24 Active Groups

Threat Actor Profiles

In-depth profiles on active ransomware groups — TTPs, targets, IOCs and defence guidance.

← Back to Threat Intelligence

LockBit

ACTIVE

Active Since: 2019

Targets: Enterprise, critical infrastructure

View Full Profile →

LockBit 5.0

ACTIVE

Active Since: 2024

Targets: Enterprise, critical infrastructure

View Full Profile →

Clop

ACTIVE

Active Since: 2019

Targets: Large enterprises, MFT software users

View Full Profile →

BlackCat/ALPHV

DISRUPTED

Active Since: 2021

Targets: Global enterprises, healthcare

View Full Profile →

Play

ACTIVE

Active Since: 2022

Targets: SMBs, municipalities, healthcare

View Full Profile →

BianLian

ACTIVE

Active Since: 2022

Targets: Healthcare, professional services

View Full Profile →

Royal

ACTIVE

Active Since: 2022

Targets: Healthcare, education, critical infra

View Full Profile →

Qilin

ACTIVE

Active Since: 2022

Targets: Healthcare, critical infrastructure

View Full Profile →

Akira

ACTIVE

Active Since: 2023

Targets: SMBs, professional services, education

View Full Profile →

Rhysida

ACTIVE

Active Since: 2023

Targets: Healthcare, education, government

View Full Profile →

Medusa

ACTIVE

Active Since: 2023

Targets: Healthcare, education, government

View Full Profile →

Cactus

ACTIVE

Active Since: 2023

Targets: Manufacturing, technology, finance

View Full Profile →

8Base

ACTIVE

Active Since: 2023

Targets: SMBs, professional services

View Full Profile →

Hunters International

ACTIVE

Active Since: 2023

Targets: Global enterprises

View Full Profile →

INC Ransom

ACTIVE

Active Since: 2023

Targets: Healthcare, education, local govt

View Full Profile →

DragonForce

ACTIVE

Active Since: 2023

Targets: Retail, manufacturing, Asia-Pacific

View Full Profile →

Sarcoma

ACTIVE

Active Since: 2024

Targets: Professional services, manufacturing

View Full Profile →

Underground

ACTIVE

Active Since: 2023

Targets: Windows environments, enterprises

View Full Profile →

Interlock

ACTIVE

Active Since: 2024

Targets: Healthcare, technology, defence

View Full Profile →

RansomExx

ACTIVE

Active Since: 2020

Targets: Government, large enterprises

View Full Profile →

Lynx

ACTIVE

Active Since: 2024

Targets: SMBs, professional services

View Full Profile →

KillSec

ACTIVE

Active Since: 2023

Targets: Healthcare, government, finance

View Full Profile →

ThreeAM

ACTIVE

Active Since: 2023

Targets: SMBs, manufacturing, logistics

View Full Profile →

Vanir Group

ACTIVE

Active Since: 2024

Targets: Financial services, technology

View Full Profile →

Need Proactive Threat Monitoring?

Our dark web monitoring service tracks these groups and alerts you if your organisation appears on a leak site.

Dark Web Monitoring Get Help Now