Trigona
Trigona was a double extortion ransomware group active between 2022 and 2023, specialising in encrypting Windows and VMware ESXi infrastructure....
BlackNevas
BlackNevas (alias Trial Recovery) is a Trigona derivative active since September 2024. Operates under double extortion with 6+ leak partners,...
Akira
Akira is a ransomware-as-a-service operation active since 2023, specialized in Windows, Linux, VMware ESXi, Hyper-V, and Nutanix AHV environments. It...
DragonForce
DragonForce is a highly organized ransomware group operating a Ransomware-as-a-Service (RaaS) model. It employs advanced intrusion and persistence tactics, focusing...
Qilin
Qilin is a ransomware-as-a-service (RaaS) group that emerged in late 2022. Initially known as Agenda, it rebranded to Qilin and...
TheGentleman
TheGentleman is a sophisticated and persistent threat actor, operational since late 2022, employing a Ransomware-as-a-Service (RaaS) model. The group is...