| topgame |
https://www.ransomlook.io/market/topgame |
offline |
2024-07-20 |
N/A |
No Screenshot Available
|
| toorez |
https://www.ransomlook.io/market/toorez |
offline |
2021-12-31 |
N/A |
No Screenshot Available
|
| againstthewest |
https://www.ransomware.live/group/againstthewest |
offline |
None |
|
No Screenshot Available
|
| blackbasta |
https://www.ransomware.live/group/blackbasta |
online |
None |
|
|
| adminlocker |
https://www.ransomware.live/group/adminlocker |
offline |
None |
|
No Screenshot Available
|
| Abrahams_Ax |
https://www.ransomware.live/group/Abrahams_Ax |
online |
None |
|
|
| swipestore |
https://www.ransomlook.io/market/swipestore |
offline |
2024-08-06 |
N/A |
No Screenshot Available
|
| solaris |
https://www.ransomlook.io/market/solaris |
offline |
2024-11-20 |
N/A |
No Screenshot Available
|
| shadowcarders |
https://www.ransomlook.io/market/shadowcarders |
offline |
2024-11-18 |
N/A |
No Screenshot Available
|
| themajestic |
https://www.ransomlook.io/market/themajestic |
offline |
2023-01-06 |
N/A |
No Screenshot Available
|
| abyss |
https://www.ransomware.live/group/abyss |
online |
None |
|
|
| secretforums |
https://www.ransomlook.io/market/secretforums |
offline |
2024-09-01 |
N/A |
No Screenshot Available
|
| russian market |
https://www.ransomlook.io/market/russian%20market |
offline |
2024-11-20 |
N/A |
No Screenshot Available
|
| rusmarket |
https://www.ransomlook.io/market/rusmarket |
offline |
2022-10-16 |
N/A |
No Screenshot Available
|
| rcclub |
https://www.ransomlook.io/market/rcclub |
offline |
2024-11-20 |
N/A |
No Screenshot Available
|
| bianlian |
https://www.ransomware.live/group/bianlian |
online |
None |
BianLian ransomware operations began in late 2021. The group practices multi-pronged extortion, demanding payment for a decryptor, as well as the non-release of stolen data. The ransomware group hosts a public, TOR-based, blog to post victim identities and stolen data. Somewhat unique to BianLian at the time of their launch was their inclusion of an I2P mirror for their blog. |
|
| ranion |
https://www.ransomlook.io/market/ranion |
offline |
2024-11-20 |
N/A |
No Screenshot Available
|
| prozone |
https://www.ransomlook.io/market/prozone |
offline |
Never |
N/A |
No Screenshot Available
|
| probiv |
https://www.ransomlook.io/market/probiv |
offline |
2024-04-25 |
N/A |
No Screenshot Available
|
| pois0n |
https://www.ransomlook.io/market/pois0n |
offline |
2024-11-20 |
N/A |
No Screenshot Available
|
| akira |
https://www.ransomware.live/group/akira |
online |
None |
The Akira ransomware group is said to have emerged in March 2023, and there's much speculation about its ties to the former CONTI ransomware group.<br> <br> It's worth noting that with the end of CONTI's operation, several affiliates migrated to independent campaigns such as Royal, BlackBasta, and others.<br> <br> According to some reports, Akira affiliates also work with other ransomware operations, such as Snatch and BlackByte, as an open directory of tools used by an Akira operator was identified, which also had connections to the Snatch ransomware.<br> <br> The first version of the Akira ransomware was written in C++ and appended files with the '.akira' extension, creating a ransom note named 'akira_readme.txt,' partially based on the Conti V2 source code. However, on June 29, 2023, a decryptor for this version was reportedly released by Avast.<br> <br> Subsequently, a version was released that fixed the decryption flaw on July 2, 2023. Since then, the new version is said to be written in Rust, this time called 'megazord.exe,' and it changes the extension to '.powerranges' for encrypted files.<br> <br> Most of Akira's initial access vectors use brute-force attempts on Cisco VPN devices (which use single-factor authentication only).<br> Additionally, exploitation of CVEs: CVE-2019-6693 and CVE-2022-40684 for initial access has been identified.<BR>Source: https://github.com/crocodyli/ThreatActors-TTPs |
|
| ozon |
https://www.ransomlook.io/market/ozon |
offline |
2024-11-20 |
N/A |
No Screenshot Available
|
| onlyone |
https://www.ransomlook.io/market/onlyone |
offline |
2024-11-20 |
N/A |
No Screenshot Available
|
| pasaremos |
https://www.ransomlook.io/market/pasaremos |
offline |
2024-11-20 |
N/A |
No Screenshot Available
|
| olymprc |
https://www.ransomlook.io/market/olymprc |
offline |
2024-11-20 |
N/A |
No Screenshot Available
|
| olkpeace |
https://www.ransomlook.io/market/olkpeace |
offline |
2024-11-20 |
N/A |
No Screenshot Available
|
| omnia |
https://www.ransomlook.io/market/omnia |
offline |
2024-11-20 |
N/A |
No Screenshot Available
|
| omgomg! |
https://www.ransomlook.io/market/omgomg! |
offline |
2024-11-20 |
N/A |
No Screenshot Available
|
| oceancc |
https://www.ransomlook.io/market/oceancc |
offline |
2024-07-10 |
N/A |
No Screenshot Available
|
| nvspc |
https://www.ransomlook.io/market/nvspc |
offline |
2024-11-20 |
N/A |
No Screenshot Available
|
| narc polo |
https://www.ransomlook.io/market/narc%20polo |
offline |
2024-11-19 |
N/A |
No Screenshot Available
|
| nova |
https://www.ransomlook.io/market/nova |
offline |
2024-11-20 |
N/A |
No Screenshot Available
|
| monopoly |
https://www.ransomlook.io/market/monopoly |
offline |
2024-11-20 |
N/A |
No Screenshot Available
|
| nohide |
https://www.ransomlook.io/market/nohide |
offline |
2024-11-20 |
N/A |
No Screenshot Available
|
| alphv |
https://www.ransomware.live/group/alphv |
offline |
None |
The operators of the ALPHV/BlackCat ransomware began their activity in December 2021, making posts on Dark Web forums to promote their affiliate program, offering other actors the opportunity to engage in a 'new type of ransomware family' developed from scratch using the Rust programming language.<BR> <BR> Some clear evidence indicates that the actors behind this new ransomware are not new to cybercrime, and there were links to other affiliate programs such as DarkSide, BlackMatter, and REvil. (After several attacks against large companies, these groups faced pressure and arrests, necessitating the termination of their operations).<BR> <BR> As a security measure, the operators of ALPHV implemented the requirement for the execution of the ransomware payload by providing an 'access token,' which is supplied by the owners of the Ransomware-as-a-Service to the affiliate. This token is added to the victim's ransom note so that they can contact the threat actor responsible for encrypting the data.<BR> <BR> ALPHV affiliates employ double and triple extortion techniques, meaning the publication of the company's name on leak sites, threats of data leakage, and lastly, threats of DDoS attacks against the organization.<BR>Source: https://github.com/crocodyli/ThreatActors-TTPs |
No Screenshot Available
|
| mgm grand |
https://www.ransomlook.io/market/mgm%20grand |
offline |
2024-11-20 |
N/A |
No Screenshot Available
|
| 8base |
https://www.ransomware.live/group/8base |
online |
None |
The 8base Ransomware group made its first appearance in early March 2022, remaining somewhat quiet after the attacks. This group operates like other ransomware actors, engaging in double extortion. <BR> However, in mid-May and June 2023, the ransomware operation saw a spike in activity against organizations from various sectors, listing 131 organizations in just 3 months.<BR> The 8base data leak site was created and made available in March 2023, claiming honesty and simplicity in its discourse.<BR> VMware published a report on 8base, drawing some similarities with the ransomware group `RansomHouse`, pointing out resemblances such as the website used by 8base and the ransom notes presented in its attacks.<BR> Interestingly, the 8base Ransomware group does not have its own ransomware developed by the group. Instead, the actors took advantage of other leaked ransomware builders to customize the ransom note and present it to the victim organization as 8base's operation.<BR>Source : https://github.com/crocodyli/ThreatActors-TTPs |
|
| magbo |
https://www.ransomlook.io/market/magbo |
offline |
2024-11-13 |
N/A |
No Screenshot Available
|
| lockdata auction (probably scam site) |
https://www.ransomlook.io/market/lockdata%20auction%20(probably%20scam%20site) |
offline |
2022-04-09 |
N/A |
No Screenshot Available
|
| kraken |
https://www.ransomlook.io/market/kraken |
offline |
2024-11-19 |
N/A |
No Screenshot Available
|
