ransomexx Ransomware — Threat Intelligence Profile

Overview

RansomEXX (also known as Defray777) is operated by a sophisticated threat actor believed to be the SPRITE SPIDER group. Unlike RaaS operations, RansomEXX is a closed group that manually deploys ransomware against high-value targets. They have targeted government agencies, manufacturers, and critical infrastructure globally.

Tactics, Techniques & Procedures

Manual intrusion, hands-on-keyboard attacks, targets large enterprises and governments

Primary Targets

Government, Manufacturing, Critical Infrastructure

Indicators of Compromise

RansomEXX binary (Windows & Linux variants)
Cobalt Strike
Mimikatz

MITRE ATT&CK Techniques

T1486
T1003 OS Credential Dumping
T1021 Remote Services
T1071

Quick Reference

Status	ACTIVE
Type	Big Game Hunting Ransomware
First Seen	2018
Victims Tracked	1

Dark Web Presence

http://rnsm777cdsjrsdlbs4v5qoeppu3px6sb2igmh53jzrx7ipcrbjz5b2ad.onion/

Under Attack?

If you believe ransomexx has targeted your organisation, contact Binary Response immediately.

Emergency Response Dark Web Monitoring →

Related Threat Actors

LockBit Rhysida Akira DragonForce View All →

RansomExx