latest = version 26 (March 2024)
Visual map of our tracking of most ransomware groups
Released as part of our research paper on cyber extorsion: Cy-Xplorer 2023 report, available at https://www.orangecyberdefense.com/global/white-papers/cy-xplorer-2023
Hope this helps!
World Watch - Global CERT - Orange Cyberdefense
All rights reserved.
Disclaimer:
This graph does not aim at being exhaustive. Its goal is to showcase relationships between relevant ransomware operations and does not purposely list all existing ransomware groups since 2015. Names of strains and associated threat actors were chosen arbitrarily by us among the most popular alias used among the cybersecurity community. It does not mean we endorse the vendor that created the alias.
As a reminder, it is extremely complex to assert relationship and attribution when looking at the cybercrime ecosystem: threat actors are extremely volatile and connected between each other, making effective collaborations hard to define and track over time. In addition to our internal resources (monitoring, reverse engineering, Incident Response engagements related to most of these prominent groups), this mapping makes use of numerous public and private reports from incident responders, malware analysts, CTI researchers,… We paid attention to carefully select, corroborate and fact-check such intelligence with trusted and well recognized sources, but may have still made small mistakes or debatable associations.
Don’t hesitate to send us your feedback if any.
Changelog:
Edit: 3am
Edit: 8Base
Edit: BlackCat
Edit: BlogXX
Edit: Cactus
Edit: Cylance
Edit: Dark Angels
Edit: Knight
Edit: LockBit 3.0
Edit: Phobos
Edit: Radar
Edit: RagnarLocker
Edit: Rhysida
Edit: Trigona
New addition: BackMyData
New addition: BlackBerserk
New addition: BlackHunt
New addition: BlackOut
New addition: BlackShadow
New addition: BlueLocker
New addition: Ciphbit
New addition: Hunters International
New addition: Kasseika
New addition: Kuiper
New addition: Lambda
New addition: LockBit 4.0
New addition: LostTrust
New addition: MetaEncryptor
New addition: MyData
New addition: Proton
New addition: Proxima
New addition: RobbinHood
New addition: SugarLocker
New addition: Synapse
New addition: Trisec
New addition: Donex
Edit: Ako
Edit: Cheers
Edit: Cinnamon Tempest
Edit: Cl0p
Edit: DagonLocker
Edit: DoppelPaymer
Edit: Globe
Edit: GlobeImposter
Edit: Graceful Spider
Edit: Rook
Edit: Scarab
Edit: TommyLeaks
Edit: Vice Society
Edit: Vurten
New addition: 3AM
New addition: AstraLocker
New addition: ARCrypter
New addition: Bidon
New addition: Cloak
New addition: CryptWall
New addition: Dungeon Dragon
New addition: Feral Spider
New addition: FreeWorld
New addition: Frozen Spider
New addition: Good Day
New addition: Hound Spider
New addition: INC
New addition: Key Group
New addition: Masked Spider
New addition: Megazord
New addition: Punk Spider
New addition: Quantum Spider
New addition: Vice Spider
New addition: Zeon
Edit: 8Base
Edit: BlackSuit
Edit: Cuba
Edit: FIN8
Edit: Industrial Spy
New addition: ARCrypter
New addition: BigHead
New addition: Brain Spider
New addition: CryptNet
New addition: Everbe
New addition: Everbe 2.0
New addition: Everest
New addition: Knight
New addition: Mangled Spider
New addition: Poop69
New addition: Radar
New addition: Storm-0506
New addition: Storm-0970
New addition: Storm-0978
New addition: Storm-1339
New addition: Venus
New addition: Zeoticus
New addition: Zeoticus 2.0
Edit: BlogXX
Edit: Mallox
Edit: Mountlocker
Edit: Rorschach
New addition: 8Base
New addition: BlackSuit
New addition: Cyclops
New addition: Darkrace
New addition: El Cometa
New addition: Industrial Spy
New addition: MalasLocker
New addition: NoEscape
New addition: Obsidian ORB
New addition: Rhysida
New addition: SamSam (Boss Spider)
New addition: Synack
New addition: Underground Team
New addition: Wannacry (Lazarus)
New addition: Xollam
(many changes...)