Ransomware Ransomware Jak útočí Klany Techniky Obrana Popisky Anti-Ramson Tool Rescue plan Anti-ransomware vaccine Prevence Video Vývoj 2021 2020 2019 2018 0 1 2
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 7.11.25 | BLATANTLY MALICIOUS | Ransomvibing appears in VS Code extensions | RANSOMWARE | RANSOMWARE |
| 2.11.25 | Agenda Ransomware | Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques | RANSOMWARE | RANSOMWARE |
| 28.10.25 | Qilin Ransomware | Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack | RANSOMWARE | RANSOMWARE |
| 25.10.25 | Warlock Ransomware | The China-based actor behind the Warlock ransomware may not be a new player and has links to malicious activity dating as far back as 2019. | RANSOMWARE | RANSOMWARE |
| 25.10.25 | LockBit Returns | Key Takeaways LockBit is back. After being disrupted in early 2024, the ransomware group has ... | RANSOMWARE | RANSOMWARE |
| 25.10.25 | Pass-as-a-Service | “Premier Pass-as-a-Service” describes the emerging trend of advanced collaboration tactics between multiple China-aligned APT groups, notably Earth Estries and Earth Naga, that are making modern cyberespionage campaigns even more complex. | RANSOMWARE | RANSOMWARE |
| 25.10.25 | Agenda Ransomware | Trend™ Research identified a sophisticated Agenda ransomware attack that deployed a Linux variant on Windows systems. This cross-platform execution can make detection challenging for enterprises. | RANSOMWARE | RANSOMWARE |
| 25.10.25 | LockBit 5.0 | LockBit ransomware is one of the most active and notorious ransomware-as-a-service (RaaS) operations, first appearing in 2019 and having evolved through versions that we have analyzed and written about here and here. | RANSOMWARE | RANSOMWARE |
|
5.10.25 |
Block ransomware | Block ransomware proliferation and easily restore files with AI in Google Drive | RANSOMWARE | RANSOMWARE |
| 4.10.25 | YUREI RANSOMWARE | EXECUTIVE SUMMARY At CYFIRMA, we are committed to delivering timely insights into emerging cyber threats and the evolving tactics of cybercriminals targeting individuals and | RANSOMWARE | RANSOMWARE |
| 12.9.25 | HybridPetya | Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass | RANSOMWARE | RANSOMWARE |
| 25.7.25 | AA25 203A StopRansomware Interlock | Prevent initial access by implementing domain name system (DNS) filtering and web access firewalls, and training users to spot social engineering attempts. | RANSOMWARE | RANSOMWARE |
| 22.7.25 | Crux | Getting to the Crux (Ransomware) of the Matter | RANSOMWARE | RANSOMWARE |
| 22.7.25 | KAWA4096 | KAWA4096’s Ransomware Tide: Rising Threat With Borrowed Styles | RANSOMWARE | RANSOMWARE |
| 23.6.25 | Anubis | Anubis: A New Ransomware Threat | RANSOMWARE | RANSOMWARE |
| 8.6.25 | StopRansomware: Play Ransomware update | The advisory was updated to reflect new TTPs employed by Play ransomware group, as well as provide current IOCs/remove outdated IOCs for effective threat hunting | RANSOMWARE | RANSOMWARE |
| 29.5.25 | DragonForce | DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers | RANSOMWARE | RANSOMWARE |
| 27.4.25 | DragonForce | Ransomware Groups Evolve Affiliate Models | RANSOMWARE | RANSOMWARE |
| 21.4.25 | Interlock ransomware | Interlock is a ransomware intrusion set first observed in September 2024 that conducts Big Game Hunting and double extortion campaigns. | RANSOMWARE | RANSOMWARE |
|
29.3.25 |
Blacklock Ransomware: A Late Holiday Gift with Intrusion into the Threat Actor's Infrastructure |
RANSOMWARE |
||
|
24.3.25 |
VanHelsing RaaS Launch | VanHelsingRaaS is a new and rapidly growing ransomware-as-a-service (RaaS) affiliate program launched on March 7, 2025. The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit. | RANSOMWARE | RaaS |
|
20.3.25 |
Black Basta Ransomware | Analysis of Black Basta Ransomware Chat Leaks | RANSOMWARE | ANALYSIS |
|
16.3.25 |
Decrypting Encrypted files from Akira Ransomware | Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs | RANSOMWARE | ENCRYPTED |
|
16.3.25 |
SuperBlack | New Ransomware Operator Exploits Fortinet Vulnerability Duo | RANSOMWARE | RANSOMWARE |
| 7.3.25 | Medusa ransomware | The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks witnessing a 42% increase between 2023 and 2024. | RANSOMWARE | RANSOMWARE |
| 26.2.25 | Black Basta Ransomware Playbook | Defense Lessons From the Black Basta Ransomware Playbook | RANSOMWARE | RANSOMWARE |
| 15.2.25 | RansomHub | RansomHub Never Sleeps Episode 1: The evolution of modern ransomware | RANSOMWARE | RANSOMWARE |
| 25.1.25 | ESXi Ransomware Attacks | ESXi Ransomware Attacks: Stealthy Persistence through SSH Tunneling | RANSOMWARE | RANSOMWARE |
|
19.11.24 |
Helldown Ransomware: an overview of this emerging threat |
RANSOMWARE |
||
|
30.10.24 |
Jumpy Pisces Engages in Play Ransomware | Unit 42 has identified Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People's Army, as a key player in a recent ransomware incident. | RANSOMWARE | RANSOMWARE |
|
28.10.24 | Qilin | New Qilin.B Ransomware Variant Boasts Enhanced Encryption and Defense Evasion | RANSOMWARE | RANSOMWARE |
|
27.10.24 | Cicada3301 | Encrypted Symphony: Infiltrating the Cicada3301 Ransomware-as-a-Service Group | RANSOMWARE | RANSOMWARE |
|
10.1.25 | FunkSec | FunkSec – Alleged Top Ransomware Group Powered by AI | RANSOMWARE | AI |
8.9.24 | Cicada3301 | Dissecting the Cicada | RANSOMWARE | RANSOMWARE |
5.9.24 | RansomHub Ransomware | #StopRansomware: RansomHub Ransomwa | RANSOMWARE | RANSOMWARE |
5.9.24 | Cicada3301 | Decoding the Puzzle: Cicada3301 Ransomware Threat Analysis | RANSOMWARE | RANSOMWARE |
24.8.24 | Qilin ransomware | Qilin ransomware caught stealing credentials stored in Google Chrome | RANSOMWARE | RANSOMWARE |
15.8.24 | RansomHub | Ransomware attackers introduce new EDR killer to their arsenal | RANSOMWARE | RANSOMWARE |
9.8.24 | StopRansomware BlackSuit (Royal) Ransomware | The advisory was updated to notify network defenders of the rebrand of “Royal” ransomware actors to “BlackSuit.” The update includes new TTPs, IOCs, and detection methods related to BlackSuit ransomware. “Royal” was updated to “BlackSuit” throughout unless referring to legacy Royal activity. Updates and new content are noted. | RANSOMWARE | RANSOMWARE |
15.7.24 | HardBit Ransomware 4.0 | In this Threat Analysis report, Cybereason Security Services investigates HardBit Ransomware version 4.0, a new version observed in the wild. | RANSOMWARE | RANSOMWARE |
8.7.24 | Eldorado | Eldorado Ransomware: The New Golden Empire of Cybercrime? | RANSOM | RANSOM |
| 13.6.24 | Black Basta | Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day | RANSOMWARE | RANSOMWARE |
5.6.24 |
RansomHub: New Ransomware has Origins in Older Knight | RANSOMWARE |
||
24.5.24 | ESXi Ransomware Attacks: Evolution, Impact, and Defense Strategy | Hacking | ||
11.5.24 | StopRansomware: Black Basta | Black Basta affiliates use common initial access techniques—such as phishing and exploiting known vulnerabilities—and then employ a double-extortion model, both encrypting systems and exfiltrating data. | Ransomware | Ransomware |
| 19.4.24 | Akira | Akira is swiftly becoming one of the fastest-growing ransomware families thanks to its use of double extortion tactics, a ransomware-as-a-service (RaaS) distribution model, and unique payment options. | Ransomware | Ransomware |
| 17.4.24 | Cerber | Cerber Ransomware: Dissecting the three heads | Ransomware | Ransomware |
| 15.3.24 | Daixin Team | The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022. Since then, Daixin Team cybercrime actors have caused ransomware incidents at multiple HPH Sector organizations where they have | Ransomware | Ransomware |
| 15.3.24 | Cuba | Cuba ransomware, upon compromise, installs and executes a CobaltStrike beacon as a service on the victim’s network via PowerShell. Once installed, the ransomware downloads two executable files, which include “pones.exe” for password acquisition and “krots.exe,” also known as KPOT, enabling the Cuba ransomware actors to write to the compromised system’s temporary (TMP) file. | Ransomware | Ransomware |
| 15.3.24 | ESXiArgs | The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) in response to the ongoing ransomware campaign, known as “ESXiArgs.” | Ransomware | Ransomware |
| 15.3.24 | Royal | Since September 2022, Royal has targeted over 350 known victims worldwide and ransomware demands have exceeded 275 million USD. Royal conducts data exfiltration and extortion prior to encryption and then publishes victim data to a leak site if a ransom is not paid. Phishing emails are among the most successful vectors for initial access by Royal threat actors. | Ransomware | Ransomware |
| 15.3.24 | LockBit 3.0 | LockBit 3.0, also known as “LockBit Black,” is more modular and evasive than its previous versions and shares similarities with Blackmatter and Blackcat ransomware. LockBit 3.0 is configured upon compilation with many different options that determine the behavior of the ransomware. | Ransomware | |
| 15.3.24 | BianLian | BianLian is a ransomware developer, deployer, and data extortion cybercriminal group. FBI observed BianLian group targeting organizations in multiple U.S. critical infrastructure sectors since June 2022. In Australia, ACSC has observed BianLian group predominately targeting private enterprises, including one critical infrastructure organization. | Ransomware | |
| 15.3.24 | CL0P | Appearing in February 2019, and evolving from the CryptoMix ransomware variant, CL0P was leveraged as a Ransomware as a Service (RaaS) in large-scale spear-phishing campaigns that used a verified and digitally signed binary to bypass system defenses. | Ransomware | Ransomware |
| 15.3.24 | LockBit | In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023. Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. | Ransomware | Ransomware |
| 15.3.24 | Truebot | Previous Truebot malware variants were primarily delivered by cyber threat actors via malicious phishing email attachments; however, newer versions allow cyber threat actors to also gain initial access through exploiting CVE-2022-31199—(a remote code execution vulnerability in the Netwrix Auditor application), enabling deployment of the malware at scale within the compromised environment. | Ransomware | Ransomware |
| 15.3.24 | QakBot | QakBot—also known as Qbot, Quackbot, Pinkslipbot, and TA570—is responsible for thousands of malware infections globally. QakBot has been the precursor to a significant amount of computer intrusions, to include ransomware and the compromise of user accounts within the Financial Sector. | Ransomware | Ransomware |
| 15.3.24 | Snatch | First appearing in 2018, Snatch operates a ransomware-as-a-service (RaaS) model and claimed their first U.S.-based victim in 2019. Originally, the group was referred to as Team Truniger, based on the nickname of a key group member, Truniger, who previously operated as a GandCrab affiliate. Snatch threat actors use a customized ransomware variant notable for rebooting devices into Safe Mode [T1562.009], enabling the ransomware to circumvent detection by antivirus or endpoint protection, and then encrypting files when few services are running. | Ransomware | Ransomware |
| 15.3.24 | AvosLocker | The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known IOCs, TTPs, and detection methods associated with the AvosLocker variant identified through FBI investigations as recently as May 2023. | Ransomware | Ransomware |
| 15.3.24 | Royal | Royal ransomware uses a unique partial encryption approach that allows the threat actor to choose a specific percentage of data in a file to encrypt. | Ransomware | Ransomware |
| 15.3.24 | Rhysida | Threat actors leveraging Rhysida ransomware are known to impact “targets of opportunity,” including victims in the education, healthcare, manufacturing, information technology, and government sectors | Ransomware | Ransomware |
| 15.3.24 | Scattered Spider | Scattered Spider (also known as Starfraud, UNC3944, Scatter Swine, and Muddled Libra) engages in data extortion and several other criminal activities.[1] Scattered Spider threat actors are considered experts in social engineering and use multiple social engineering techniques, especially phishing, push bombing, and subscriber identity module (SIM) swap attacks, to obtain credentials, install remote access tools, and/or bypass multi-factor authentication (MFA). | Ransomware | Ransomware |
| 15.3.24 | BlackCat/ALPHV | This FLASH is part of a series of FBI reports to disseminate known indicators of compromise (IOCs) and tactics, techniques and procedures (TTPs) associated with ransomware variants identified through FBI investigations. A | Ransomware | Ransomware |
| 15.3.24 | Phobos | According to open source reporting, Phobos ransomware is likely connected to numerous variants (including Elking, Eight, Devos, Backmydata, and Faust ransomware) due to similar TTPs observed in Phobos intrusions. | Ransomware | Ransomware |
| 8.3.24 | Jasmin | GoodWill Ransomware? Or Just Another Jasmin Variant? | Ransomware | Ransomware |
| 7.3.24 | Abyss Locker | On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. | Ransomware | Ransomware |
| 7.3.24 | BlackCat (ALPHV) Attack | Explore the thwarted cyber extortion attempt by the BlackCat ransomware group, unraveled by Sygnia’s Incident Response team in mid-2023. | Ransomware | Ransomware |
| 4.3.24 | CACTUS | CACTUS: Analyzing a Coordinated Ransomware Attack on Corporate Networks | Ransomware | Ransomware |
| 25.2.24 | LockBit Attempts to Stay Afloat With a New Version | This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations. | Ransomware | Ransomware |
17.2.24 | Akira Ransomware and Exploitation of Cisco Anyconnect Vulnerability CVE-2020-3259 |
Ransomware | Anti-Tool | |
12.2.24 | Korea Internet & Security Agency (KISA) distribuuje nastroj pro obnovu ransomwaru Rhysida. |
Ransomware | Ransomware | |
30.1.24 |
NONAME | Older Leaks Re-Surfaces: LOCKBIT Imitator on Surface Web | Ransomware | Ransomware |
30.1.24 |
Mimus | Mimo CoinMiner and Mimus Ransomware Installed via Vulnerability Attacks | Ransomware | Ransomware |
30.1.24 |
Kuiper | Kuiper ransomware analysis: Stairwell’s technical report | Ransomware | Ransomware |
30.1.24 |
Kasseika | The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood. | Ransomware | Ransomware |
30.1.24 |
Albabat | On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. | Ransomware | Ransomware |
30.1.24 |
Phobos | Another Phobos Ransomware Variant Launches Attack – FAUST | Ransomware | Ransomware |
29.1.24 |
Kasseika | Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver | Ransomware | Ransomware |
12.1.24 |
Medusa | Medusa Ransomware Turning Your Files into Stone | Ransomware | Ransomware |
10.1.24 |
Babuk | Babuk is a Russian ransomware. In September 2021, the source code leaked with some of the decryption keys. Victims can decrypt their files for free. | Ransomware | Anti-Tool |
24.12.23 |
Dark Power | Dark Power Ransomware: In-Depth Analysis, Detection, and Mitigation | Ransomware | Ransomware |
24.12.23 |
Kanti | Kanti: A NIM-Based Ransomware Unleashed in the Wild | Ransomware | Ransomware |