Ransomware Intelligence
Active ransomware gang campaigns, victim disclosures from leak sites, RaaS affiliate recruitment, and SIGMA detection rules for every known ransomware family targeting enterprise environments.
Ransomware — Archive & Latest
THEGENTLEMEN Ransomware: 15 New Victims — Global Manufacturing Surge & Critical CVE Exploitation
THEGENTLEMEN claims 15 new victims targeting Manufacturing & Tech via ScreenConnect & Cisco exploits. Immediate patching required.
THEGENTLEMEN Ransomware: 15 New Victims Posted — Global Manufacturing Sector Targeted via VPN & ScreenConnect Exploits
THEGENTLEMEN claims 15 new victims across 11 countries, heavily targeting Manufacturing and Energy sectors. Campaign leverages exploits for Check Point VPN and ConnectWise ScreenConnect.
THEGENTLEMEN Ransomware: Global Manufacturing Surge & VPN Exploitation Campaign
THEGENTLEMEN claims 15 new victims targeting manufacturing & energy. Actively exploiting Check Point & Cisco edge vulnerabilities. Immediate detection required.
THEGENTLEMEN Ransomware Gang: Global Manufacturing & Energy Surge — Detection Engineering & Critical IOCs
THEGENTLEMEN ransomware gang posts 21 new victims across manufacturing and energy sectors. Detect and block active exploitation of critical CVEs.
THEGENTLEMEN Ransomware Gang: Multi-Sector Global Campaign & Critical CVE Exploitation Analysis
THEGENTLEMEN targeting 8+ sectors with Check Point & Cisco exploits. Immediate patching recommended for KEV-listed vulnerabilities.
THEGENTLEMEN Ransomware: Critical Infrastructure Surge & CVE-2026-50751 Exploitation
THEGENTLEMEN claims 15 new victims across Manufacturing & Energy sectors. Urgent patching for Check Point and Cisco CVEs required.
THEGENTLEMEN Ransomware: Critical Infrastructure Blitz & Firewall Exploitation
THEGENTLEMEN claims 15 victims, heavily targeting manufacturing via Cisco/Check Point CVEs. Immediate patching & detection required.
THEGENTLEMEN Ransomware: 15 New Victims in Global Manufacturing & Energy Assault — Detection Playbook
THEGENTLEMEN posts 15+ new victims targeting Manufacturing & Energy. Urgent patching required for Check Point & Cisco flaws.
THEGENTLEMEN Ransomware: Critical Surge in Manufacturing & Energy Sectors Leveraging Perimeter Exploits
THEGENTLEMEN posted 15 new victims across Manufacturing/Energy. Actively exploiting Check Point & Cisco CVEs. Patch immediately.
QILIN Ransomware: Surge in Legal & Business Services Attacks — Global Campaign Analysis & Detection Rules
Qilin aggressively targets US/EU legal and professional services. Briefing includes TTPs, Sigma rules, and immediate containment actions.
QILIN Ransomware: Aggressive Campaign Targeting Business Services & Legal Sector Exploiting Firewall Flaws
Qilin group heavily targets Business Services and Legal firms using Check Point & ScreenConnect flaws. Immediate patching required.
QILIN Ransomware: 15 New Victims Posted — Legal & Consumer Services Targeted via ScreenConnect & Firewall Exploits
Qilin ransomware posts 15 new victims, heavily targeting US legal and consumer services. Immediate patching of ScreenConnect and Check Point CVEs is critical.
QILIN Ransomware Gang: 18 New Victims Posted — Business Services Targeted & Detection Engineering
QILIN ransomware posted 18 new victims this week, heavily targeting Business Services sector across US, EU. Immediate patching of VPN/RDP vulnerabilities critical.
QILIN Ransomware: Surge in Business Services Attacks & Exploitation of New Check Point CVE
Qilin posts 19 new victims, heavily targeting US Business Services. Immediate patching of Check Point and ScreenConnect CVEs required.
QILIN Ransomware Gang: 19 New Victims Posted — Sector Targeting Analysis & Detection Rules
QILIN intensifies attacks on Business Services sector across US and Europe. Detection rules provided.
QILIN Ransomware: 19 New Victims Posted — Surge in Professional Services & Detection Engineering
Qilin claims 19 new victims, heavily targeting Business Services & Legal sectors via VPN/RDP exploits. Patch ScreenConnect & Check Point immediately.
QILIN Ransomware Gang: 19 New Victims Posted — Critical Firewall & RaaS Activity Surge
QILIN claims 19 new victims, heavily targeting US Business Services. Immediate action required on Check Point & Cisco CVEs and RDP hardening.
QILIN Ransomware Gang: Surge in Attacks on US Business Services & Critical Infrastructure Vulnerabilities
QILIN posts 21 victims, heavily targeting US Business Services via Check Point and ScreenConnect exploits. Immediate patching required.
QILIN Ransomware: Aggressive Campaign Targeting US Professional Services — Critical CVEs & IOCs
Qilin gang heavily targeting US Business Services and Retail. Patch Check Point and ScreenConnect CVEs immediately.
QILIN Ransomware: 15 New Victims in Professional Services & Retail — KEV Exploitation Alert
Qilin claims 15+ US victims in Business & Consumer services. Immediate patching of ConnectWise and Check Point CVEs is critical.
QILIN Ransomware: 15+ Victims in 48 Hours — Check Point & ConnectWise Exploitation Surge
Qilin gang posts 15+ new victims targeting US Consumer/Business sectors. Immediate patching for Check Point CVE-2026-50751 required.
QILIN Ransomware: Legal Sector Under Siege — 15 Victims Posted & Critical Check Point CVE Exploited
Qilin posts 15 new victims targeting US legal and energy sectors. Actively exploiting Check Point VPN and ScreenConnect vulnerabilities.
QILIN Ransomware: Critical Check Point & Cisco Firewall Exploits Fueling Healthcare & Manufacturing Surge
QILIN gang exploits CVE-2026-50751; targeting US Healthcare & Manufacturing. Detection rules and IOCs included.
THEGENTLEMEN Ransomware: Global Surge Exploiting Check Point & Cisco Perimeter Flaws
THEGENTLEMEN claims 15+ global victims, heavily targeting Healthcare and Tech via CVE-2026-50751 and ScreenConnect exploits.
THEGENTLEMEN Ransomware: Critical Surge in Healthcare & Tech Targets — CVE-2026-50751 Exploitation Analysis
THEGENTLEMEN posted 15+ victims in 24h. Active exploitation of CVE-2026-50751 (Check Point) and ScreenConnect detected. Patching and detection rules required.
THEGENTLEMEN Ransomware Gang: 24 New Victims Posted — Sector Targeting Analysis & Detection Rules
THEGENTLEMEN ransomware group posts 15 victims in 24 hours, heavily targeting healthcare and technology sectors. Detection rules and mitigation included.
THEGENTLEMEN Ransomware: Global Healthcare & Tech Surge — Critical Exploit Analysis
THEGENTLEMEN claims 15 new victims targeting Healthcare and Technology sectors globally. Action required for CVE-2024-1708 and Exchange exploits.
THEGENTLEMEN Ransomware: 15 New Victims Posted — Surge in Healthcare & Tech Targeting via Cisco & ConnectWise
THEGENTLEMEN posted 15 victims on June 8, heavily targeting Healthcare and Tech. Immediate patching of Cisco FMC and ConnectWise CVEs is critical.
THEGENTLEMEN Ransomware: Global Surge Targeting Healthcare & Tech — Critical CVEs & Detection Rules
THEGENTLEMEN claims 24 victims targeting Healthcare/Tech. Exploits include ScreenConnect & Nx Console. Immediate action required.
THEGENTLEMEN Ransomware: 15 New Victims Posted — Global Healthcare & Tech Surge + KEV Exploitation
THEGENTLEMEN gang posted 15 new victims, heavily targeting Healthcare and Tech sectors via ConnectWise and Exchange exploits. Immediate patching required.
QILIN Ransomware Gang: 15 New Victims Posted — Global Targeting Analysis & Detection Rules
QILIN posts 15 new victims targeting healthcare, construction & energy sectors. Detection rules and TTPs analysis included.
QILIN Ransomware: Global Surge in Healthcare & Energy Sectors — Campaign Analysis & Detection Engineering
Qilin ransomware aggressively targets Healthcare, Energy, and Business Services via ScreenConnect exploits. Immediate detection rules provided.
QILIN Ransomware: 15 New Victims Identified — Cross-Sector Surge & Critical CVE Exploitation
Qilin claims 15 new victims across Healthcare, Construction, and Energy, leveraging ConnectWise and Cisco CVEs for initial access.
QILIN Ransomware: Critical Infrastructure & Healthcare Under Siege via KEV Exploits
Qilin gang exploits CISA KEV vulnerabilities to target Healthcare and Energy sectors globally. Immediate patching of ScreenConnect and Cisco FMC required.
QILIN Ransomware: Surge in Healthcare & Energy Targeting — 15 New Victims Confirmed
Qilin posted 15 new victims targeting Healthcare, Energy, and Construction globally. Immediate patching of ScreenConnect and Exchange advised.
QILIN Ransomware: Multi-Sector Surge Targeting Healthcare & Energy — IOCs & Detection Rules
QILIN gang intensifies attacks on Healthcare, Energy, and Logistics across US and EU. Critical CVEs exploited. Immediate detection guidance inside.
QILIN Ransomware Gang: Healthcare & Energy Sector Attacks Surge — Detection & Response Guidance
QILIN targets 15 new victims across healthcare and energy sectors. Detection rules and IR priorities included.
THEGENTLEMEN Ransomware: Aggressive Campaign Targets Healthcare & Logistics — Analysis of 16 New Victims
THEGENTLEMEN group posts 16 new victims, heavily targeting US healthcare and logistics. Immediate patching of ScreenConnect and Exchange required.
THEGENTLEMEN Ransomware: Global Healthcare & Logistics Assault — Detection Engineering
THEGENTLEMEN exploits ScreenConnect & Exchange CVEs to target US healthcare and global logistics. Immediate detection rules provided.
THEGENTLEMEN Ransomware: Global Surge in Healthcare & Logistics — Critical CVE Analysis
THEGENTLEMEN group exploits ScreenConnect and Cisco FMC flaws to target Healthcare and Logistics sectors. Immediate patching and detection advised.
THEGENTLEMEN Ransomware: Healthcare & Logistics Surge — ScreenConnect Exploitation & Detection
THEGENTLEMEN surge targets Healthcare/Logistics via ScreenConnect/CVE-2026-48027. Immediate detection rules required.
THEGENTLEMEN Ransomware Gang: 21 Victims Posted — Healthcare & Logistics Targeting & Detection Rules
THEGENTLEMEN posts 21 new victims, heavily targeting US healthcare & global logistics. Immediate detection of CVE-2024-1708 & lateral movement required.
GENESIS Ransomware: US Sector Blitz — Technical Analysis & Defense
GENESIS targets US Business & Healthcare sectors with 9 new victims. Exploits ConnectWise & Exchange. Immediate detection rules inside.
GENESIS Ransomware: US Sector Blitz — Critical Exploitation of ScreenConnect & Firewall Management Flaws
GENESIS gang posts 9 US victims in 5 days, targeting Healthcare & Business Services. Leverages ScreenConnect and Cisco FMC CVEs.
SAFEPAY Ransomware: European Campaign Escalation — Exploitation of ScreenConnect & Nx Console Vulnerabilities
SAFEPAY claims 7 new victims. Recent spike linked to ScreenConnect (CVE-2024-1708) and Nx Console (CVE-2026-48027) exploitation.
QILIN Ransomware Gang: Healthcare Sector Under Siege — 13 New Victims Posted & Critical CVE Exploitation
Qilin ransomware gang posted 13 new victims in early June, heavily targeting healthcare sector across US, Chile, Australia. Immediate patching of CVE-2026-48027 and CVE-2024-1708 strongly advised.
CISA KEV Flash: Critical PAN-OS Auth Bypass & Linux Kernel Flaws Under Active Attack
CISA adds 8 CVEs. PAN-OS auth bypass, Linux Kernel LPE, and supply chain attacks active. Patch immediately.
QILIN Ransomware: Aggressive Healthcare Campaign Leveraging CVE-2026-48027
Qilin posted 15 new victims, heavily targeting US healthcare. Suspected use of new Nx Console exploit; immediate patching and hunting required.
QILIN Ransomware: 14 New Victims Posted — Healthcare & Manufacturing Under Siege
Qilin claims 14 new victims, heavily targeting US healthcare and manufacturing. Exploitation of CVE-2024-1708 and ScreenConnect observed.
QILIN Ransomware Gang: 14 New Victims Posted — Sector Targeting Analysis & Detection Rules
QILIN ransomware attacks surge with 14 new victims, targeting Manufacturing, Healthcare and Business Services sectors in the US. Organizations in these verticals should review detection rules immediately.
Showing 50 of 192 reports. Archive expands automatically as new intel is generated.
Every RansomwareReport Includes SIGMA & KQL Detection Rules
Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.