Dark Side Intelligence Category

Ransomware Intelligence

Active ransomware gang campaigns, victim disclosures from leak sites, RaaS affiliate recruitment, and SIGMA detection rules for every known ransomware family targeting enterprise environments.

252 reports availableRefreshed every 5 minutes

Ransomware — Archive & Latest

50 reports loaded
Ransomware

THEGENTLEMEN Ransomware: Global Surge in Critical Infrastructure Targeting & Exploitation of Firewall Vulnerabilities

THEGENTLEMEN claims 15+ victims in 24 hours targeting Energy, Tech, and Manufacturing. Urgent patching of Check Point and Cisco CVEs required.

Jul 8, 2026
Read →
Ransomware

QILIN Ransomware: 15 New Victims Posted — Construction & Business Services Targeted via Check Point & ScreenConnect Exploits

QILIN ransomware targets Business Services and Construction sectors using Check Point and ScreenConnect exploits. Immediate patching advised.

Jul 6, 2026
Read →
Ransomware

SAFEPAY Ransomware: Aggressive German Sector Targeting & Critical Infrastructure Exploits

SAFEPAY targets German Health, Transport, Public Sector; exploits Check Point & Cisco CVEs.

Jul 6, 2026
Read →
Ransomware

PAYLOAD Ransomware: Central European Campaign Targeting Energy and Agriculture via Firewall Exploits

PAYLOAD gang hits Energy and Food sectors in CH, IT, DE. Exploits targeting Check Point VPNs and Cisco FMC observed.

Jul 6, 2026
Read →
Ransomware

GENESIS Ransomware Gang: 9 New US Victims Targeted — Critical Firewall & VPN Exploitation Detected

Genesis gang posts 9 US victims in Healthcare & Tech. Actively exploiting Check Point (CVE-2026-50751) and Cisco FMC flaws for initial access.

Jul 5, 2026
Read →
Ransomware

PLAY Ransomware Gang: Construction & Finance Sector Surge — Firewall & Remote Access Exploitation

PLAY targets AU/US Construction & Finance firms via ScreenConnect & Firewall flaws. Immediate patching of CVE-2024-1708 required.

Jul 4, 2026
Read →
Ransomware

WALLSTREET Gang: Critical Infrastructure Sweep via Firewall & RMM Exploits

WALLSTREET claims 4 new US/EC victims. Healthcare and Police hit via Check Point & Cisco CVEs.

Jul 4, 2026
Read →
Ransomware

BRAINCIPHER Ransomware: 4 New Victims Posted — Cross-Sector Surge & Detection Engineering

BRAINCIPHER claims 4 new US/BR victims. Actively exploiting Check Point & ScreenConnect flaws. Immediate detection guidance included.

Jul 4, 2026
Read →
Ransomware

WORLDLEAKS Ransomware: Global Business Services Surge — CISA KEV Exploitation & Detection Engineering

WORLDLEAKS posts 4 new victims across PK, BR, US, IT leveraging CVE-2024-1708 and Check Point vulnerabilities. Critical detection rules included.

Jul 4, 2026
Read →
Ransomware

APT73 Ransomware Gang: Global Surge Exploiting Check Point & ScreenConnect Vulnerabilities

APT73 targets Technology & Hospitality sectors across 4 nations. Active exploitation of CVE-2024-1708 & Check Point flaws confirmed.

Jul 3, 2026
Read →
Ransomware

MEDUSALOCKER Intelligence Briefing: Surge in DACH Region Targets Telecom & Public Sector — Critical CVEs Exploited

MedusaLocker posts 10 new victims, heavily targeting Germany. Active exploitation of Check Point & ConnectWise CVEs observed.

Jul 3, 2026
Read →
Ransomware

KRYBIT Ransomware Gang: 11 New Victims Posted — Perimeter Breach Analysis & Detection Rules

KRYBIT posts 11 new victims targeting Tech and Logistics. Immediate patching for Check Point, Cisco, and ScreenConnect CVEs is critical.

Jul 3, 2026
Read →
Ransomware

INCRANSOM Gang: Aggressive Public Sector & Healthcare Targeting — Critical CVE Exploitation

INCRANSOM escalates attacks on US/BR Public Sector and Healthcare using Check Point & ScreenConnect exploits. Patch immediately.

Jul 3, 2026
Read →
Ransomware

THEGENTLEMEN Ransomware: France-Targeted Surge, Critical Infrastructure Hits & Exploit-Led Intrusions

THEGENTLEMEN gang exploits Check Point & ScreenConnect flaws, heavily targeting French logistics/healthcare. Actionable IOCs & detection rules inside.

Jul 2, 2026
Read →
Ransomware

THEGENTLEMEN Ransomware Gang: Global Campaign Intensifies — Sector Targeting Analysis & Detection Rules

THEGENTLEMEN ransomware group posts 15 new victims across multiple sectors with focus on France, US, and Taiwan. Immediate action required for exposed Check Point and Cisco systems.

Jul 2, 2026
Read →
Ransomware

THEGENTLEMEN Ransomware: Critical Infrastructure Surge & Exploitation of Network Perimeter

THEGENTLEMEN exploits Check Point & Cisco FMC flaws to hit 15 victims across Energy & Public Sector. Detection rules inside.

Jul 2, 2026
Read →
Ransomware

THEGENTLEMEN Ransomware: 15+ Victims Posted — Analysis of Multi-Vector CVE Exploitation

THEGENTLEMEN aggressively targets logistics, healthcare, and public sectors across FR/US. Immediate patching for ScreenConnect, Check Point, and Cisco FMC required.

Jul 1, 2026
Read →
Ransomware

QILIN Ransomware: Global Surge Targets Manufacturing & Services — Critical Edge Device Exploitation Detected

QILIN posts 19 victims in 48 hours, targeting manufacturing and business services via Check Point and Cisco exploits.

Jul 1, 2026
Read →
Ransomware

QILIN Ransomware: 19 New Victims & Surge in Business Services Targeting — Detection Rules for CVE Exploitation

QILIN attacks surge with 19 new victims targeting Business Services. Detection rules for Check Point & ScreenConnect exploits provided.

Jul 1, 2026
Read →
Ransomware

QILIN Ransomware: 15 New Victims in Manufacturing & Services — Critical CVE Exploitation

Qilin targets Manufacturing and Business Services globally. Immediate action required against Check Point and ScreenConnect vulnerabilities.

Jun 30, 2026
Read →
Ransomware

QILIN Ransomware Gang: 15 New Victims Posted — Global Multi-Sector Campaign Targets Manufacturing & Business Services

QILIN posted 15 victims across 10 countries in 7 days. Manufacturing and Business Services targeted. Patch edge devices now.

Jun 30, 2026
Read →
Ransomware

QILIN Ransomware Gang: 15 New Victims Posted — Sector Targeting Analysis & Detection Rules

QILIN posted 15 victims across DE/JP/FR/US in late June 2026, exploiting Check Point, ScreenConnect and Exchange CVEs. Manufacturing and business services are priority targets.

Jun 30, 2026
Read →
Ransomware

QILIN Ransomware Campaign: 14 New Victims & Critical Firewall Exploitation

Qilin targets Manufacturing and Education sectors globally using Check Point and Cisco exploits. Patch critical CVEs and hunt for RDP anomalies.

Jun 29, 2026
Read →
Ransomware

QILIN Ransomware: Global Surge in Manufacturing & Education Targeting — Detection & Hardening Guide

Qilin aggressively targets Manufacturing, Education, and Telecom globally exploiting VPN/RCE flaws. Immediate patching for Check Point & ScreenConnect required.

Jun 29, 2026
Read →
Ransomware

QILIN Ransomware: Global Agri-Tech & Logistics Surge — Critical Exploits Active

Qilin targeting agriculture, telecom, and logistics. Patch ScreenConnect and Check Point CVEs immediately.

Jun 29, 2026
Read →
Ransomware

STORMOUS Gang: Retail & Energy Sector Blitz — CVE-2024-1708 & Supply Chain Indicators

Stormous claims 14 new victims targeting retail and energy sectors. Immediate patching of ScreenConnect and Check Point required.

Jun 28, 2026
Read →
Ransomware

STORMOUS Ransomware Gang: Global Surge in Consumer Services & Manufacturing — Critical CVE Exploitation

Stormous releases full data dumps for retail/manufacturing victims. Immediate patching of Check Point and Cisco CVEs required.

Jun 28, 2026
Read →
Ransomware

NOVA Ransomware: Global Logistics & Public Sector Campaign — Detection Engineering & IOCs

NOVA gang exploits VPN flaws (Check Point/Cisco) to target Transport & Public sectors. Immediate detection rules and IOCs provided.

Jun 28, 2026
Read →
Ransomware

NOVA Ransomware Gang: 16 New Victims Posted — Global Transport & Public Sector Attacks via Network Edge CVEs

NOVA gang hits 16 targets including NSW Rural Fire Service. Active exploitation of Check Point & Cisco CVEs observed.

Jun 27, 2026
Read →
Ransomware

NOVA Ransomware Gang: 16 New Victims Posted — Transport & Public Sector Surge

NOVA claims 16 new victims targeting Transport & Public sectors. Urgent patching of Check Point and Cisco CVEs required.

Jun 27, 2026
Read →
Ransomware

NOVA Ransomware Gang: Aggressive Campaign Targeting Logistics & Public Sector — Firewall & RDP Exploitation Surge

NOVA ransomware claims 16 new victims, heavily targeting transportation and public sectors via firewall flaws and RDP exploits. Patch critical CVEs now.

Jun 27, 2026
Read →
Ransomware

NOVA Ransomware Gang: Global Logistics & Public Sector Assault — CVE-2026-50751 Exploitation Detected

NOVA group aggressively targets transportation and public sectors globally. Patch Check Point VPN and ScreenConnect immediately.

Jun 26, 2026
Read →
Ransomware

NOVA Ransomware: Critical Infrastructure & Logistics Targeted — Live Campaign Analysis & Countermeasures

NOVA group posts 16 new victims targeting public sector and logistics via Check Point and Cisco flaws. Immediate detection guidance included.

Jun 26, 2026
Read →
Ransomware

NOVA Ransomware: Surge in Australian Public Sector Attacks — Check Point & ScreenConnect Exploitation

NOVA gang targets AU Public Sector and Logistics via CVE-2024-1708 and firewall flaws. Detection rules included.

Jun 26, 2026
Read →
Ransomware

NOVA Ransomware Gang: Global Surge in Transportation & Tech Sectors — CVE-2026-50751 Exploitation

NOVA group posted 14 victims in 5 days, heavily targeting Logistics and Tech in LATAM and APAC. Critical CVE-2026-50751 exploitation confirmed.

Jun 25, 2026
Read →
Ransomware

NOVA Ransomware Gang: 14 New Victims Posted — Sector Targeting Analysis & Detection Rules

NOVA ransomware group targeting transportation, tech, and healthcare sectors across multiple regions. Immediate detection and response recommended.

Jun 25, 2026
Read →
Ransomware

NOVA Ransomware: Surge in Logistics & Tech Sector Attacks via Critical Check Point CVE

NOVA exploits CVE-2026-50751 targeting logistics and tech. 15+ victims posted. Patch Check Point and ScreenConnect immediately.

Jun 25, 2026
Read →
Ransomware

NOVA Ransomware: Critical Infrastructure Surge — Check Point & Cisco Exploits Detected

NOVA aggressively targets Logistics/Tech using Check Point and Cisco exploits. 15 new victims posted. Apply detection rules immediately.

Jun 24, 2026
Read →
Ransomware

NOVA Ransomware: Logistics & Healthcare Sectors Under Siege — Active Exploitation of Check Point & Cisco CVEs

NOVA gang exploits CVE-2026-50751 & CVE-2026-20131. Targeting logistics & healthcare globally. Includes detection rules.

Jun 24, 2026
Read →
Ransomware

CISA KEV Flash: 5 CVEs Added — Lantronix & Ubiquiti Under Active Attack

Active exploitation confirmed for Lantronix EDS5000, Ubiquiti UniFi OS, and Splunk Enterprise. Patch immediately.

Jun 24, 2026
Read →
Ransomware

NOVA Ransomware: Global Surge in Transportation & Tech Sectors — Critical KEV Exploitation Detected

NOVA gang exploits ScreenConnect & Check Point flaws in new campaign targeting Logistics and Tech. Detection rules and patching guidance included.

Jun 24, 2026
Read →
Ransomware

QILIN Ransomware Gang: 17 New Victims Posted — Global Campaign Targeting Financial & Construction Sectors

QILIN ransomware group accelerates attacks targeting financial services and construction firms globally. Enterprise defenders need to review VPN configurations and monitor for unusual lateral movement patterns immediately.

Jun 24, 2026
Read →
Ransomware

QILIN Ransomware: Surge in Construction Sector Attacks & Critical Firewall Exploitation

QILIN exploits Check Point and Cisco CVEs against global construction/finance firms. Immediate patching and VPN hardening required.

Jun 23, 2026
Read →
Ransomware

QILIN Ransomware: Global Campaign Targets Construction & Finance — Detection Engineering & TTPs

Qilin posts 16 new victims heavily targeting construction & finance sectors. Immediate detection rules for RDP brute force & PowerShell staging included.

Jun 23, 2026
Read →
Ransomware

QILIN Ransomware: 15 Victims in 5 Days — Construction Sector Under Siege

QILIN aggressively targets Construction and Finance sectors exploiting Check Point and Cisco CVEs. Immediate patching advised.

Jun 23, 2026
Read →
Ransomware

QILIN Ransomware Campaign: Surge in Construction & Financial Sector Attacks

Qilin gang aggressively targets construction and financial sectors via Check Point and ScreenConnect exploits. Immediate patching required.

Jun 22, 2026
Read →
Ransomware

QILIN Ransomware: 16 Victims Hit in Global Construction & Finance Surge — Detection Rules

Qilin gang aggressively targets US construction & global finance. Patch ScreenConnect & Cisco FMC immediately. Includes SIGMA & KQL.

Jun 22, 2026
Read →
Ransomware

QILIN Ransomware: Financial Sector & Critical Infrastructure Under Siege — Detection Rules & IOCs

Qilin claims 15 victims incl. Central Bank of Libya. Active exploitation of Check Point & ConnectWise. Patch immediately.

Jun 22, 2026
Read →
Ransomware

LOCKBIT5: Manufacturing & Healthcare Sectors Under Siege — Check Point & Cisco Firewall Exploits Detected

LOCKBIT5 exploits CVE-2026-50751 to target Manufacturing & Healthcare. Patch firewalls & harden RDP immediately.

Jun 21, 2026
Read →
Ransomware

LOCKBIT5 Ransomware: Global Surge Targeting Healthcare & Manufacturing — Detection Engineering Brief

LOCKBIT5 posts 15 new victims in 72 hours, heavily targeting healthcare and manufacturing. Patch CVE-2026-50751 & CVE-2024-1708 immediately.

Jun 21, 2026
Read →

Showing 50 of 252 reports. Archive expands automatically as new intel is generated.

Free Detection Rules Included

Every RansomwareReport Includes SIGMA & KQL Detection Rules

Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.