Ransomware Intelligence
Active ransomware gang campaigns, victim disclosures from leak sites, RaaS affiliate recruitment, and SIGMA detection rules for every known ransomware family targeting enterprise environments.
Ransomware — Archive & Latest
FULCRUMSEC Campaign: Exchange & SmarterMail Exploits Drive Surge in US Tech & Healthcare Sector Attacks
FULCRUMSEC exploits Exchange & SmarterMail flaws to target US Tech/Healthcare. Immediate patching of CVE-2023-21529 & CVE-2025-52691 critical.
FULCRUMSEC Gang: Aggressive US Healthcare & Tech Campaign — SmarterMail & Exchange Exploitation Analysis
FULCRUMSEC posts 15+ new victims targeting US Tech/Healthcare via SmarterMail and Exchange exploits. Immediate detection rules included.
FULCRUMSEC Ransomware: Critical Campaign Targeting US Tech & Healthcare Sectors
FULCRUMSEC claims 15 new victims in 48 hours, heavily targeting US Technology and Healthcare sectors via Exchange and SmarterMail vulnerabilities.
FULCRUMSEC Campaign Alert: High-Volume Attacks on US Tech & Healthcare Leveraging Edge Vulnerabilities
FULCRUMSEC posts 15+ US victims, exploiting Exchange & Cisco flaws. Immediate patching of CVE-2023-21529 required.
FULCRUMSEC Campaign Alert: Mass Exploitation of Mail & Firewall Flaws; 15 New US Victims
FULCRUMSEC targets US Tech & Healthcare with SmarterMail/Exchange exploits. 15 new victims posted May 1. Immediate detection guidance inside.
FULCRUMSEC: Aggressive 2026 Campaign Targets US Tech & Healthcare via Exchange & React Exploits
FULCRUMSEC posts 15+ victims in 24 hours; active exploitation of CVE-2023-21529 (Exchange) and React RCEs signals high risk for US Tech/Healthcare sectors.
FULCRUMSEC Gang: Critical Vulnerabilities Exploited in Surge Against US Tech & Healthcare
FULCRUMSEC leverages SmarterMail/Exchange CVEs to target US Tech/Healthcare. Immediate patching and detection rules required.
FULCRUMSEC Ransomware: High-Volume Campaign Targets US Healthcare & Tech — Exploitation of Exchange & Firewall CVEs
FULCRUMSEC claims 21 victims, heavily targeting US Healthcare & Tech. Active exploitation of Exchange and Firewall CVEs observed.
FULCRUMSEC Ransomware: 2026-05 Campaign Targets US Healthcare & Tech via Mail Exploits
FULCRUMSEC posted 15+ victims focusing on US Tech/Healthcare. Active exploitation of Exchange and SmarterMail CVEs observed.
APT73 Ransomware: Critical Campaign Targets Agriculture & Finance — CVE Exploitation & Detection Rules
APT73 aggressively exploits Exchange and SmarterMail flaws. Immediate patching required for Finance, Ag, and Business Services sectors.
APT73 Ransomware Gang: Mass Extortion Campaign Exploiting Exchange & SmarterMail Flaws
APT73 posts 15+ victims targeting Finance and Business Services. Active exploitation of CVE-2023-21529 and SmarterMail flaws observed.
APT73 Ransomware: 48 New Victims Posted — Critical Infrastructure & Finance Sector Targeting
APT73 claims 48 victims, heavily targeting Finance and Agriculture. Exploiting Exchange and Cisco CVEs. Actionable detection rules included.
WANNACRY Resurgence: Critical Infrastructure Assault & 2026 Exploit Campaign Analysis
WANNACRY claims 33 new victims targeting Finance, Energy, and Gov sectors. Immediate action required on SmarterMail, Cisco FMC, and Exchange CVEs.
WANNACRY Ransomware Gang: 33 New Victims Posted — Critical Infrastructure Targeting & Detection Rules
WANNACRY targets Public Sector and Energy with 33 new global victims. Patch Exchange and SmarterMail CVEs immediately.
WANNACRY Resurgence: Critical Infrastructure Targeting & 2026 CVE Exploitation Analysis
WANNACRY targets public and finance sectors using 2026 CVEs in Exchange and Cisco. Immediate patching and network segmentation required.
WANNACRY Resurgence: 33-Victim Global Campaign Targets Public Sector & Critical Infrastructure
WANNACRY gang active in 2026 exploiting SmarterMail and Exchange CVEs to target US, BR, and CN entities. Immediate patching of CVE-2026-23760 required.
WANNACRY Resurgence: 33 New Victims Posted — Critical Infrastructure Targeting & Modern Exploit Analysis
WANNACRY ramps up attacks on Public Sector and Manufacturing. 33 new victims posted; immediate patching of Exchange and Cisco FMC CVEs required.
APT73 Campaign: Global Surge Exploiting Exchange, SmarterMail, and Cisco Flaws
APT73 targets finance and education sectors using newly disclosed Exchange and SmarterMail CVEs. Patch immediately and monitor for webshell activity.
APT73 Ransomware: Global Surge Targets Finance & Education via Critical Infrastructure CVEs
APT73 posts 15 new victims targeting Finance & Gov sectors. Exploits include Exchange, Cisco FMC, & SmarterMail. Detection rules inside.
QILIN Ransomware: Cross-Sector Surge & Critical CVE Exploitation — April 2026 Intelligence Briefing
Qilin claims 29 victims in 100 days, aggressively targeting Financial & Manufacturing sectors via SmarterMail, Exchange, and Cisco FMC exploits.
QILIN Ransomware: Global Surge Exploiting Exchange & SmarterMail Vulnerabilities
Qilin gang targets Manufacturing and Financial sectors using Exchange and SmarterMail exploits. Immediate patching required.
QILIN Ransomware: Global Surge Targeting Manufacturing & Finance — Critical CVE Exploitation Detected
Qilin claims 15+ victims including Denso and KEMBA CU. Active exploitation of Exchange & SmarterMail CVEs observed.
QILIN Ransomware: Global Surge Targeting Finance & Manufacturing — TTPs & Defense
Qilin claims 15 new victims in 48h; focus on Credit Unions and Auto Manufacturing via Exchange & Firewall exploits.
QILIN Ransomware: Aggressive Surge Against Finance & Manufacturing — Detection Engineering & KEV Analysis
Qilin gang intensifies attacks on Finance, Mfg, and Healthcare using Exchange & SmarterMail exploits. Immediate detection rules inside.
QILIN Ransomware: Aggressive Expansion into Manufacturing & Finance — CVE-Driven Access Vectors
Qilin claims 15 new victims including KEMBA FCU and Denso, exploiting Exchange and Firewall flaws. Detection rules included.
QILIN Ransomware: Surge in Manufacturing & Financial Services Attacks — Detection Rules for CVE-2023-21529 & SmarterMail Exploits
Qilin posted 15 victims in 48 hours, heavily targeting Manufacturing and Finance. Immediate patching of Exchange and SmarterMail is critical.
QILIN Ransomware Gang: Global Campaign Targets Manufacturing & Finance — Exchange & Firewall Exploits Detected
Qilin claims 32 new victims including Denso and Manulife. Immediate patching of MS Exchange CVE-2023-21529 and Cisco FMC is critical.
QILIN Ransomware: Aggressive Campaign Leveraging Exchange & Firewall Flaws — Global Sector Analysis
Qilin ransomware claims 33 new victims, exploiting Exchange and Cisco FMC vulnerabilities. Detection rules included.
QILIN Ransomware: 26 New Victims — Critical Infrastructure Surge & Web-Exploitation Campaign
Qilin aggressively targets Finance, Public Sector, and Manufacturing using newly patched Exchange and Cisco FMC exploits. Defend with these IOCs.
QILIN Ransomware: 26 Victims Claimed — Exploitation of Critical Cisco & Exchange Vulnerabilities
Qilin ransomware posts 26 new victims targeting Finance, Health, and Public sectors. Active exploitation of Cisco FMC and Exchange CVEs confirmed.
QILIN Ransomware: Aggressive Surge in Manufacturing & Public Sector — CVE Exploitation & Detection Rules
Qilin posts 15+ new victims targeting US manufacturing and public sectors. Detection rules for Exchange/SmarterMail exploits provided.
QILIN Ransomware: Manufacturing & Business Services Under Siege — Detection Engineering for Exchange & SmarterMail Exploits
Qilin aggressively targets Manufacturing and Business Services. Patch Exchange and SmarterMail immediately to thwart active encryption campaigns.
QILIN Ransomware Campaign: Surge in Manufacturing & Logistics — Critical CVEs & Sigma Rules
QILIN aggressively targets Manufacturing & Logistics. Exploiting Exchange, Cisco FMC, and SmarterMail flaws. Patch now.
QILIN Ransomware: Aggressive Multi-Sector Surge — Exchange & Firewall Exploits Detected
QILIN posts 15 victims in 48h, heavily targeting Manufacturing and Healthcare. Actively exploiting Exchange and Cisco FMC CVEs.
QILIN Ransomware: 15 New Victims Posted — Manufacturing & Service Sector Targeting & CVE Exploitation
Qilin aggressively targets Manufacturing and Business Services using Exchange and SmarterMail exploits. Immediate patching required.
THEGENTLEMEN Ransomware: Global Campaign Targets Tech & Healthcare — Detection Engineering
THEGENTLEMEN claims 23 new victims. Exploiting Cisco FMC & Citrix flaws. Urgent detection rules included.
THEGENTLEMEN Ransomware: Global Surge Exploiting Perimeter Vulnerabilities in Tech & Healthcare
THEGENTLEMEN posts 23 victims, exploiting Citrix/Cisco/SmarterMail flaws. Critical alerts for Tech, Healthcare, and Transport sectors.
THEGENTLEMEN Ransomware: Global Surge Exploiting Cisco FMC & SmarterMail Vulnerabilities
THEGENTLEMEN compromise 15+ victims across Healthcare & Logistics. Patch Cisco FMC CVE-2026-20131 and SmarterMail CVE-2026-23760 immediately.
THEGENTLEMEN Ransomware Gang: 23 New Victims Posted — Sector Targeting Analysis & Detection Rules
THEGENTLEMEN posted 23 victims targeting Tech, Mfg, and Healthcare via VPN/Firewall exploits. Immediate patching of Cisco/Citrix CVEs required.
THEGENTLEMEN Ransomware: Global Cross-Sector Surge — Critical Infrastructure Exploits & Detection
THEGENTLEMEN posts 15+ victims in 72 hours. Active exploitation of Cisco FMC & SmarterMail CVEs impacting Tech, Healthcare, and Logistics.
THEGENTLEMEN Ransomware: Global Surge Exploiting Cisco FMC & SmarterMail CVEs — Intel Brief
THEGENTLEMEN gang targets Healthcare, Tech, and Mfg sectors globally using newly exploited Cisco FMC and SmarterMail vulnerabilities. Immediate detection rules provided.
COINBASECARTEL Ransomware: Critical Infrastructure Exploits & Surge in Victim Count
COINBASECARTEL actively exploits Cisco FMC and Citrix CVEs against Tech/Public sectors. 21 new victims posted; immediate detection required.
COINBASECARTEL Gang: Critical Infrastructure Attack Wave — CVE-Driven Access & Defensive Countermeasures
COINBASECARTEL exploits edge device flaws (Cisco, Citrix) targeting Business Services & Public Sector. Patch CVE-2026-20131 and hunt for IOCs immediately.
COINBASECARTEL Ransomware: Global Surge in Edge-Device Exploitation & Critical Infrastructure Targeting
COINBASECARTEL targets Education, Govt, and Tech sectors using Cisco & Citrix exploits. Immediate patching and perimeter detection required.
DRAGONFORCE Ransomware Gang: 17 New Victims Posted — Healthcare & Business Services Under Siege
DRAGONFORCE targets Healthcare (DE) and Business Services (US) with high volume. Patch Cisco FMC and Citrix ADC immediately; deploy detection rules.
DRAGONFORCE Ransomware: Critical Campaign Targeting Healthcare & Business Services
DragonForce posts 17 victims in 72 hours, exploiting CVE-2026-23760. Healthcare and Business Services in DE/US are primary targets.
DRAGONFORCE Ransomware: 17 New Victims Posted — Healthcare & Business Services Targeted via Cisco & Citrix Exploits
Dragonforce claims 17 new victims targeting Healthcare and Business Services. Cisco FMC and SmarterMail exploits confirmed.
LOCKBIT5 Surge: Global Campaign Targets Manufacturing and Healthcare via Cisco & SmarterMail Exploits
LOCKBIT5 claims 26 victims, exploiting CVE-2026-20131 and CVE-2026-23760. Critical sectors hit; patch Cisco FMC and SmarterMail immediately.
LOCKBIT5: Americas-Heavy Surge Targets Healthcare & Manufacturing — Critical CVEs Active
LOCKBIT5 aggressively targets US/LATAM. Immediate action required on Cisco FMC & SmarterMail CVEs.
LOCKBIT5 Ransomware: Surge in Healthcare & Manufacturing Targeting via Cisco & Fortinet Exploits
LOCKBIT5 posts 27 victims. Healthcare and manufacturing sectors hit hardest via Cisco FMC and FortiOS exploits. Immediate patching required.
Showing 50 of 57 reports. Archive expands automatically as new intel is generated.
Every RansomwareReport Includes SIGMA & KQL Detection Rules
Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.