の様々なセキュリティーベンダーの公開／発信情報を元に作成。
(Rev.1：2022年5月下旬作成)
(Rev.2：2023年2月上旬作成)

(日本語版) 最新版のダウンロードはこちら▼
MBSD_RansomwareMap_JP_Rev2.21.pdf
(印刷する場合はA3以上を推奨)

(English version) Please click to download latest version▼
MBSD_RansomwareMap_EN_Rev2.21.pdf
(Recommend to print on A3 or larger size.)

Rev.2のマイナーバージョンアップに関する更新履歴については以下の通り。

マイナーバージョン更新履歴	主な更新箇所	更新日付
2.00	・初期バージョン一般公開	2023/2/2
2.01	・HELLO KITTYのスペル修正・LAPSUS$のコメント修正・その他、細部の変更・英語版の追加・NEVADAの新規追加	2023/2/7
2.02	・VEGA、DARKBIT に関する情報追加・MEDUSAの情報変更・NEVADAの情報変更・ZEPPELINの情報変更	2023/2/16
2.03	・CONTI、QUANTUM間の補助線にコメント追加・その他、細部の変更・HARDBITの新規追加・V IS VENDETTAの新規追加	2023/3/6
2.04	・MEOWのコメントを追加・MONTIとDONUTとの関係性を追加・BLACKSNAKEの新規追加・DARK POWERの新規追加・SNAPMCの新規追加・SZ40の新規追加・BLOODYの情報変更	2023/3/20
2.05	・ABYSSの新規追加・CATB（CATB99,BAXTOY）の新規追加・BLOODYの情報変更・STORMOUSの情報変更	2023/3/28
2.06	・AKIRAの新規追加・BADLOCK（RORSCHACH）の新規追加・CIPHERLOCKERの新規追加・DUNGHILLの新規追加・TRIGONAの新規追加	2023/4/25
2.07	・AKIRAの新規追加・BLACKBITの新規追加・BLACKSUITの新規追加・CACTUSの新規追加・ELBIEの新規追加・LOKI LOCKERの新規追加・RA GROUPの新規追加	2023/5/12
2.08	・8BASEの新規追加・CYCLOPSの新規追加・DARKRACEの新規追加・ESXIARGSの新規追加・LA PIOVRAの新規追加・MALASのの新規追加・NEBULAの新規追加・NOESCAPEの新規追加・RHYSIDAの新規追加・SHADOWの新規追加・BADLOCKの情報変更・BLACKSUITの情報変更・BLOODYの情報変更・CL0P (CLOP)の情報変更・NEVADAの情報変更・NOKOYAWAの情報変更・ROYALのの情報変更・SNATCHの情報変更	2023/6/16
2.09	・BIG HEADの新規追加・INC RANSOMの新規追加・KNIGHTの新規追加・METAENCRYPTORの新規追加・8BASEの情報変更・AVADDONの情報変更・BLACKSUITの情報変更・CACTUSの情報変更・CHILE LOCKERの情報変更・CYCLOPSの情報変更・NOESCAPEの情報変更・RHYSIDAの情報変更・ROYALの情報変更・SNATCHの情報変更	2023/8/21
2.10	・ShadowSyndicateに関する項目を新規追加・ランサムウェア攻撃グループのアクティブ状況を再定義・CIPHBITの新規追加・CLOAKの新規追加・CRYPTBBの新規追加・CRYPTNETの新規追加・GOOD DAYの新規追加・LOSTTRUSTの新規追加・RANCOZの新規追加・RANSOMED.VCの新規追加・THREEAM (3AM)の新規追加・ALPHV (BLACKCAT)の情報変更・BIANLIANの情報変更・CACTUSの情報変更・CL0P (CLOP)の情報変更・DARKSIDEの情報変更・EVERESTの情報変更・LOCKBIT3.0の情報変更・METAENCRYPTORの情報変更・NOKOYAWAの情報変更・PLAYの情報変更・QUANTUMの情報変更・ROYALの情報変更	2023/10/4
2.11	・CONTIの情報変更・RYUKの情報変更・ShadowSyndicateの情報変更	2023/10/4
2.12	・DEATHRANSOMの情報追加・LOCKERGOGAの情報追加・アフィリエイト(Wazawaka、他)に関する項目を追加・ハッカーグループ編成(Five Families)に関する項目を追加・プリカーサーマルウェア(QBOT)に関する項目を追加・DRAGONFORCEの新規追加・GHOSTSECの新規追加・HUNTERS INTERNATIONALの新規追加・LAMBDAの新規追加・MADCATの新規追加・MALEKTEAMの新規追加・MEGACORTEXの新規追加・RANSOEMCORPの新規追加・RAZNATOVICの新規追加・SAMSAMの新規追加・SIEGEDSECの新規追加・SPARTACUSの新規追加・WEREWOLVESの新規追加・ABYSSの情報変更・ALPHV (BLACKCAT)の情報変更・BABUKの情報変更・BIANLIANの情報変更・BLACKBASTAの情報変更・CACTUSの情報変更・CERBERの情報変更・CONTIの情報変更・CYCLOPSの情報変更・DHARMAの情報変更・EGREGORの情報変更・HELLO KITTY (FIVE HANDS)の情報変更・HIVEの情報変更・KNIGHTの情報変更・LOCKBIT2.0の情報変更・LOCKBIT3.0の情報変更・MARIOの情報変更・MEOWの情報変更・MONTIの情報変更・NOESCAPEの情報変更・NOKOYAWAの情報変更・PROLOCKの情報変更・PWNDLOCKERの情報変更・QILIN (AGENDA)の情報変更・RAGNAR LOCKERの情報変更・RANSOMED.VCの情報変更・REVIL (SODINOKIBI)の情報変更・STORMOUSの情報変更・TRIGONAの情報変更・WHITERABBITの情報変更	2023/12/26
2.20	・ALPHA (MYDATA)の新規追加・APOS SECURITYの新規追加・APT73 (ERALEIG)の新規追加・ARCUS MEDIAの新規追加・BLACKOUTの新規追加・BUHTIの新規追加・CROSSLOCKの新規追加・DAN0N (DANON)の新規追加・DARK VAULTの新規追加・DISPOSSESSORの新規追加・DONEXの新規追加・EL DORADOの新規追加・EMBARGOの新規追加・FAUSTの新規追加・FSOCIETY / FLOCKERの新規追加・GOING INSANEの新規追加・HELLO GOOKIEの新規追加・INDUSTRIAL SPYの新規追加・KILLSECの新規追加・MOGILEVICHの新規追加・MORLOCKの新規追加・NONAMEの新規追加・QIULONGの新規追加・RA WORLDの新規追加・RABBIT HOLEの新規追加・RANSOMHUBの新規追加・RANSOMWARE BLOGの新規追加・RED RANSOMWARE GROUP (RED CRYPTOAPP)の新規追加・SENSAYQの新規追加・SLUGの新規追加・SPACE BEARSの新規追加・TRISECの新規追加・UNDERGROUNDの新規追加・ZERO TOLERANCEの新規追加・0MEGA (OMEGA)の情報変更・AKIRAの情報変更・ALPHV (BLACKCAT)の情報変更・CL0P (CLOP)の情報変更・CONTIの情報変更・CUBAの情報変更・DIAVOLの情報変更・DRAGONFORCEの情報変更・GHOSTSECの情報変更・HUNTERS INTERNATIONALの情報変更・KNIGHTの情報変更・LOCKBIT3.0の情報変更・NETWALKERの情報変更・QILIN (AGENDA)の情報変更・RANSOMHOUSEの情報変更・ROYALの情報変更・STORMOUSの情報変更・THREEAM (3AM)の情報変更・WEREWOLVESの情報変更	2024/6/10
2.21	・2023LOCKの新規追加・APT INCの新規追加・ARGONAUTSの新規追加・AZZASECの新規追加・BABYLOCKERKZの新規追加・BASHEの新規追加・BLACKLOCKの新規追加・BLING LIBRAの新規追加・BLUEBOXの新規追加・BRAINCIPHERの新規追加・CHORTの新規追加・CICADA3301の新規追加・CRYPT GHOULSの新規追加・CYBERVOLKの新規追加・DEATHGRIPの新規追加・ESTATEの新規追加・FOGの新規追加・FUNKSECの新規追加・GD LOCKERSECの新規追加・HELLCATの新規追加・HELLDOWNの新規追加・INTERLOCKの新規追加・JUMPY PISCESの新規追加・KAIROSの新規追加・KEY GROUPの新規追加・KILLSEC3.0の新規追加・KRAKENの新規追加・LUKALOCKERの新規追加・LYNXの新規追加・MAD LIBERATORの新規追加・MEDUSAの新規追加・MEGAZORDの新規追加・MORPHEUSの新規追加・NITROGENの新規追加・NULLBULGEの新規追加・ORCAの新規追加・PLAYBOYの新規追加・PRYXの新規追加・RANSOMCORTEXの新規追加・REBORNの新規追加・RISENの新規追加・SAFEPAYの新規追加・SARCOMAの新規追加・SCRANSOMの新規追加・SEXIの新規追加・TERMITEの新規追加・TRINITYの新規追加・VALENCIAの新規追加・VANIRGROUPの新規追加・VENUSの新規追加・VOLCANO DEMONの新規追加・54BB47H (SABBATH)の情報変更・8BASEの情報変更・AKIRAの情報変更・ALPHV (BLACKCAT)の情報変更・APT73 (ERALEIG)の情報変更・BABUKの情報変更・BLACKSUITの情報変更・CHAOSの情報変更・DARKRACEの情報変更・DISPOSSESSORの情報変更・DONEXの情報変更・DRAGONFORCEの情報変更・EL DORADOの情報変更・EMBARGOの情報変更・HELLO KITTYの情報変更・HIVEの情報変更・HUNTERS INTERNATIONALの情報変更・INC RANSOMの情報変更・LOCKBIT3.0の情報変更・LOSTTRUSTの情報変更・MALLOXの情報変更・MEDUSALOCKERの情報変更・MEOWの情報変更・MORLOCKの情報変更・NONAMEの情報変更・PLAYの情報変更・QILINの情報変更・RANSOMHUBの情報変更・ROYALの情報変更・SENSAYQの情報変更・YASHMAの情報変更・ZEPPELINの情報変更	2025/2/14

本図の作成に際して、弊社独自調査に併せ情報ソースとして参考にした主な参照先は以下の通り。

ランサムウェア攻撃グループ名	関連情報として参考にさせて頂いた主な参照先
0MEGA (OMEGA)	https://cyware.com/news/new-0mega-ransomware-joins-the-double-extortion-threat-landscape-158fb321/ https://www.bleepingcomputer.com/news/security/new-0mega-ransomware-targets-businesses-in-double-extortion-attacks https://www.helpnetsecurity.com/2023/06/07/0mega-ransomware-gang-changes-tactics/ https://www.linkedin.com/posts/keepnetlabs_0mega-ransomware-gang-changes-tactics-help-activity-7080546293990744065-GH6T/
54BB47H (SABBATH)	https://securityaffairs.co/wordpress/125154/cyber-crime/sabbath-ransomware.html https://www.anvilogic.com/threat-reports/unc2190-arcane-and-sabbath https://www.bleepingcomputer.com/news/security/embargo-ransomware-escalates-attacks-to-cloud-environments/ https://www.mandiant.com/resources/sabbath-ransomware-affiliate
8BASE	https://blogs.vmware.com/security/2023/06/8base-ransomware-a-heavy-hitting-player.html https://thecyberexpress.com/losttrust-claims-ferguson-wellman-cyber-attack/ https://twitter.com/ido_cohen2/status/1702742049328443826 https://www.europol.europa.eu/media-press/newsroom/news/key-figures-behind-phobos-and-8base-ransomware-arrested-in-international-cybercrime-crackdown
ABYSS	https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-source-code-leaked-on-hacking-forum/
AKIRA	https://arcticwolf.com/resources/blog/conti-and-akira-chained-together/ https://labs.k7computing.com/index.php/akira-ransomware-unleashing-chaos-using-conti-leaks/ https://www.cynet.com/blog/megazord-ransomware-technical-analysis-and-preventions/ https://www.scmagazine.com/news/blockchain-conti-akira-ransomware https://www.sentinelone.com/anthology/megazord/ https://www.trendmicro.com/ja_jp/research/23/j/ransomware-spotlight-akira.html https://x.com/MalGamy12/status/1651972583615602694
AKO	https://blog.qualys.com/vulnerabilities-threat-research/2021/12/09/ransomware-ranzy-locker https://www.bleepingcomputer.com/news/security/ako-ransomware-another-day-another-infection-attacking-businesses/
ALPHA (MYDATA)	https://netenrich.com/blog/alpha-ransomware-a-deep-dive-into-its-operations https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/alpha-netwalker-ransomware https://www.bleepingcomputer.com/news/security/alpha-ransomware-linked-to-netwalker-operation-dismantled-in-2021/ https://www.infosecurity-magazine.com/news/alpha-ransomware-launches-data/
ALPHV (BLACKCAT)	https://securelist.com/sexi-key-group-mallox-ransomware/113183/ https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-ransomware-ttps https://thehackernews.com/2022/03/experts-find-some-affiliates-of.html https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.aha.org/system/files/media/file/2024/10/hc3%20tlp%20clear%20threat%20actor%20profile%20scattered%20spider-10-24-2024.pdf https://www.bleepingcomputer.com/news/security/alphv-ransomware-site-outage-rumored-to-be-caused-by-law-enforcement/ https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-linked-to-blackmatter-darkside-gangs/ https://www.bleepingcomputer.com/news/security/blackcat-ransomware-shuts-down-in-exit-scam-blames-the-feds/ https://www.bleepingcomputer.com/news/security/embargo-ransomware-escalates-attacks-to-cloud-environments/ https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-poaching-blackcat-noescape-affiliates/ https://www.cyfirma.com/research/tracking-ransomware-july-2024/ https://www.esentire.com/blog/nitrogen-campaign-2-0-reloads-with-enhanced-capabilities-leading-to-alphv-blackcat-ransomware https://www.group-ib.com/blog/shadowsyndicate-raas/ https://www.metabaseq.com/threat/babuk-ransomware-behind-the-sexi-campaign/ https://www.ransomlook.io/group/nitrogen https://www.securityweek.com/law-enforcement-reportedly-behind-takedown-of-blackcat-alphv-ransomware-website/ https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackcat https://www.truesec.com/hub/blog/dissecting-the-cicada
ARCANE	https://www.natlawreview.com/article/rebranded-ransomware-group-sabbath-hitting-hospitals-and-schools
ARCUS MEDIA	https://dailydarkweb.net/new-ransomware-group-arcus-attacks-targeted-south-american-companies/ https://x.com/AlvieriD/status/1790971069358027010
ARVINCLUB	https://cloudsek.com/threatintelligence/ransomware-group-profile-arvin-club/
ASTRO (ASTRA)	https://blog.reversinglabs.com/blog/smash-and-grab-astralocker-2-pushes-ransomware-direct-from-office-docs https://id-ransomware.blogspot.com/2020/08/cbtucyny-ransomware.html https://twitter.com/Arkbird_SOLG/status/1393994616496590848 https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://twitter.com/darktracer_int/status/1433694601076822016 https://www.bleepingcomputer.com/news/security/mountlocker-ransomware-uses-windows-api-to-worm-through-networks/ https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.mbsd.jp/research/20210415/astro-locker/ https://www.tetradefense.com/wp-content/uploads/2021/06/ThreatIntel_May_RoundUp_Compressed.pdf
ATOMSILO	https://medium.com/s2wblog/atomsilo-x-lockfile-atomsilo-copied-blackmatter-and-cerber-for-operating-the-double-extortion-site-7fb5aaac5f21 https://news.sophos.com/ja-jp/2021/10/11/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack-jp/
AVADDON	https://medium.com/s2wblog/quick-analysis-of-haron-ransomware-feat-avaddon-and-thanos-1ebb70f64dc4 https://www.bleepingcomputer.com/news/security/meet-noescape-avaddon-ransomware-gangs-likely-successor/#google_vignette
AVOSLOCKER	https://iototsecnews.jp/2022/09/07/google-says-former-conti-ransomware-members-now-attack-ukraine/#more-27616 https://www.bleepingcomputer.com/news/security/fbi-avoslocker-ransomware-targets-us-critical-infrastructure/ https://www.trendmicro.com/ja_jp/research/22/g/ransomware-spotlight-avoslocker.html
AXXES	https://cloudsek.com/threatintelligence/axxes-ransomware-group-appears-to-be-the-rebranded-version-of-midas-group/
BABUK	https://blog.reversinglabs.com/blog/smash-and-grab-astralocker-2-pushes-ransomware-direct-from-office-docs https://blog.talosintelligence.com/de-anonymizing-ransomware-domains-on/ https://blog.trendmicro.co.jp/archives/31517 https://cybelangel.com/blog/babuk-group-just-another-ransomware-gang/ https://cyberint.com/blog/research/babuk-locker/ https://cyble.com/blog/technical-look-at-termite-ransomware-blue-yonder/ https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/ https://riskybiznews.substack.com/p/risky-biz-news-chinas-great-firewall https://securelist.com/sexi-key-group-mallox-ransomware/113183/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html https://www.bleepingcomputer.com/news/security/babuk-ransomware-readies-shut-down-post-plans-to-open-source-malware/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.cyfirma.com/research/tracking-ransomware-july-2024/ https://www.databreaches.net/babuk-re-organizes-as-payload-bin-offers-its-first-leak/ https://www.group-ib.com/blog/bablock-ransomware/ https://www.metabaseq.com/threat/babuk-ransomware-behind-the-sexi-campaign/ https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://www.trellix.com/en-gb/about/newsroom/stories/research/yanluowang-ransomware-leaks-analysis.html https://www.trendmicro.com/en_us/research/21/b/new-in-ransomware.html https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo
BABUK2023	https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/
BADLOCK (RORSCHACH)	https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/ https://www.group-ib.com/blog/bablock-ransomware/
BIANLIAN	https://securityaffairs.com/155893/cyber-crime/bianlian-white-rabbit-mario-ransomware-joint-campaign.html https://www.bleepingcomputer.com/news/security/bianlian-ransomware-gang-shifts-focus-to-pure-data-extortion/
BIG HEAD	https://www.trendmicro.com/en_us/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html
BITPAYMER	https://www.bleepingcomputer.com/news/security/bitpaymer-ransomware-infection-forces-alaskan-town-to-use-typewriters-for-a-week/ https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/
BL4CKT0R (BLACKTOR)	https://www.tetradefense.com/wp-content/uploads/2021/08/ThreatIntel_July2021_RoundUp_Compressed.pdf
BLACKBASTA	https://digitaldata-forensics.com/column/ransomware/type/4415/ https://www.bleepingcomputer.com/news/security/black-basta-ransomware-gang-linked-to-the-fin7-hacking-group/ https://www.cybereason.co.jp/blog/ransomware/9263/ https://www.cybereason.com/blog/cybereason-vs.-black-basta-ransomware https://www.trendmicro.com/ja_jp/research/22/f/examining-the-black-basta-ransomwares-infection-routine.html https://www.zscaler.com/blogs/security-research/back-black-basta
BLACKBIT	https://asec.ahnlab.com/en/51497/ https://blog.cyble.com/2023/05/03/blackbit-ransomware-a-threat-from-the-shadows-of-lokilocker/
BLACKBYTE	https://broadcom-software.security.com/blogs/japanese-broadcom-software/exbyte-blackbyteransamuueanogongjikurufukaxintanatetaqiequtsuruwozhankai https://research.nccgroup.com/2022/07/13/climbing-mount-everest-black-byte-bytes-back/ https://www.anvilogic.com/threat-reports/conti-its-subsidiary-group-blackbyte https://www.bleepingcomputer.com/news/security/blackbyte-ransomware-gang-is-back-with-new-extortion-tactics/ https://www.trendmicro.com/ja_jp/research/22/i/ransomware-spotlight-blackbyte.html https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackbyte
BLACKMAGIC	https://blog.cyble.com/2022/12/07/a-closer-look-at-blackmagic-ransomware/
BLACKMATTER	https://cluster25.io/2022/07/06/lockbit-3-0-making-the-ransomware-great-again/ https://mytechdecisions.com/it-infrastructure/what-darksides-rebranding-means-for-it/ https://thehackernews.com/2022/03/experts-find-some-affiliates-of.html https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://twitter.com/cyb3rops/status/1544216630296825856 https://twitter.com/threatray/status/1544643305924960256 https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-linked-to-blackmatter-darkside-gangs/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/ https://www.itmedia.co.jp/news/articles/2108/16/news052.html https://www.theregister.com/2022/09/25/noberus_ransomware_symantec/ https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackcat
BLACKOUT	https://socradar.io/dark-peep-12-the-ransomware-group-that-never-was/
BLACKSHADOW (SPECTRAL KITTEN)	https://www.binarydefense.com/threat_watch/blackshadow-threat-group-breaches-israeli-hosting-firm/
BLACKSNAKE	https://blog.cyble.com/2023/03/09/blacksnake-ransomware-emerges-from-chaos-ransomwares-shadow/
BLACKSUIT	https://blog.cyble.com/2023/05/12/blacksuit-ransomware-strikes-windows-and-linux-users/ https://socradar.io/dark-web-profile-blacksuit-ransomware/ https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a https://www.trendmicro.com/en_us/research/23/e/investigating-blacksuit-ransomwares-similarities-to-royal.html
BLOODY	https://securityaffairs.co/wordpress/136345/cyber-crime/bl00dy-ransomware-lockbit-3-encryptor.html https://www.bleepingcomputer.com/news/security/leaked-lockbit-30-builder-used-by-bl00dy-ransomware-gang-in-attacks/
BLUESKY	https://unit42.paloaltonetworks.jp/bluesky-ransomware/
BUHTI	https://news.sophos.com/en-us/2024/02/23/connectwise-screenconnect-attacks-deliver-malware/
CACTUS	https://securityaffairs.com/155184/cyber-crime/danabot-spread-cactus-ransomware.html https://www.group-ib.com/blog/shadowsyndicate-raas/ https://x.com/MsftSecIntel/status/1730383711437283757?s=20
CATB (CAT99 / BAXTOY)	https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection/ https://www.sentinelone.com/blog/decrypting-catb-ransomware-analyzing-their-latest-attack-methods/
CERBER	https://cyble.com/blog/cerber2021-ransomware-back-in-action/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/ https://www.itmedia.co.jp/news/articles/2108/16/news052.html https://www.trendmicro.com/en_us/research/17/e/cerber-ransomware-evolution.html https://www.trendmicro.com/ja_jp/research/23/l/cerber-ransomware-exploits-cve-2023-22518.html
CHAOS	https://blogs.blackberry.com/ja/jp/2022/06/yashma-ransomware-tracing-the-chaos-family-tree https://jp.broadcom.com/support/security-center/protection-bulletin/key-group-targeting-russian-users-with-evolving-ransomware https://securelist.com/key-group-ransomware-samples-and-telegram-schemes/114025/ https://www.sonicwall.com/blog/key-group-russian-ransomware-gang-uses-extensive-multi-purpose-telegram-channel
CHEERS	https://blog.trendmicro.co.jp/archives/31517 https://securityaffairs.co/wordpress/136611/malware/apt10-cheerscrypt-ransomware.html https://www.bleepingcomputer.com/news/security/cheerscrypt-ransomware-linked-to-a-chinese-hacking-group/
CHILE LOCKER (ARCRYPTER)	https://blog.cyble.com/2023/07/06/arcrypt-ransomware-evolves-with-multiple-tor-communication-channels/ https://www.fortinet.com/blog/threat-research/ransomware-roundup-bisamware-and-chile-locker
CL0P (CLOP)	https://blog.talosintelligence.com/talos-ir-q2-2023-quarterly-recap/ https://fourcore.io/blogs/clop-ransomware-history-adversary-simulation https://gemserv.com/our-thoughts/threat-actor-review-clop-ransomware-group/ https://sectrio.com/deconstructing-cl0p-ransomware-moveit-2023-breach/ https://securityaffairs.co/wordpress/137722/malware/raspberry-robin-clop-ransomware.html https://thehackernews.com/2023/04/microsoft-confirms-papercut-servers.html https://thehackernews.com/2023/06/microsoft-lace-tempest-hackers-behind.html https://unit42.paloaltonetworks.jp/clop-ransomware/ https://www.bleepingcomputer.com/news/security/clop-ransomware-uses-truebot-malware-for-access-to-networks/ https://www.bleepingcomputer.com/news/security/microsoft-links-raspberry-robin-worm-to-clop-ransomware-attacks/ https://www.bleepingcomputer.com/news/security/microsoft-notorious-fin7-hackers-return-in-clop-ransomware-attacks/ https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a https://www.group-ib.com/blog/shadowsyndicate-raas/
CLOAK	https://www.sentinelone.com/blog/threat-actor-interplay-good-days-victim-portals-and-their-ties-to-cloak/
CONTI	https://arcticwolf.com/resources/blog/conti-and-akira-chained-together/ https://blog.bushidotoken.net/2022/11/the-continuity-of-conti.html https://blog.cyble.com/2022/12/22/new-ransomware-strains-emerging-from-leaked-contis-source-code/ https://labs.k7computing.com/index.php/akira-ransomware-unleashing-chaos-using-conti-leaks/ https://news.sophos.com/ja-jp/2021/03/03/conti-ransomware-attack-day-by-day-jp/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html https://socradar.io/dark-web-profile-blacksuit-ransomware/ https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html https://twitter.com/VK_Intel/status/1557003350541242369 https://twitter.com/uuallan/status/1564655718531219456 https://unit42.paloaltonetworks.jp/atoms/conti-ransomware/ https://www.axios.com/2023/05/09/royal-ransomware-us-cities-cybersecurity-hacking https://www.bleepingcomputer.com/news/security/conti-ransomware-shows-signs-of-being-ryuks-successor/ https://www.bleepingcomputer.com/news/security/karakurt-revealed-as-data-extortion-arm-of-conti-cybercrime-syndicate/ https://www.bleepingcomputer.com/news/security/quantum-ransomware-attack-disrupts-govt-agency-in-dominican-republic/ https://www.bleepingcomputer.com/news/security/researchers-link-3am-ransomware-to-conti-royal-cybercrime-gangs/ https://www.fortinet.com/blog/threat-research/ransomware-roundup-new-vohuk-scarecrow-and-aerst-variants https://www.group-ib.com/blog/shadowsyndicate-raas/ https://www.kelacyber.com/wp-content/uploads/2022/05/KELA-Intelligence-Report-ContiLeaks-JA-1.pdf https://www.scmagazine.com/news/blockchain-conti-akira-ransomware https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://www.trellix.com/en-gb/about/newsroom/stories/research/yanluowang-ransomware-leaks-analysis.html https://www.trellix.com/en-us/about/newsroom/stories/research/a-royal-analysis-of-royal-ransom.html https://www.trendmicro.com/ja_jp/research/22/l/ransomware-spotlight-blackcat.html https://www.trendmicro.com/ja_jp/research/23/j/ransomware-spotlight-akira.html https://x.com/MalGamy12/status/1651972583615602694
COOMING PROJECT	https://www.cisa.gov/uscert/ncas/alerts/aa22-110a
COREID	https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-ransomware-ttps https://www.techrepublic.com/article/colonial-pipeline-ransomware-group-using-new-tactics-to-become-more-dangerous/ https://www.theregister.com/2022/09/25/noberus_ransomware_symantec/ https://www.zdnet.com/article/fin7-hackers-evolve-operations-with-ransomware-novel-backdoor/
CROSSROCK	https://jp.sentinelone.com/anthology/crosslock/
CRYKAL / CRYLOCK	https://heimdalsecurity.com/blog/crylock-ransomware/ https://unit42.paloaltonetworks.jp/trigona-ransomware-update/
CRYPTOMIX	https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-cryptomix-ransomware-cyber-report.pdf
CRYPTON	https://cyware.com/news/what-is-crypton-ransomware-new-campaign-sees-hackers-exploiting-remote-desktop-services-097a4372 https://www.twx-threatintel.com/hobokomo-securitynews/20220706/tips-342/
CRYPTWALL	https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-cryptomix-ransomware-cyber-report.pdf
CRYPTXXX	https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-cryptomix-ransomware-cyber-report.pdf
CRYSIS	https://blogs.blackberry.com/ja/jp/2021/11/threat-thursday-phobos-ransomware
CUBA	https://www.bleepingcomputer.com/news/security/industrial-spy-data-extortion-market-gets-into-the-ransomware-game/ https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-cuba
CYCLOPS	https://blog.talosintelligence.com/qakbot-affiliated-actors-distribute-ransom/ https://www.bleepingcomputer.com/news/security/knight-ransomware-distributed-in-fake-tripadvisor-complaint-emails/ https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo
CYLANCE	https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/
DAGON LOCKER	https://asec.ahnlab.com/ko/41577/
DAIXIN	https://www.bleepingcomputer.com/news/security/us-govt-warns-of-daixin-team-targeting-health-orgs-with-ransomware/
DARK VAULT	https://cybernews.com/news/lockbit-dark-vault-rebrand/
DARKANGELS	https://blog.cyble.com/2022/05/06/rebranded-babuk-ransomware-in-action-darkangels-ransomware-performs-targeted-attack/ https://blog.talosintelligence.com/de-anonymizing-ransomware-domains-on/ https://cyware.com/news/darkangels-a-rebranded-version-of-babuk-8c62474b https://thecyberexpress.com/dark-angels-ransomware-dunghill-leak/
DARKRYPT	https://www.digitalshadows.com/blog-and-research/ransomware-q4-overview/
DARKSIDE	https://mytechdecisions.com/it-infrastructure/what-darksides-rebranding-means-for-it/ https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-linked-to-blackmatter-darkside-gangs/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/ https://www.flashpoint.io/blog/darkside-ransomware-links-to-revil-difficult-to-dismiss/ https://www.theregister.com/2022/09/25/noberus_ransomware_symantec/
DATAF	https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/
DEATHRANSOM	https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-source-code-leaked-on-hacking-forum/
DEFRAY777	https://unit42.paloaltonetworks.jp/ransomware-threat-assessments/8/ https://www.cybereason.com/blog/cybereason-vs.-ransomexx-ransomware https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
DHARMA	https://blogs.blackberry.com/ja/jp/2021/11/threat-thursday-phobos-ransomware https://cyberenso.jp/types-of-ransomware/dharma-ransomware/ https://www.europol.europa.eu/media-press/newsroom/news/international-collaboration-leads-to-dismantlement-of-ransomware-group-in-ukraine-amidst-ongoing-war
DIAVOL	https://arcticwolf.com/resources/blog/karakurt-web/ https://www.fortinet.com/jp/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider https://www.kelacyber.com/wp-content/uploads/2022/05/KELA-Intelligence-Report-ContiLeaks-JA-1.pdf
DIKE	https://mdba.info/ransomware/2022/03/20/%E3%80%8C-dike%E3%80%8D%E3%80%8C-zozl%E3%80%8D%E6%8B%A1%E5%BC%B5%E5%AD%90%E3%81%AB%E6%9A%97%E5%8F%B7%E5%8C%96%E3%81%99%E3%82%8Bphobos%E3%83%A9%E3%83%B3%E3%82%B5%E3%83%A0%E3%82%A6%E3%82%A7%E3%82%A2-202/
DISPOSSESSOR	https://gbhackers.com/dispossessor-and-radar-ransomware/ https://webz.io/dwp/lockbit-reborn-new-site-defies-fbi-takedown https://www.fbi.gov/contact-us/field-offices/cleveland/news/international-investigation-leads-to-shutdown-of-ransomware-group https://www.infosecurity-magazine.com/news/fbi-dismantle-radardispossessor/
DONUT	https://www.bleepingcomputer.com/news/security/donut-extortion-group-also-targets-victims-with-ransomware/
DOPPELPAYMER	https://socprime.com/blog/doppelpaymer-ransomware-detection/ https://socradar.io/dark-web-threat-profile-grief-ransomware-group/ https://unit42.paloaltonetworks.jp/ransomware-threat-assessments/4/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/
DRAGONFORCE	https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/ https://www.group-ib.com/blog/dragonforce-ransomware/
DUNGHILL	https://thecyberexpress.com/dark-angels-ransomware-dunghill-leak/
ECH0RAIX (ECHORAIX)	https://unit42.paloaltonetworks.jp/ech0raix-ransomware-soho/ https://www.bleepingcomputer.com/news/security/new-ech0raix-ransomware-brute-forces-qnap-nas-devices/ https://www.bleepingcomputer.com/ransomware/decryptor/ech0raix-ransomware-decryptor-restores-qnap-files-for-free/
EGREGOR	https://unit42.paloaltonetworks.jp/egregor-ransomware-courses-of-action/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.trendmicro.com/ja_jp/research/21/k/QAKBOT-new-attack-technique.html
EL_COMETA	https://www.bleepingcomputer.com/news/security/synack-ransomware-releases-decryption-keys-after-el-cometa-rebrand/
EMBARGO	https://www.bleepingcomputer.com/news/security/embargo-ransomware-escalates-attacks-to-cloud-environments/ https://www.bleepingcomputer.com/news/security/largest-non-bank-lender-in-australia-warns-of-a-data-breach/
EMPEROR DRAGONFLY	https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group
ENTROPY	https://cyberintelmag.com/malware-viruses/dridex-malware-downloader-connected-to-entropy-ransomware/ https://news.sophos.com/ja-jp/2022/02/23/dridex-bots-deliver-entropy-ransomware-in-recent-attacks-jp/ https://www.bleepingcomputer.com/news/security/entropy-ransomware-linked-to-evil-corps-dridex-malware/ https://www.cyclonis.com/ja/entropy-ransomware-may-have-links-to-the-dridex-gang/
EP918	https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-28-3/
ERUPTION	https://securityaffairs.co/wordpress/125154/cyber-crime/sabbath-ransomware.html https://www.mandiant.com/resources/sabbath-ransomware-affiliate
EVEREST	https://exchange.xforce.ibmcloud.com/threats/guid:63387e50bd9400dc12ea6b47140aa0db https://kcm.trellix.com/corporate/index?page=content&id=KB96132 https://research.nccgroup.com/2022/07/13/climbing-mount-everest-black-byte-bytes-back/ https://socradar.io/on-the-horizon-ransomed-vc-ransomware-group-spotted-in-the-wild/ https://www.marketscreener.com/quote/stock/NCC-GROUP-PLC-4004767/news/NCC-Monthly-Threat-Pulse-ndash-November-2021-37387006/
EVIL CORP	https://e.cyberint.com/hubfs/Cyberint_Evil%20Corp%20Wastedlocker%20Ransomware_Report.pdf https://heimdalsecurity.com/blog/macaw-locker-evil-corps-latest-version-makes-new-victims/ https://pchandy.net/2021/06/new-evil-corp-ransomware-mimics-payloadbin-gang-to-evade-us-sanctions/ https://socprime.com/blog/doppelpaymer-ransomware-detection/ https://threatpost.com/evil-corp-impersonates-payloadbin/166710/ https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://twitter.com/vxunderground/status/1533948505043124224 https://www.bleepingcomputer.com/news/security/entropy-ransomware-linked-to-evil-corps-dridex-malware/ https://www.bleepingcomputer.com/news/security/evil-corp-switches-to-lockbit-ransomware-to-evade-sanctions/ https://www.bleepingcomputer.com/news/security/new-evil-corp-ransomware-mimics-payloadbin-gang-to-evade-us-sanctions/ https://www.enigmasoftware.com/dridex-gang-returns-with-wastedlocker-ransomware/ https://www.mandiant.com/resources/blog/unc2165-shifts-to-evade-sanctions
EXORCIST	https://sequretek.com/wp-content/uploads/2018/10/Sequretek-Advisory-Exorcist-Ransomware_.pdf https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-24th-2020-navigation-failure/
FAUST	https://thehackernews.com/2024/01/albabat-kasseika-kuiper-new-ransomware.html
FONIX (XINOF)	https://www.malwarebytes.com/blog/news/2021/02/fonix-ransomware-gives-up-life-of-crime-apologises
GANDCRAB	https://krebsonsecurity.com/2019/07/is-revil-the-new-gandcrab-ransomware/ https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/
GHOSTSEC	https://socradar.io/the-five-families-hacker-collaboration-redefining-the-game/ https://thehackernews.com/2024/03/alert-ghostsec-and-stormous-launch.html https://www.sompocybersecurity.com/column/column/hacker-group-launches-ghostlocker-raas
GOOD DAY	https://www.sentinelone.com/blog/threat-actor-interplay-good-days-victim-portals-and-their-ties-to-cloak/
GRIEF	https://cyberintelmag.com/malware-viruses/dridex-malware-downloader-connected-to-entropy-ransomware/ https://socradar.io/dark-web-threat-profile-grief-ransomware-group/ https://www.bleepingcomputer.com/news/security/entropy-ransomware-linked-to-evil-corps-dridex-malware/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/
GROOVE	https://blogs.mcafee.jp/how-groove-gang-is-shaking-up-the-ransomware-as-a-service-market-to-empower-affiliates https://krebsonsecurity.com/2021/11/the-groove-ransomware-gang-was-a-hoax/ https://medium.com/s2wblog/groove-x-ramp-the-relation-between-groove-babuk-ramp-and-blackmatter-f75644f8f92d https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.trellix.com/ja-jp/about/newsroom/stories/research/how-groove-gang-is-shaking-up-the-ransomware-as-a-service-market-to-empower-affiliates.html
HARDBIT	https://www.bleepingcomputer.com/news/security/hardbit-ransomware-wants-insurance-details-to-set-the-perfect-price/ https://www.securityweek.com/hardbit-ransomware-offers-to-set-ransom-based-on-victims-cyberinsurance/ https://www.suspectfile.com/interview-with-hardbit-ransomware-a-new-group-with-great-ambitions/ https://www.varonis.com/blog/hardbit-2.0-ransomware
HARON	https://medium.com/s2wblog/quick-analysis-of-haron-ransomware-feat-avaddon-and-thanos-1ebb70f64dc4 https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-44-3/
HELLB0RN	https://www.zerofox.com/blog/the-underground-economist-issue-5/
HELLO GOOKIE	https://blog.barracuda.com/2024/04/24/hellokitty--hellogookie--hello--lockbit https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-rebrands-releases-cd-projekt-and-cisco-data/
HELLO KITY (FIVE HANDS)	https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-source-code-leaked-on-hacking-forum/ https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/ https://www.trellix.com/en-gb/about/newsroom/stories/research/yanluowang-ransomware-leaks-analysis.html
HERMES	https://www.cybereason.co.jp/blog/ransomware/5607/ https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-hermes-ransomware-cyber-report.pdf
HITLER (AGL0BGVYCG)	https://en.wikipedia.org/wiki/Hitler-Ransomware
HIVE	https://northwave-security.com/conti-ryuk-and-hive-affiliates-the-hidden-link/ https://thehackernews.com/2023/11/new-ransomware-group-emerges-with-hives.html https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html https://www.bleepingcomputer.com/news/security/donut-extortion-group-also-targets-victims-with-ransomware/ https://www.bleepingcomputer.com/news/security/embargo-ransomware-escalates-attacks-to-cloud-environments/ https://www.bleepingcomputer.com/news/security/new-hunters-international-ransomware-possible-rebrand-of-hive/ https://www.europol.europa.eu/media-press/newsroom/news/international-collaboration-leads-to-dismantlement-of-ransomware-group-in-ukraine-amidst-ongoing-war https://www.trendmicro.com/en_us/research/22/c/nokoyawa-ransomware-possibly-related-to-hive-.html https://www.trendmicro.com/ja_jp/research/22/i/play-ransomware-s-attack-playbook-unmasks-it-as-another-hive-aff.html
HOLYGHOST	https://www.bleepingcomputer.com/news/security/microsoft-links-holy-ghost-ransomware-operation-to-north-korean-hackers/ https://www.digitalshadows.com/blog-and-research/holy-ghosts-bargain-basement-approach-to-ransomware/ https://www.hackread.com/lessons-from-holy-ghost-ransomware-attacks/
HUNTERS INTERNATIONAL	https://iototsecnews.jp/2023/10/29/new-hunters-international-ransomware-possible-rebrand-of-hive/ https://thehackernews.com/2023/11/new-ransomware-group-emerges-with-hives.html https://www.bleepingcomputer.com/news/security/embargo-ransomware-escalates-attacks-to-cloud-environments/ https://www.bleepingcomputer.com/news/security/new-hunters-international-ransomware-possible-rebrand-of-hive/ https://www.quorumcyber.com/malware-reports/hunters-international-ransomware-report/
ICEFIRE	https://twitter.com/malwrhunterteam/status/1503484073406345224/photo/3
INDUSTRIAL SPY	https://securityscorecard.com/research/a-technical-analysis-of-the-underground-ransomware-deployed-by-storm-0978/ https://unit42.paloaltonetworks.jp/cuba-ransomware-tropical-scorpius/#post-124395-_xnikeicczfm4 https://www.bleepingcomputer.com/news/security/industrial-spy-data-extortion-market-gets-into-the-ransomware-game/ https://www.fortiguard.com/threat-signal-report/5215/underground-team-ransomware https://www.privacyaffairs.com/underground-ransomware-actor-breaches-11-targets/
ISOS	https://mdba.info/ransomware/2020/10/02/%E3%80%8C-isos%E3%80%8D%E6%8B%A1%E5%BC%B5%E5%AD%90%E3%81%AB%E6%9A%97%E5%8F%B7%E5%8C%96%E3%81%99%E3%82%8Bphobos%E3%83%A9%E3%83%B3%E3%82%B5%E3%83%A0%E3%82%A6%E3%82%A7%E3%82%A2/
JIGSAW	http://maruyama-mitsuhiko.cocolog-nifty.com/security/2022/05/post-ea8ab8.html https://www.secureworld.io/industry-news/venezuelan-doctor-jigsaw-thanos-ransomware
JSWORM	https://cyware.com/news/its-time-we-talk-about-jsworm-ransomware-32787a6b https://www.bleepingcomputer.com/news/security/new-karma-ransomware-group-likely-a-nemty-rebrand/
KARAKURT	https://www.bleepingcomputer.com/news/security/karakurt-revealed-as-data-extortion-arm-of-conti-cybercrime-syndicate/
KARMA	https://blogs.blackberry.com/en/2021/11/threat-thursday-karma-ransomware https://gadgettendency.com/new-ransomware-group-karma-actually-renamed-nefilim/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.cyfirma.com/outofband/karma-leak-ransomware-technical-analysis/ https://www.sentinelone.com/labs/nokoyawa-ransomware-new-karma-nemty-variant-wears-thin-disguise/
KILLSEC	https://foresiet.com/blog/kill-ransomware-a-new-entrant-strikes-breaching-kerala-police-and-beyond https://ransomwareattacks.halcyon.ai/news/ransomware-on-the-move-ra-world-killsec-8base-medusa
KNIGHT	https://blog.talosintelligence.com/qakbot-affiliated-actors-distribute-ransom/ https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomhub-knight-ransomware https://thehackernews.com/2024/06/rebranded-knight-ransomware-targeting.html https://www.bleepingcomputer.com/news/security/knight-ransomware-distributed-in-fake-tripadvisor-complaint-emails/ https://www.bleepingcomputer.com/news/security/knight-ransomware-source-code-for-sale-after-leak-site-shuts-down/
LAPSUS$	https://iototsecnews.jp/2022/09/13/cisco-data-breach-attributed-to-lapsus-ransomware-group/ https://jp.tenable.com/blog/brazen-unsophisticated-and-illogical-understanding-the-lapsus-extortion-group https://wired.jp/article/okta-hack-microsoft-bing-code-leak-lapsus/
LILITH	https://www.bleepingcomputer.com/news/security/new-lilith-ransomware-emerges-with-extortion-site-lists-first-victim/
LIZARD	https://www.enigmasoftware.jp/lizardphobosransomware-sakujo/
LOCK4	https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/
LOCKBIT (ABCD)	https://www.herjavecgroup.com/herjavec-group-lockbit-2-0-ransomware-profile/ https://www.kaspersky.co.jp/resource-center/threats/lockbit-ransomware
LOCKBIT2.0	https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/ https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html https://twitter.com/alvierid/status/1737763750940151998?s=61&t=cbDfoCunjPFFOy6AuZb1rw https://www.bleepingcomputer.com/news/security/evil-corp-switches-to-lockbit-ransomware-to-evade-sanctions/ https://www.group-ib.com/blog/bablock-ransomware/ https://www.herjavecgroup.com/herjavec-group-lockbit-2-0-ransomware-profile/ https://www.mandiant.com/resources/unc2165-shifts-to-evade-sanctions https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo
LOCKBIT3.0	https://cluster25.io/2022/07/06/lockbit-3-0-making-the-ransomware-great-again/ https://codebook.machinarecord.com/threatreport/34066/ https://dailydarkweb.net/play-ransomware-and-lockbit-allegedly-created-an-alliance/ https://news.sophos.com/en-us/2024/02/23/connectwise-screenconnect-attacks-deliver-malware/ https://securelist.com/crypt-ghouls-hacktivists-tools-overlap-analysis/114217/ https://securelist.com/sexi-key-group-mallox-ransomware/113183/ https://socradar.io/dark-peep-16-play-ransomware-lockbits-alliance-breachforums-leak-and-cyberniggers-revival/ https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit https://twitter.com/AlvieriD/status/1760640047433269282 https://twitter.com/threatray/status/1544643305924960256 https://www.bleepingcomputer.com/news/security/embargo-ransomware-escalates-attacks-to-cloud-environments/ https://www.bleepingcomputer.com/news/security/hackers-use-new-3am-ransomware-to-save-failed-lockbit-attack/ https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-poaching-blackcat-noescape-affiliates/ https://www.cyfirma.com/research/tracking-ransomware-july-2024/ https://www.huntress.com/blog/its-not-safe-to-pay-safepay https://www.pcrisk.com/removal-guides/25159-cryptbb-ransomware https://www.sentinelone.com/anthology/brain-cipher/ https://www.sentinelone.com/blog/deathgrip-raas-small-time-threat-actors-aim-high-with-lockbit-yashma-builders/ https://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/ https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/nullbulge https://x.com/AlvieriD/status/1790971069358027010
LOCKDATA	https://www.pcrisk.com/removal-guides/23846-lockdata-ransomware
LOCKERGOGA	https://www.europol.europa.eu/media-press/newsroom/news/international-collaboration-leads-to-dismantlement-of-ransomware-group-in-ukraine-amidst-ongoing-war
LOCKFILE	https://medium.com/s2wblog/atomsilo-x-lockfile-atomsilo-copied-blackmatter-and-cerber-for-operating-the-double-extortion-site-7fb5aaac5f21 https://news.sophos.com/ja-jp/2021/09/06/lockfile-ransomwares-box-of-tricks-intermittent-encryption-and-evasion-jp/
LOKI LOCKER	https://asec.ahnlab.com/en/51497/ https://blog.cyble.com/2023/05/03/blackbit-ransomware-a-threat-from-the-shadows-of-lokilocker/ https://blogs.blackberry.com/ja/jp/2022/07/blackberry-prevents-lokilocker
LORENZ	https://arcticwolf.com/resources/blog/lorenz-ransomware-chiseling-in/ https://www.avertium.com/resources/threat-reports/an-in-depth-look-at-lorenz-ransomware https://www.cybereason.com/blog/research/cybereason-vs.-lorenz-ransomware
LOSTTRUST	https://socradar.io/dark-web-profile-eldorado-ransomware/ https://www.bleepingcomputer.com/news/security/meet-losttrust-ransomware-a-likely-rebrand-of-the-metaencryptor-gang/ https://www.cyfirma.com/research/tracking-ransomware-june-2024/
LV	https://www.secureworks.com/research/lv-ransomware
MACAW LOCKER	https://heimdalsecurity.com/blog/macaw-locker-evil-corps-latest-version-makes-new-victims/ https://www.bleepingcomputer.com/news/security/evil-corp-demands-40-million-in-new-macaw-ransomware-attacks/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
MAILTO	https://www.bleepingcomputer.com/news/security/mailto-netwalker-ransomware-targets-enterprise-networks/
MALLOX (FARGO)	https://www.suspectfile.com/interview-with-mallox-ransomware-group/
MARIO	https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html https://securityaffairs.com/155893/cyber-crime/bianlian-white-rabbit-mario-ransomware-joint-campaign.html https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/
MAZE	https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.bleepingcomputer.com/news/security/maze-ransomware-is-shutting-down-its-cybercrime-operation/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.zerofox.com/blog/maze-recent-ransomware-attacks/
MBC	https://twitter.com/S0ufi4n3/status/1541150802332598279 https://www.thenationalnews.com/business/2021/08/21/mbc-ransomware-group-claims-responsibility-for-cyber-attack-on-irans-railway-network/
MEDUSA LOCKER	https://www.cybereason.co.jp/blog/ransomware/5546/
MEGACORTEX	https://www.europol.europa.eu/media-press/newsroom/news/international-collaboration-leads-to-dismantlement-of-ransomware-group-in-ukraine-amidst-ongoing-war https://www.trendmicro.com/ja_jp/research/21/k/QAKBOT-new-attack-technique.html
MEOW	https://blog.cyble.com/2022/12/22/new-ransomware-strains-emerging-from-leaked-contis-source-code/ https://www.bleepingcomputer.com/news/security/conti-based-ransomware-meowcorp-gets-free-decryptor/
METAENCRYPTOR	https://www.bleepingcomputer.com/news/security/meet-losttrust-ransomware-a-likely-rebrand-of-the-metaencryptor-gang/
MIDAS	https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-44-3/
MINDWARE	https://www.sentinelone.com/blog/from-the-front-lines-another-rebrand-mindware-and-sfile-ransomware-technical-breakdown/
MOISHA	https://blog.cyble.com/2022/08/25/moisha-ransomware-in-action/ https://cyware.com/news/new-moisha-ransomware-pulls-off-highly-targeted-attacks-4be35d93
MONTI	https://blogs.blackberry.com/en/2022/09/the-curious-case-of-monti-ransomware-a-real-world-doppelganger https://intel471.com/blog/conti-vs-monti-a-reinvention-or-just-a-simple-rebranding https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html
MORLOCK	https://securelist.com/crypt-ghouls-hacktivists-tools-overlap-analysis/114217/ https://www.facct.ru/blog/morlock-ransomware/
MOUNT LOCKER	https://asec.ahnlab.com/ko/41577/ https://id-ransomware.blogspot.com/2020/08/cbtucyny-ransomware.html https://twitter.com/Arkbird_SOLG/status/1393994616496590848 https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://twitter.com/darktracer_int/status/1433694601076822016 https://www.barracuda.co.jp/mountlocker-ransomware/ https://www.bleepingcomputer.com/news/security/mount-locker-ransomware-joins-the-multi-million-dollar-ransom-game/ https://www.bleepingcomputer.com/news/security/mountlocker-ransomware-uses-windows-api-to-worm-through-networks/ https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.cyclonis.com/ja/mount-locker-ransomware-is-getting-more-dangerous/ https://www.guidepointsecurity.com/blog/mount-locker-ransomware-steps-up-counter-ir-capabilities/ https://www.tetradefense.com/wp-content/uploads/2021/06/ThreatIntel_May_RoundUp_Compressed.pdf
MY DECRYPTER (MAGNIBER)	https://howtofix.guide/ransomware/magniber/ https://japan.zdnet.com/paper/30001345/30005842/ https://www.2-spyware.com/remove-my-decryptor-ransomware-virus.html
N3TW0RM (NETWORM)	https://www.acronis.com/en-us/blog/posts/n3tw0rm-ransomware/ https://www.bleepingcomputer.com/news/security/n3tw0rm-ransomware-emerges-in-wave-of-cyberattacks-in-israel/
N4UGHTYSEC	https://www.itweb.co.za/content/o1Jr5Mx9BVjqKdWL https://www.pkware.com/blog/monthly-breach-report-april-2022-edition
NB65	https://securityaffairs.co/130051/hacktivism/nb65-modified-version-conti-ransomware.html https://www.malwarebytes.com/blog/news/2022/04/conti-ransomware-offshoot-targets-russian-organizations
NEFILIM	https://cyberenso.jp/types-of-ransomware/nephilim-ransomware/ https://gadgettendency.com/new-ransomware-group-karma-actually-renamed-nefilim/ https://www.bleepingcomputer.com/news/security/new-karma-ransomware-group-likely-a-nemty-rebrand/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
NEMTY	https://www.bitdefender.com/blog/hotforsecurity/nemty-ransomware-gang-shuts-down-public-gig-announces-exclusive-business-model https://www.bleepingcomputer.com/news/security/new-karma-ransomware-group-likely-a-nemty-rebrand/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.sentinelone.com/labs/nokoyawa-ransomware-new-karma-nemty-variant-wears-thin-disguise/
NETWALKER	https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/alpha-netwalker-ransomware https://www.bleepingcomputer.com/news/security/alpha-ransomware-linked-to-netwalker-operation-dismantled-in-2021/ https://www.bleepingcomputer.com/news/security/ransomware-recruits-affiliates-with-huge-payouts-automated-leaks/ https://www.cybereason.co.jp/blog/ransomware/5845/
NEVADA	https://www.zscaler.com/blogs/security-research/nevada-ransomware-yet-another-nokoyawa-variant
NIGHTSKY	https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering/blob/main/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit.md https://securityaffairs.co/wordpress/136611/malware/apt10-cheerscrypt-ransomware.html https://twitter.com/Arkbird_SOLG/status/1503435955306434562 https://twitter.com/vinopaljiri/status/1480059715392622597 https://www.forescout.com/blog/night-sky-a-short-lived-threat-from-a-long-lived-threat-actor/
NOKOYAWA	https://blog.talosintelligence.com/de-anonymizing-ransomware-domains-on/ https://www.fortinet.com/blog/threat-research/nokoyawa-variant-catching-up https://www.group-ib.com/blog/farnetwork/ https://www.group-ib.com/blog/shadowsyndicate-raas/ https://www.sentinelone.com/labs/nokoyawa-ransomware-new-karma-nemty-variant-wears-thin-disguise/ https://www.trendmicro.com/en_us/research/22/c/nokoyawa-ransomware-possibly-related-to-hive-.html https://www.trendmicro.com/ja_jp/research/22/i/play-ransomware-s-attack-playbook-unmasks-it-as-another-hive-aff.html https://www.zscaler.com/blogs/security-research/nevada-ransomware-yet-another-nokoyawa-variant
NONAME	https://cybersecsentinel.com/ransomhub-affiliate-noname-group-launches-scransom-attacks/ https://medium.com/coinmonks/older-leaks-re-surfaces-lockbit-imitator-on-surface-web-2c85229a3cf7/ https://www.bleepingcomputer.com/news/security/noname-ransomware-gang-deploying-ransomhub-malware-in-recent-attacks/ https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/noname#:~:text=NO%2DNAME%20appears%20unrelated%20to%20another%20group%20with,3.0%20and%20has%20several%20data%20leak%20sites./ https://www.welivesecurity.com/en/eset-research/cosmicbeetle-steps-up-probation-period-ransomhub/
NOSCCAPE	https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-poaching-blackcat-noescape-affiliates/ https://www.bleepingcomputer.com/news/security/meet-noescape-avaddon-ransomware-gangs-likely-successor/#google_vignette
ONEPERCENT	https://cybersecurity-info.com/news/fbi-onepercent-group/
ONYX	https://blogs.blackberry.com/ja/jp/2022/06/yashma-ransomware-tracing-the-chaos-family-tree
PANDORA	https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection/ https://twitter.com/Arkbird_SOLG/status/1503435955306434562 https://www.avertium.com/resources/threat-reports/in-depth-pandora-ransomware https://www.forescout.com/blog/night-sky-a-short-lived-threat-from-a-long-lived-threat-actor/ https://www.sentinelone.com/blog/decrypting-catb-ransomware-analyzing-their-latest-attack-methods/
PAY2KEY	https://www.binarydefense.com/threat_watch/blackshadow-threat-group-breaches-israeli-hosting-firm/
PAYLOAD.BIN	https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.databreaches.net/babuk-re-organizes-as-payload-bin-offers-its-first-leak/
PHOBOS	https://blogs.blackberry.com/ja/jp/2021/11/threat-thursday-phobos-ransomware https://mdba.info/ransomware/2020/10/02/%E3%80%8C-isos%E3%80%8D%E6%8B%A1%E5%BC%B5%E5%AD%90%E3%81%AB%E6%9A%97%E5%8F%B7%E5%8C%96%E3%81%99%E3%82%8Bphobos%E3%83%A9%E3%83%B3%E3%82%B5%E3%83%A0%E3%82%A6%E3%82%A7%E3%82%A2/ https://mdba.info/ransomware/2022/03/20/%E3%80%8C-dike%E3%80%8D%E3%80%8C-zozl%E3%80%8D%E6%8B%A1%E5%BC%B5%E5%AD%90%E3%81%AB%E6%9A%97%E5%8F%B7%E5%8C%96%E3%81%99%E3%82%8Bphobos%E3%83%A9%E3%83%B3%E3%82%B5%E3%83%A0%E3%82%A6%E3%82%A7%E3%82%A2-202/ https://www.enigmasoftware.jp/lizardphobosransomware-sakujo/ https://www.enigmasoftware.jp/steelransomware-sakujo/
PHOENIX LOCKER	https://iototsecnews.jp/2022/06/02/evil-corp-switches-to-lockbit-ransomware-to-evade-sanctions/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
PLAY	https://dailydarkweb.net/play-ransomware-and-lockbit-allegedly-created-an-alliance/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html https://socradar.io/dark-peep-16-play-ransomware-lockbits-alliance-breachforums-leak-and-cyberniggers-revival/ https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/ https://www.group-ib.com/blog/shadowsyndicate-raas/ https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://www.trendmicro.com/ja_jp/research/22/i/play-ransomware-s-attack-playbook-unmasks-it-as-another-hive-aff.html https://www.trendmicro.com/ja_jp/research/24/g/new-play-ransomware-linux-variant-targets-esxi-shows-ties-with-p.html
POLYVICE	https://cyware.com/news/vice-society-adds-custom-branded-payload-polyvice-to-its-arsenal-a335bbe1 https://securityaffairs.co/139924/cyber-crime/vice-society-ransomware-custom-locker.html
PROLOCK	https://www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/qakbot https://www.bleepingcomputer.com/news/security/prolock-ransomware-teams-up-with-qakbot-trojan-for-network-access/ https://www.cisa.gov/sites/default/files/2023-02/202010221030_qakbot_tlpwhite.pdf https://www.intrinsec.com/egregor-prolock/ https://www.trendmicro.com/ja_jp/research/21/k/QAKBOT-new-attack-technique.html
PROMETHEUS	https://medium.com/s2wblog/prometheus-x-spook-prometheus-ransomware-rebranded-spook-ransomware-6f93bd8ab5dd https://www.cybereason.co.jp/blog/ransomware/6559/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
PUTIN TEAM	https://blog.cyble.com/2022/12/22/new-ransomware-strains-emerging-from-leaked-contis-source-code/
PWNDLOCKER	https://malpedia.caad.fkie.fraunhofer.de/details/win.pwndlocker https://www.bleepingcomputer.com/news/security/new-pwndlocker-ransomware-targeting-us-cities-enterprises/ https://www.bleepingcomputer.com/news/security/pwndlocker-fixes-crypto-bug-rebrands-as-prolock-ransomware/ https://www.trendmicro.com/ja_jp/research/21/k/QAKBOT-new-attack-technique.html
PYSA / MESPINOZA	https://www.cybereason.co.jp/blog/ransomware/7069/ https://www.cybersecurity-insiders.com/details-of-new-pysa-n-everest-ransomware/ https://www.emsisoft.com/en/blog/38840/ransomware-profile-mespinoza-pysa/
QILIN (AGENDA)	https://securityaffairs.co/wordpress/139811/cyber-crime/agenda-ransomware-rust.html https://twitter.com/alvierid/status/1737763750940151998?s=61&t=cbDfoCunjPFFOy6AuZb1rw https://www.guidepointsecurity.com/blog/grit-ransomware-report-october-2022/ https://www.trendmicro.com/ja_jp/research/22/i/new-golang-ransomware-agenda-customizes-attacks.html
QLOCKER	https://iototsecnews.jp/2022/01/16/a-new-wave-of-qlocker-ransomware-attacks-targets-qnap-nas-devices/ https://www.bleepingcomputer.com/news/security/qlocker-ransomware-returns-to-target-qnap-nas-devices-worldwide/
QUANTUM	https://asec.ahnlab.com/ko/41577/ https://id-ransomware.blogspot.com/2020/08/cbtucyny-ransomware.html https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.bleepingcomputer.com/news/security/quantum-ransomware-attack-disrupts-govt-agency-in-dominican-republic/ https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware https://www.group-ib.com/blog/shadowsyndicate-raas/
QUILONG	https://cybersecuritynews.com/new-qiulong-ransomware-emerges/
RA GROUP	https://riskybiznews.substack.com/p/risky-biz-news-chinas-great-firewall
RABBIT HOLE	https://cybersecuritynews.com/rabbit-hole-ransomware/
RAGNAR LOCKER	https://automaton-media.com/articles/newsjp/20201110-142870/ https://blog.cyble.com/2022/01/20/deep-dive-into-ragnar-locker-ransomware-gang/ https://therecord.media/ragnar-locker-ransomware-site-taken-down-fbi-europol https://www.cybereason.com/blog/threat-analysis-report-ragnar-locker-ransomware-targeting-the-energy-sector https://www.europol.europa.eu/media-press/newsroom/news/ragnar-locker-ransomware-gang-taken-down-international-police-swoop https://www.malwarebytes.com/blog/news/2023/10/ragnar-locker-taken-down
RAGNAROK	https://resources.infosecinstitute.com/topic/malware-analysis-ragnarok-ransomware/ https://therecord.media/ragnarok-ransomware-operation-shuts-down-and-releases-free-decrypter/ https://www.bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/ https://www.fortinet.com/jp/blog/threat-research/ranion-ransomware-quiet-and-persistent-raas
RAMP	https://securityaffairs.co/121985/cyber-crime/groove-gang-fortinet-leaks.html https://www.advintel.io/post/groove-vs-babuk-groove-ransom-manifesto-ramp-underground-platform-secret-inner-workings
RANION	https://www.digitalshadows.com/blog-and-research/ransomware-franchising-how-do-groups-get-started/ https://www.fortinet.com/jp/blog/threat-research/ranion-ransomware-quiet-and-persistent-raas
RANSOM CARTEL	https://www.bleepingcomputer.com/news/security/ransom-cartel-linked-to-notorious-revil-ransomware-operation/
RANSOM CORP	https://twitter.com/AlvieriD/status/1724269503633056240 https://twitter.com/EquationCorp/status/1724592227978985836 https://twitter.com/FalconFeedsio/status/1697879943911518363 https://twitter.com/signorina37H/status/1724314318856941729
RANSOMED.VC	https://socradar.io/on-the-horizon-ransomed-vc-ransomware-group-spotted-in-the-wild https://twitter.com/AlvieriD/status/1724269503633056240 https://twitter.com/EquationCorp/status/1724592227978985836 https://twitter.com/FalconFeedsio/status/1697879943911518363 https://twitter.com/karol_paciorek/status/1734590357260673170 https://twitter.com/signorina37H/status/1724314318856941729 https://www.zerofox.com/blog/ransomed-vc-sunsets-operations-auctions-off-infrastructure/
RANSOMEXX	https://therecord.media/ibm-ransomexx-becomes-latest-ransomware-group-to-create-rust-variant/ https://www.cybereason.co.jp/blog/ransomware/5795/ https://www.cybereason.com/blog/cybereason-vs.-ransomexx-ransomware https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
RANSOMHOUSE	https://blog.scilabs.mx/en/threat-profile-ransomhouse/ https://blogs.vmware.com/security/2023/06/8base-ransomware-a-heavy-hitting-player.html https://cyberint.com/blog/research/ransomhouse/ https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ https://www.malwarebytes.com/blog/news/2022/05/threat-profile-ransomhouse-makes-extortion-work-without-ransomware https://www.scmagazine.com/brief/risk-management/novel-ransomhouse-cybercrime-operation-detailed https://www.shadowstackre.com/analysis/ransomhouse https://www.the420.in/ransomware-attack-on-pharma-company-aarti-drugs/
RANSOMHUB	https://cybersecsentinel.com/ransomhub-affiliate-noname-group-launches-scransom-attacks/ https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomhub-knight-ransomware https://thehackernews.com/2024/06/rebranded-knight-ransomware-targeting.html https://unit42.paloaltonetworks.com/threat-actor-groups-tracked-by-palo-alto-networks-unit-42/ https://www.aha.org/system/files/media/file/2024/10/hc3%20tlp%20clear%20threat%20actor%20profile%20scattered%20spider-10-24-2024.pdf https://www.bleepingcomputer.com/news/security/noname-ransomware-gang-deploying-ransomhub-malware-in-recent-attacks/ https://www.cyberdaily.au/security/10272-the-rise-of-ransomhub-uncovering-a-new-ransomware-as-a-service-operation https://www.welivesecurity.com/en/eset-research/cosmicbeetle-steps-up-probation-period-ransomhub/
RANSOMWARE BLOG	https://www.kelacyber.com/wp-content/uploads/2022/11/KELA-RESEARCH_Ransomware-Victims-and-Network-Access-Sales-in-Q3-2022-JA.pdf
RANZY	https://blog.qualys.com/vulnerabilities-threat-research/2021/12/09/ransomware-ranzy-locker
REDALERT (N13V)	https://socradar.io/redalert-ransomware-targets-windows-and-linux-mware-esxi-servers/ https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/
REDRANSOMEWARE GROUP (RED CRYPTOAPP)	https://netenrich.com/blog/red-cryptoapp-ransomware-new-threat-group https://www.hackread.com/red-ransomware-group-red-cryptoapp-wall-of-shame/?web_view=true#google_vignette
RELIC	https://angle.ankura.com/post/102i1mb/relic-project-a-new-threat-group-or-rebranded-ransomware
REVIL (SODINOKIBI)	https://blogs.mcafee.jp/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-the-all-stars https://krebsonsecurity.com/2019/07/is-revil-the-new-gandcrab-ransomware/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/qakbot https://www.bleepingcomputer.com/news/security/ransom-cartel-linked-to-notorious-revil-ransomware-operation/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/ https://www.flashpoint.io/blog/darkside-ransomware-links-to-revil-difficult-to-dismiss/ https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://www.trendmicro.com/ja_jp/research/21/k/QAKBOT-new-attack-technique.html https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackcat
RHYSIDA	https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/ https://socradar.io/threat-profile-rhysida-ransomware/ https://thehackernews.com/2023/08/new-report-exposes-vice-societys.html
ROBBINHOOD	https://www.sompocybersecurity.com/column/column/a72
ROOK	https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering/blob/main/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit.md https://twitter.com/Arkbird_SOLG/status/1503435955306434562 https://twitter.com/vinopaljiri/status/1480059715392622597 https://www.avertium.com/resources/threat-reports/in-depth-pandora-ransomware https://www.forescout.com/blog/night-sky-a-short-lived-threat-from-a-long-lived-threat-actor/ https://www.prsol.cc/ja/post-2773/
ROYAL	https://blog.bushidotoken.net/2022/11/the-continuity-of-conti.html https://blog.cyble.com/2023/05/12/blacksuit-ransomware-strikes-windows-and-linux-users/ https://heimdalsecurity.com/blog/royal-ransomware-operation-amplifying-in-multi-million-dollar-attacks/ https://socradar.io/dark-web-profile-blacksuit-ransomware/ https://www.axios.com/2023/05/09/royal-ransomware-us-cities-cybersecurity-hacking https://www.bleepingcomputer.com/news/security/new-royal-ransomware-emerges-in-multi-million-dollar-attacks/ https://www.bleepingcomputer.com/news/security/researchers-link-3am-ransomware-to-conti-royal-cybercrime-gangs/ https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a https://www.cybereason.com/blog/royal-ransomware-analysis https://www.group-ib.com/blog/shadowsyndicate-raas/ https://www.scmagazine.com/brief/ransomware/royal-ransomware-tied-to-conti-gang https://www.trellix.com/en-us/about/newsroom/stories/research/a-royal-analysis-of-royal-ransom.html https://www.trendmicro.com/en_us/research/23/e/investigating-blacksuit-ransomwares-similarities-to-royal.html
RTM	https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/
RYUK	https://www.cybereason.co.jp/blog/ransomware/5607/ https://www.group-ib.com/blog/shadowsyndicate-raas/ https://www.trendmicro.com/ja_jp/what-is/ransomware/ryuk-ransomware.html
SAMSAM	https://cyble.com/blog/cerber2021-ransomware-back-in-action/ https://www.justice.gov/opa/pr/two-iranian-men-indicted-deploying-ransomware-extort-hospitals-municipalities-and-public:
SCARECROW	https://blog.cyble.com/2022/12/22/new-ransomware-strains-emerging-from-leaked-contis-source-code/
SCHOOLBOYS	https://www.bleepingcomputer.com/news/security/tommyleaks-and-schoolboys-two-sides-of-the-same-ransomware-gang/
SEKHMET	https://news.sophos.com/ja-jp/2020/12/15/egregor-ransomware-mazes-heir-apparent-jp/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
SHAOLEAKS	https://www.guidepointsecurity.com/blog/grit-ransomware-report-october-2022/
SIEGEDSEC	https://socradar.io/the-five-families-hacker-collaboration-redefining-the-game/ https://twitter.com/karol_paciorek/status/1734590357260673170 https://www.sompocybersecurity.com/column/column/hacker-group-launches-ghostlocker-raas
SILENT RANSOM GROUP	https://cyware.com/news/ransomware-gangs-use-callback-phishing-method-to-target-corporate-networks-ce1b0069 https://www.bleepingcomputer.com/news/security/ransomware-gangs-move-to-callback-social-engineering-attacks/
SLUG	https://twitter.com/Threatlabz/status/1747729463855751179
SNAPMC	https://www.bleepingcomputer.com/news/security/bianlian-ransomware-gang-shifts-focus-to-pure-data-extortion/ https://www.bleepingcomputer.com/news/security/snapmc-hackers-skip-file-encryption-and-just-steal-your-files/ https://www.nccgroup.com/jp/snapmc-the-non-ransomware-blackmail-attack/
SNATCH	https://thedfirreport.com/2020/06/21/snatch-ransomware/ https://www.picussecurity.com/resource/snatch-ransomware-gang
SOLIDBIT	https://medium.com/s2wblog/two-copycats-of-lockbit-ransomware-solidbit-and-crypton-7257fb069b16
SPARTA	https://ke-la.com/wp-content/uploads/2022/11/KELA-RESEARCH_Ransomware-Victims-and-Network-Access-Sales-in-Q3-2022-JA.pdf
SPARTACUS	https://cyble.com/blog/cerber2021-ransomware-back-in-action/ https://www.malwarebytes.com/blog/news/2018/04/spartacus-introduction-unsophisticated-ransomware
SPOOK	https://medium.com/s2wblog/prometheus-x-spook-prometheus-ransomware-rebranded-spook-ransomware-6f93bd8ab5dd https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
STEEL	https://www.enigmasoftware.jp/steelransomware-sakujo/
STORMOUS	https://cdn.www.gob.pe/uploads/document/file/3290929/Alerta%20integrada%20de%20seguridad%20digital%20N%C2%B0%20168-2022-CNSD.pdf.pdf https://securelist.com/new-ransomware-trends-in-2022/106457/ https://socradar.io/on-the-horizon-ransomed-vc-ransomware-group-spotted-in-the-wild/ https://socradar.io/the-five-families-hacker-collaboration-redefining-the-game/ https://socradar.io/who-is-stormous-ransomware-group/ https://thehackernews.com/2024/03/alert-ghostsec-and-stormous-launch.html https://www.sompocybersecurity.com/column/column/hacker-group-launches-ghostlocker-raas
SUGAR	https://defpr.com/sugar-ransomware/
SUNCRYPT	https://analyst1.com/ransomware-diaries-volume-1/ https://minerva-labs.com/blog/suncrypt-ransomware-gains-new-abilities-in-2022/ https://www.bleepingcomputer.com/news/security/suncrypt-ransomware-is-still-alive-and-kicking-in-2022/
SYNACK	https://www.bleepingcomputer.com/news/security/synack-ransomware-releases-decryption-keys-after-el-cometa-rebrand/
SZ40	https://www.cybereason.com/blog/research/cybereason-vs.-lorenz-ransomware
ShadowSyndicate	https://www.group-ib.com/blog/shadowsyndicate-raas/
THANOS	http://maruyama-mitsuhiko.cocolog-nifty.com/security/2022/05/post-ea8ab8.html https://www.secureworld.io/industry-news/venezuelan-doctor-jigsaw-thanos-ransomware
THREEAM (3AM)	https://www.bleepingcomputer.com/news/security/researchers-link-3am-ransomware-to-conti-royal-cybercrime-gangs/
THUNDER X	https://blog.qualys.com/vulnerabilities-threat-research/2021/12/09/ransomware-ranzy-locker
TOMMYLEAKS	https://www.bleepingcomputer.com/news/security/tommyleaks-and-schoolboys-two-sides-of-the-same-ransomware-gang/
TRIGONA	https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html https://therecord.media/trigona-ransomware-group-website-takedown-ukrainian-cyber-alliance https://unit42.paloaltonetworks.jp/trigona-ransomware-update/
TRISEC	https://www.clipeusintelligence.com/post/trisec-a-new-ransomware-actor/
UNDERGROUND	https://securityscorecard.com/research/a-technical-analysis-of-the-underground-ransomware-deployed-by-storm-0978/ https://www.fortiguard.com/threat-signal-report/5215/underground-team-ransomware https://www.privacyaffairs.com/underground-ransomware-actor-breaches-11-targets/
VASA LOCKER (BABY)	https://cyberint.com/blog/research/babuk-locker/ https://www.trendmicro.com/en_us/research/21/b/new-in-ransomware.html
VICE SOCIETY	https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/ https://securityaffairs.co/wordpress/139924/cyber-crime/vice-society-ransomware-custom-locker.html https://socradar.io/threat-profile-rhysida-ransomware/ https://therecord.media/microsoft-ties-vice-society-hackers-to-additional-ransomware-strains/ https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/
VSOP	https://blog.cyble.com/2022/08/10/onyx-ransomware-renames-its-leak-site-to-vsop/
WASTEDLOCKER	https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
WEREWOLVES	https://twitter.com/alvierid/status/1737763750940151998?s=61&t=cbDfoCunjPFFOy6AuZb1rw https://www.malwarebytes.com/blog/threat-intelligence/2024/01/ransomware-review-january-2024
WHITERABBIT	https://howtofix.guide/white-rabbit-ransomware/ https://securityaffairs.com/155893/cyber-crime/bianlian-white-rabbit-mario-ransomware-joint-campaign.html https://twitter.com/malwrhunterteam/status/1560327142621208577 https://www.crn.com.au/news/amd-claims-potential-attack-from-ransomhouse-gang-582029
X001XS	https://www.insicurezzadigitale.com/en/nuovo-leak-site-nuovo-gruppo-ransomware-ex-rook/
XING TEAM	https://id-ransomware.blogspot.com/2020/08/cbtucyny-ransomware.html https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://twitter.com/darktracer_int/status/1433694601076822016 https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.tetradefense.com/wp-content/uploads/2021/06/ThreatIntel_May_RoundUp_Compressed.pdf https://www.trendmicro.com/en_us/research/21/j/ransomware-operators-found-using-new-franchise-business-model.html
YANLUOWANG	https://iototsecnews.jp/2022/09/01/infra-used-in-cisco-hack-also-targeted-workforce-management-solution/ https://www.trellix.com/en-gb/about/newsroom/stories/research/yanluowang-ransomware-leaks-analysis.html
YASHMA	https://blogs.blackberry.com/ja/jp/2022/06/yashma-ransomware-tracing-the-chaos-family-tree https://medium.com/s2wblog/two-copycats-of-lockbit-ransomware-solidbit-and-crypton-7257fb069b16 https://www.sentinelone.com/blog/deathgrip-raas-small-time-threat-actors-aim-high-with-lockbit-yashma-builders/
ZEON	https://exchange.xforce.ibmcloud.com/malware-analysis/guid:c0a25a3d60116cf5142da3303876ce16 https://www.sentinelone.com/blog/from-the-front-lines-3-new-and-emerging-ransomware-threats-striking-businesses-in-2022/
ZEPPELIN	https://blogs.blackberry.com/en/2019/12/zeppelin-russian-ransomware-targets-high-profile-users-in-the-us-and-europe https://www.cyfirma.com/news/weekly-intelligence-report-04-oct-2024/ https://www.picussecurity.com/resource/zeppelin-ransomware-analysis-simulation-and-mitigation https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/
2023LOCK	https://cyble.com/blog/in-the-shadow-of-venus-trinity-ransomwares-covert-ties/
ARGONAUTS	https://www.cyjax.com/resources/blog/new-argonauts-extortion-group-emerges/ https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/argonauts-group
AZZASEC	https://www.emanueledelucia.net/unveiling-azzasec-ransomware-technical-insights-into-the-groups-locker/ https://www.sentinelone.com/labs/cybervolk-a-deep-dive-into-the-hacktivists-tools-and-ransomware-fueling-pro-russian-cyber-attacks/ https://x.com/MonThreat/status/1808200990035783841
BLING LIBRA	https://unit42.paloaltonetworks.com/shinyhunters-ransomware-extortion/
BLUEBOX	https://www.cyjax.com/resources/blog/phreak-out-new-bluebox-extortion-group-dls-emerges/
BRAINCIPHER	https://www.group-ib.com/blog/brain-cipher-ransomware/ https://www.sentinelone.com/anthology/brain-cipher/
CHORT	https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/chort
CICADA3301	https://www.truesec.com/hub/blog/dissecting-the-cicada
CRYPT GHOULS	https://securelist.com/crypt-ghouls-hacktivists-tools-overlap-analysis/114217/
CYBERVOLK	https://www.sentinelone.com/labs/cybervolk-a-deep-dive-into-the-hacktivists-tools-and-ransomware-fueling-pro-russian-cyber-attacks/
DEATHGRIP	https://www.sentinelone.com/blog/deathgrip-raas-small-time-threat-actors-aim-high-with-lockbit-yashma-builders/
ESTATE	https://www.group-ib.com/blog/brain-cipher-ransomware/ https://www.group-ib.com/blog/estate-ransomware/
FOG	https://areteir.com/article/malware-spotlight-fog-ransomware-technical-analysis/
FUNKSEC	https://www.cyjax.com/resources/blog/take-me-down-to-funksec-town-funksec-ransomware-dls-emergence/
HELLCAT	https://blog.sekoia.io/helldown-ransomware-an-overview-of-this-emerging-threat/ https://cyberpress.org/hackers-claim-massive-breach-of-arrotex-pharma-pus-gmbh/ https://x.com/Ransom_DB/status/1857380735268667561
HELLDOWN	https://blog.sekoia.io/helldown-ransomware-an-overview-of-this-emerging-threat/#h-connection-with-the-ransomware-ecosystem https://detect.fyi/helldown-donex-darktrace-ransomware-fd8683b7d135 https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/helldown
INTERLOCK	https://www.fortinet.com/blog/threat-research/ransomware-roundup-interlock
JUMPY PISCES	https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/ https://unit42.paloaltonetworks.jp/threat-actor-groups-tracked-by-palo-alto-networks-unit-42 https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-187a https://www.threatdown.com/blog/north-korean-apt-targets-us-healthcare-sector-with-maui-ransomware/
KAIROS	https://www.cyjax.com/resources/blog/an-elephant-in-kairos-data-leak-site-emerges-for-new-extortion-group/
KEY GROUP	https://jp.broadcom.com/support/security-center/protection-bulletin/key-group-targeting-russian-users-with-evolving-ransomware https://securelist.com/key-group-ransomware-samples-and-telegram-schemes/114025/ https://www.sonicwall.com/blog/key-group-russian-ransomware-gang-uses-extensive-multi-purpose-telegram-channel
KILLSEC3.0	https://databreaches.net/2024/12/08/is-killsec3-trying-to-extort-victims-using-publicly-leaked-data/ https://thecyberexpress.com/killsec-launches-raas-program/ https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/kill-security
LYNX	https://unit42.paloaltonetworks.com/inc-ransomware-rebrand-to-lynx/
MAD LIBERATOR	https://news.sophos.com/en-us/2024/08/13/dont-get-mad-get-wise/ https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/mad-liberator
MEGAZORD	https://www.cynet.com/blog/megazord-ransomware-technical-analysis-and-preventions/ https://www.sentinelone.com/anthology/megazord/
MORPHEUS	https://cyberpress.org/hackers-claim-massive-breach-of-arrotex-pharma-pus-gmbh/ https://www.cyjax.com/resources/blog/the-great-morpheus-new-extortion-group-dls-emerges/
NITROGEN	https://www.esentire.com/blog/nitrogen-campaign-2-0-reloads-with-enhanced-capabilities-leading-to-alphv-blackcat-ransomware https://www.ransomlook.io/group/nitrogen
NULLBULGE	https://codebook.machinarecord.com/threatreport/34066/ https://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/
ORCA	https://www.cyfirma.com/news/weekly-intelligence-report-04-oct-2024/
PLAYBOY	https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/playboy https://x.com/DarkWebInformer/status/1850927341867831478
PRYX	https://www.cyjax.com/resources/blog/data-leak-site-emergence-continues-to-increase/
RANSOMCORTEX	https://www.halcyon.ai/attacks/ransomcortex-ransomware-hits-painpro-clinics-exposes-patient-data https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/ransomcortex
REBORN	https://www.group-ib.com/blog/brain-cipher-ransomware/
SAFEPAY	https://www.huntress.com/blog/its-not-safe-to-pay-safepay
SARCOMA	https://www.cyfirma.com/news/weekly-intelligence-report-01-nov-2024/ https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/sarcoma
SCRANSOM	https://www.welivesecurity.com/en/eset-research/cosmicbeetle-steps-up-probation-period-ransomhub/
SEXI	https://securelist.com/sexi-key-group-mallox-ransomware/113183/ https://www.cyfirma.com/research/tracking-ransomware-july-2024/ https://www.metabaseq.com/threat/babuk-ransomware-behind-the-sexi-campaign/
TERMITE	https://cyble.com/blog/technical-look-at-termite-ransomware-blue-yonder/
TRINITY	https://cyble.com/blog/in-the-shadow-of-venus-trinity-ransomwares-covert-ties/
VALENCIA	https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/valencia
VENUS	https://cyble.com/blog/in-the-shadow-of-venus-trinity-ransomwares-covert-ties/
VOLCANO DEMON	https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/ https://www.sonicwall.com/blog/volcano-demon-group-targets-idealease-inc-using-lukalocker-ransomware
DARKRACE	https://blog.sekoia.io/helldown-ransomware-an-overview-of-this-emerging-threat/#h-connection-with-the-ransomware-ecosystem https://cyble.com/blog/unmasking-the-darkrace-ransomware-gang/ https://detect.fyi/helldown-donex-darktrace-ransomware-fd8683b7d135
DONEX	https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/ https://detect.fyi/helldown-donex-darktrace-ransomware-fd8683b7d135
EL DORADO	https://socradar.io/dark-web-profile-eldorado-ransomware/ https://www.cyfirma.com/research/tracking-ransomware-june-2024/ https://www.group-ib.com/blog/eldorado-ransomware/
INC RANSOM	https://unit42.paloaltonetworks.com/inc-ransomware-rebrand-to-lynx/
MALLOX	https://www.bleepingcomputer.com/news/security/new-mallox-ransomware-linux-variant-based-on-leaked-kryptina-code/ https://www.sentinelone.com/labs/kryptina-raas-from-unsellable-cast-off-to-enterprise-ransomware/
MEDUSALOCKER	https://blog.talosintelligence.com/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/ https://cybercx.com.au/cyber-adviser/cyber-adviser-march/ https://unit42.paloaltonetworks.jp/medusa-ransomware-escalation-new-leak-site/
QILIN	https://www.aha.org/system/files/media/file/2024/10/hc3%20tlp%20clear%20threat%20actor%20profile%20scattered%20spider-10-24-2024.pdf
SENSAYQ	https://www.group-ib.com/blog/brain-cipher-ransomware/

MBSD Cyber Intelligence Group (CIG)
吉川孝志

Download

暴露型ランサムウェア攻撃統計
CIGマンスリーレポート
2025年2月号

最新情報

ランサムウェア／攻撃グループの変遷と繋がり (Rev.2) 【更新: 2025年2月14日】

Most Read

Download

キーワードで探す

テーマで探す

筆者で探す

シリーズで探す