Ransomware Intelligence
Active ransomware gang campaigns, victim disclosures from leak sites, RaaS affiliate recruitment, and SIGMA detection rules for every known ransomware family targeting enterprise environments.
Ransomware — Archive & Latest
QILIN Ransomware Gang: 18 New Victims Posted — High-Volume Attacks on Business & Financial Sectors
Qilin claims 18 new victims, heavily targeting Business & Financial sectors. Urgent patching required for ConnectWise & SmarterMail CVEs.
THEGENTLEMEN Ransomware: Critical Infrastructure Exploitation Surge — 15 New Victims in 6 Days
THEGENTLEMEN claims 15 new victims targeting Tech, Mfg, and Logistics. Immediate patching of Cisco FMC & SmarterMail required.
QILIN Ransomware: Construction & Tech Sectors Under Siege — ConnectWise & Exchange Exploits Surge
QILIN ransomware active in 6 countries, exploiting ConnectWise and Exchange flaws. Construction and Tech sectors face double extortion threat.
QILIN Ransomware: Aggressive Campaign Targets Construction & Tech — Detection & Intel
QILIN ransomware posts 14 new victims, targeting Construction and Tech sectors via ConnectWise and RDP flaws.
QILIN Ransomware Gang: Surge in Construction & Tech Sector Attacks — Exploitation Analysis & Detection Rules
QILIN aggressively targets Construction and Tech sectors via ConnectWise and Exchange exploits. Actionable SIGMA rules and IR guidance included.
QILIN Ransomware Gang: 18 New Victims Posted — Critical Infrastructure & Tech Sector Targeting
Qilin posts 18 new victims, targeting Tech & Construction. Immediate patching of ScreenConnect & Exchange required.
QILIN Ransomware Campaign Targets Construction & Tech: 20 New Victims Identified
QILIN gang posts 20+ victims targeting Construction and Tech sectors via ScreenConnect and Cisco FMC exploits. Patch immediately.
QILIN Ransomware Gang: 21 New Victims Posted — Construction & Manufacturing Sector Alert
QILIN posts 21 new victims targeting construction, manufacturing across US, GB, and AT. Immediate patching of ScreenConnect and Exchange Server vulnerabilities required.
QILIN Ransomware: Construction & Manufacturing Under Siege — ConnectWise & Exchange Exploitation Surge
Qilin aggressively targets construction and manufacturing in US/GB. Active exploitation of ConnectWise and Exchange observed. IOCs and detection rules included.
QILIN Ransomware Gang: 23 New Victims Posted — Construction & Manufacturing Sector Targeting Analysis & Detection Rules
QILIN posts 23 new victims, heavily targeting construction, manufacturing, and business services across 8 countries. Detection rules included.
QILIN Ransomware: Construction & Agri-Food Sector Surge — SmarterMail & ScreenConnect Exploitation
QILIN ransomware heavily targets Construction and Agriculture sectors. Immediate patching required for ScreenConnect and SmarterMail KEVs.
QILIN Ransomware: Surge in Construction & Service Sector Attacks — Detection & Intel Brief
Qilin claims 27 new victims, aggressively targeting Construction, Healthcare, and Business Services via ScreenConnect and SmarterMail exploits.
QILIN Ransomware: Global Surge in Business Services & Construction — Detection Rules & CVE Exploitation
Qilin aggressively targets Business Services and Construction via ScreenConnect and SmarterMail vulnerabilities. Immediate patching of CVE-2024-1708 and RCE detection are critical.
CISA KEV Flash: Active Exploitation Detected in Microsoft Exchange & Cisco SD-WAN
CISA flags 2 critical CVEs (Microsoft Exchange & Cisco SD-WAN) under active attack. Immediate patching required due to active exploitation.
QILIN Ransomware: Cross-Sector Surge & Critical Infrastructure Targeting — Detection Engineering Brief
QILIN gang posts 15+ victims across Healthcare, Manufacturing, and Public sectors. Actively exploiting ConnectWise and Exchange flaws.
QILIN Ransomware: Global Campaign Targets Agriculture & Healthcare via Critical Remote Access Exploits
Qilin aggressively targets Manufacturing and Healthcare sectors using ConnectWise and SmarterMail exploits. Immediate patching required.
QILIN Ransomware: Global Expansion Targeting Healthcare & Agriculture — Critical CVE Analysis
QILIN claims 15 victims targeting Healthcare, Agriculture, and Manufacturing. Detection rules for ScreenConnect and SmarterMail exploitation included.
QILIN Ransomware: Global Surge in Healthcare & Manufacturing — Campaign Analysis & Detection Rules
Qilin posted 22 victims recently, heavily targeting Healthcare and Manufacturing via ScreenConnect and Exchange exploits.
QILIN Ransomware: Global Surge Exploiting SmarterMail & ScreenConnect — 15 Victims in 72 Hours
Qilin posted 15 new victims in 72 hours targeting Healthcare and Manufacturing. Immediate patching of SmarterMail and ScreenConnect is critical.
QILIN Ransomware: Global Surge in Manufacturing & Healthcare Targets — Critical IOCs & Detection Logic
QILIN adds 26+ victims targeting Manufacturing & Healthcare globally via ScreenConnect and Exchange exploits. Immediate detection rules inside.
QILIN Ransomware: Surge in Manufacturing & Healthcare Targeting via Critical CVE Exploits
Qilin ramps up attacks on Manufacturing and Healthcare sectors globally. Patch ConnectWise and Exchange immediately.
QILIN Ransomware Gang: Global Surge Exploiting Critical Vulnerabilities — Defense & Detection
Qilin claims 15 new victims across 8 countries, exploiting ConnectWise and SmarterMail flaws. Healthcare and Manufacturing sectors face immediate critical risk.
QILIN Ransomware: Aggressive Surge in Manufacturing & Healthcare — Critical Vulnerabilities Exploited
Qilin targets Manufacturing & Healthcare using ConnectWise/SmarterMail flaws. Immediate detection required for active campaigns.
QILIN Ransomware: Global Surge in Healthcare & Manufacturing — Exploiting ScreenConnect & Exchange
QILIN claims 15+ new victims in 72 hours. Heavy targeting of Healthcare and Mfg via ScreenConnect and Exchange vulnerabilities.
QILIN Ransomware Gang: Global Surge in Healthcare & Manufacturing — Campaign Analysis & Detection Rules
QILIN aggressively targets healthcare and manufacturing sectors using ScreenConnect and SmarterMail exploits. Critical detection rules and IOCs provided.
QILIN Ransomware: Global Surge Targeting Healthcare & Manufacturing — Active Exploitation of Cisco FMC & ScreenConnect
QILIN claims 15+ new victims across Healthcare and Manufacturing sectors. Active exploitation of Cisco FMC and ConnectWise ScreenConnect confirmed.
QILIN Ransomware: US & AU Healthcare/Manufacturing Surge — ScreenConnect & Exchange Exploitation
Qilin ransomware aggressively targets US/AU healthcare and manufacturing via ScreenConnect and Exchange flaws. Immediate detection required.
QILIN Gang: 15 New Victims in Global Surge Targeting Manufacturing & Healthcare — IoCs & KEV Analysis
QILIN posts 15+ new victims targeting manufacturing and healthcare via SmarterMail and ScreenConnect exploits. Immediate patching required.
QILIN Ransomware: Global Surge Targeting Manufacturing & Healthcare — Critical CVE Detection Rules
Qilin gang aggressively targets Manufacturing & Healthcare. Detect ScreenConnect & SmarterMail exploits now.
QILIN Ransomware Gang: 15 New Victims in 4 Days — Cross-Sector Campaign & Critical Vulnerability Exploitation
QILIN gang posted 15 victims across 8 sectors in 4 days, exploiting CVE-2024-1708 and other critical flaws. Manufacturing, Technology, and Business Services at highest risk.
QILIN Ransomware: Global Campaign Targets Manufacturing & Services — Exploitation of ConnectWise & Cisco Flaws
Qilin gang aggressively targets manufacturing and business services via ScreenConnect and Cisco vulnerabilities. Patch critical internet-facing appliances immediately.
CISA KEV Flash: 2 CVEs Added — BerriAI & Ivanti Under Active Attack
CISA adds 2 CVEs. BerriAI LiteLLM & Ivanti EPMM exploited. Patch immediately to prevent remote takeover & data theft.
QILIN Ransomware Gang: 17 New Victims Posted — Exchange & Cloud Firewall Exploitation Surge
Qilin ransomware aggressively targets US sectors exploiting CVE-2023-21529 and SmarterMail flaws. Immediate patching required.
QILIN Ransomware Gang: 15 New Victims Posted — Multi-Sector Surge & Critical CVE Exploitation
QILIN aggressively targets healthcare and business sectors via Exchange, SmarterMail, and Cisco exploits. Immediate patching and IOC hunting required.
QILIN Ransomware: Escalating Campaign Exploiting Exchange & Mail Flaws — 15 New Victims
Qilin posts 15+ new victims across US, UK, and AU exploiting SmarterMail and Exchange vulnerabilities. Immediate patching and detection required.
QILIN Ransomware: 16 New Victims Posted — Aggressive Mail Server Exploitation & Sector Targeting Analysis
Qilin claims 16 new victims in 72 hours, heavily targeting Business Services and Tech sectors via Exchange, Cisco FMC, and SmarterMail exploits.
QILIN Ransomware Gang: 18 New Victims Posted — Critical Vulnerability Exploitation & Cross-Sector Targeting
QILIN posts 18 new victims across US, UK, and CA, actively exploiting Microsoft Exchange and Cisco FMC flaws. Immediate detection required.
QILIN Ransomware: Global Campaign Targets Business Services & Construction — CVE Exploitation Analysis
Qilin claims 16 new victims targeting Business Services & Construction. IOCs and detection rules for SmarterMail/Exchange exploits.
QILIN Ransomware: Aggressive Expansion in Business & Construction Sectors — IOCs & Detection Rules
Qilin ransomware posts 16 new victims targeting Business Services, Tech, and Construction sectors in US, UK, and Spain. Immediate patching of Exchange and Cisco FMC required.
QILIN Ransomware: 16 New Victims Posted — Global Surge in Professional Services & Construction Sector Attacks
Qilin posts 16 victims targeting Business/Construction sectors in UK/US. Patch Exchange & SmarterMail immediately to prevent breach.
QILIN Ransomware Gang: High-Volume Global Campaign Targeting Finance & Manufacturing — CVE Analysis & Detection
Qilin posted 14 new victims across Finance, Manufacturing, and Construction. Immediate patching for SmarterMail and Cisco FMC is critical.
THegentlemen Ransomware: Aggressive Campaign Targets Manufacturing & Critical Infrastructure — 19 New Victims Analyzed
THegentlemen gang posts 19 new victims, heavily targeting Manufacturing and US sectors. Detect active exploitation of Exchange, Cisco FMC, and SmarterMail vulnerabilities.
THEGENTLEMEN Ransomware: 15 New Victims Posted — Manufacturing & Telecom Targeting Spike
THEGENTLEMEN posted 15+ victims since May 6, heavily targeting Manufacturing and Telco via Exchange & Firewall exploits.
THEGENTLEMEN Ransomware: Global Surge Exploiting Exchange & Mail Server Flaws
THEGENTLEMEN claims 15 new victims across 9 countries, exploiting Exchange and SmarterMail flaws. Manufacturing and Telecom sectors are at high risk.
THEGENTLEMEN Ransomware: Critical Infrastructure Campaign — SmarterMail & Exchange Exploitation Detected
THEGENTLEMEN exploit SmarterMail & Exchange zero-days targeting Manufacturing & Construction. Patch CVE-2025-52691 immediately.
THEGENTLEMEN Ransomware: Aggressive Campaign Targeting Manufacturing & Telecom via Email Gateway Exploits
THEGENTLEMEN posts 15+ victims in 48 hours. Manufacturing and Telecom sectors hit hard via SmarterMail/Exchange CVEs. Patch now.
THEGENTLEMEN Ransomware: Global Surge in Manufacturing & Telecom — Active Exploitation of Exchange, Cisco & SmarterMail Flaws
THEGENTLEMEN posts 15 new victims targeting Manufacturing and Telecom. Actively exploiting Exchange, Cisco FMC, and SmarterMail vulnerabilities for initial access.
QILIN Ransomware: 21 New Victims Posted — Sector Targeting Analysis & Detection Rules
Qilin posts 21 new victims. Focus on Manufacturing/Construction. Exploiting Exchange and SmarterMail flaws.
QILIN Ransomware: Global Surge in Manufacturing & Construction — Exchange & Firewall CVEs Exploited
Qilin gang aggressively targets manufacturing and construction across US/EU via Exchange and Cisco firewall CVEs. Immediate detection rules included.
BAVACAI Ransomware: Global Surge Targets Education & Business Services via Edge Exploits
BAVACAI posts 15 new victims targeting Education & Business sectors globally. Detect exploitation of Exchange, SmarterMail, and Cisco FMC vulnerabilities.
Showing 50 of 118 reports. Archive expands automatically as new intel is generated.
Every RansomwareReport Includes SIGMA & KQL Detection Rules
Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.