Ransomware Intelligence
Active ransomware gang campaigns, victim disclosures from leak sites, RaaS affiliate recruitment, and SIGMA detection rules for every known ransomware family targeting enterprise environments.
Ransomware — Archive & Latest
THEGENTLEMEN Ransomware: Global Surge in Critical Infrastructure Targeting & Exploitation of Firewall Vulnerabilities
THEGENTLEMEN claims 15+ victims in 24 hours targeting Energy, Tech, and Manufacturing. Urgent patching of Check Point and Cisco CVEs required.
QILIN Ransomware: 15 New Victims Posted — Construction & Business Services Targeted via Check Point & ScreenConnect Exploits
QILIN ransomware targets Business Services and Construction sectors using Check Point and ScreenConnect exploits. Immediate patching advised.
SAFEPAY Ransomware: Aggressive German Sector Targeting & Critical Infrastructure Exploits
SAFEPAY targets German Health, Transport, Public Sector; exploits Check Point & Cisco CVEs.
PAYLOAD Ransomware: Central European Campaign Targeting Energy and Agriculture via Firewall Exploits
PAYLOAD gang hits Energy and Food sectors in CH, IT, DE. Exploits targeting Check Point VPNs and Cisco FMC observed.
GENESIS Ransomware Gang: 9 New US Victims Targeted — Critical Firewall & VPN Exploitation Detected
Genesis gang posts 9 US victims in Healthcare & Tech. Actively exploiting Check Point (CVE-2026-50751) and Cisco FMC flaws for initial access.
PLAY Ransomware Gang: Construction & Finance Sector Surge — Firewall & Remote Access Exploitation
PLAY targets AU/US Construction & Finance firms via ScreenConnect & Firewall flaws. Immediate patching of CVE-2024-1708 required.
WALLSTREET Gang: Critical Infrastructure Sweep via Firewall & RMM Exploits
WALLSTREET claims 4 new US/EC victims. Healthcare and Police hit via Check Point & Cisco CVEs.
BRAINCIPHER Ransomware: 4 New Victims Posted — Cross-Sector Surge & Detection Engineering
BRAINCIPHER claims 4 new US/BR victims. Actively exploiting Check Point & ScreenConnect flaws. Immediate detection guidance included.
WORLDLEAKS Ransomware: Global Business Services Surge — CISA KEV Exploitation & Detection Engineering
WORLDLEAKS posts 4 new victims across PK, BR, US, IT leveraging CVE-2024-1708 and Check Point vulnerabilities. Critical detection rules included.
APT73 Ransomware Gang: Global Surge Exploiting Check Point & ScreenConnect Vulnerabilities
APT73 targets Technology & Hospitality sectors across 4 nations. Active exploitation of CVE-2024-1708 & Check Point flaws confirmed.
MEDUSALOCKER Intelligence Briefing: Surge in DACH Region Targets Telecom & Public Sector — Critical CVEs Exploited
MedusaLocker posts 10 new victims, heavily targeting Germany. Active exploitation of Check Point & ConnectWise CVEs observed.
KRYBIT Ransomware Gang: 11 New Victims Posted — Perimeter Breach Analysis & Detection Rules
KRYBIT posts 11 new victims targeting Tech and Logistics. Immediate patching for Check Point, Cisco, and ScreenConnect CVEs is critical.
INCRANSOM Gang: Aggressive Public Sector & Healthcare Targeting — Critical CVE Exploitation
INCRANSOM escalates attacks on US/BR Public Sector and Healthcare using Check Point & ScreenConnect exploits. Patch immediately.
THEGENTLEMEN Ransomware: France-Targeted Surge, Critical Infrastructure Hits & Exploit-Led Intrusions
THEGENTLEMEN gang exploits Check Point & ScreenConnect flaws, heavily targeting French logistics/healthcare. Actionable IOCs & detection rules inside.
THEGENTLEMEN Ransomware Gang: Global Campaign Intensifies — Sector Targeting Analysis & Detection Rules
THEGENTLEMEN ransomware group posts 15 new victims across multiple sectors with focus on France, US, and Taiwan. Immediate action required for exposed Check Point and Cisco systems.
THEGENTLEMEN Ransomware: Critical Infrastructure Surge & Exploitation of Network Perimeter
THEGENTLEMEN exploits Check Point & Cisco FMC flaws to hit 15 victims across Energy & Public Sector. Detection rules inside.
THEGENTLEMEN Ransomware: 15+ Victims Posted — Analysis of Multi-Vector CVE Exploitation
THEGENTLEMEN aggressively targets logistics, healthcare, and public sectors across FR/US. Immediate patching for ScreenConnect, Check Point, and Cisco FMC required.
QILIN Ransomware: Global Surge Targets Manufacturing & Services — Critical Edge Device Exploitation Detected
QILIN posts 19 victims in 48 hours, targeting manufacturing and business services via Check Point and Cisco exploits.
QILIN Ransomware: 19 New Victims & Surge in Business Services Targeting — Detection Rules for CVE Exploitation
QILIN attacks surge with 19 new victims targeting Business Services. Detection rules for Check Point & ScreenConnect exploits provided.
QILIN Ransomware: 15 New Victims in Manufacturing & Services — Critical CVE Exploitation
Qilin targets Manufacturing and Business Services globally. Immediate action required against Check Point and ScreenConnect vulnerabilities.
QILIN Ransomware Gang: 15 New Victims Posted — Global Multi-Sector Campaign Targets Manufacturing & Business Services
QILIN posted 15 victims across 10 countries in 7 days. Manufacturing and Business Services targeted. Patch edge devices now.
QILIN Ransomware Gang: 15 New Victims Posted — Sector Targeting Analysis & Detection Rules
QILIN posted 15 victims across DE/JP/FR/US in late June 2026, exploiting Check Point, ScreenConnect and Exchange CVEs. Manufacturing and business services are priority targets.
QILIN Ransomware Campaign: 14 New Victims & Critical Firewall Exploitation
Qilin targets Manufacturing and Education sectors globally using Check Point and Cisco exploits. Patch critical CVEs and hunt for RDP anomalies.
QILIN Ransomware: Global Surge in Manufacturing & Education Targeting — Detection & Hardening Guide
Qilin aggressively targets Manufacturing, Education, and Telecom globally exploiting VPN/RCE flaws. Immediate patching for Check Point & ScreenConnect required.
QILIN Ransomware: Global Agri-Tech & Logistics Surge — Critical Exploits Active
Qilin targeting agriculture, telecom, and logistics. Patch ScreenConnect and Check Point CVEs immediately.
STORMOUS Gang: Retail & Energy Sector Blitz — CVE-2024-1708 & Supply Chain Indicators
Stormous claims 14 new victims targeting retail and energy sectors. Immediate patching of ScreenConnect and Check Point required.
STORMOUS Ransomware Gang: Global Surge in Consumer Services & Manufacturing — Critical CVE Exploitation
Stormous releases full data dumps for retail/manufacturing victims. Immediate patching of Check Point and Cisco CVEs required.
NOVA Ransomware: Global Logistics & Public Sector Campaign — Detection Engineering & IOCs
NOVA gang exploits VPN flaws (Check Point/Cisco) to target Transport & Public sectors. Immediate detection rules and IOCs provided.
NOVA Ransomware Gang: 16 New Victims Posted — Global Transport & Public Sector Attacks via Network Edge CVEs
NOVA gang hits 16 targets including NSW Rural Fire Service. Active exploitation of Check Point & Cisco CVEs observed.
NOVA Ransomware Gang: 16 New Victims Posted — Transport & Public Sector Surge
NOVA claims 16 new victims targeting Transport & Public sectors. Urgent patching of Check Point and Cisco CVEs required.
NOVA Ransomware Gang: Aggressive Campaign Targeting Logistics & Public Sector — Firewall & RDP Exploitation Surge
NOVA ransomware claims 16 new victims, heavily targeting transportation and public sectors via firewall flaws and RDP exploits. Patch critical CVEs now.
NOVA Ransomware Gang: Global Logistics & Public Sector Assault — CVE-2026-50751 Exploitation Detected
NOVA group aggressively targets transportation and public sectors globally. Patch Check Point VPN and ScreenConnect immediately.
NOVA Ransomware: Critical Infrastructure & Logistics Targeted — Live Campaign Analysis & Countermeasures
NOVA group posts 16 new victims targeting public sector and logistics via Check Point and Cisco flaws. Immediate detection guidance included.
NOVA Ransomware: Surge in Australian Public Sector Attacks — Check Point & ScreenConnect Exploitation
NOVA gang targets AU Public Sector and Logistics via CVE-2024-1708 and firewall flaws. Detection rules included.
NOVA Ransomware Gang: Global Surge in Transportation & Tech Sectors — CVE-2026-50751 Exploitation
NOVA group posted 14 victims in 5 days, heavily targeting Logistics and Tech in LATAM and APAC. Critical CVE-2026-50751 exploitation confirmed.
NOVA Ransomware Gang: 14 New Victims Posted — Sector Targeting Analysis & Detection Rules
NOVA ransomware group targeting transportation, tech, and healthcare sectors across multiple regions. Immediate detection and response recommended.
NOVA Ransomware: Surge in Logistics & Tech Sector Attacks via Critical Check Point CVE
NOVA exploits CVE-2026-50751 targeting logistics and tech. 15+ victims posted. Patch Check Point and ScreenConnect immediately.
NOVA Ransomware: Critical Infrastructure Surge — Check Point & Cisco Exploits Detected
NOVA aggressively targets Logistics/Tech using Check Point and Cisco exploits. 15 new victims posted. Apply detection rules immediately.
NOVA Ransomware: Logistics & Healthcare Sectors Under Siege — Active Exploitation of Check Point & Cisco CVEs
NOVA gang exploits CVE-2026-50751 & CVE-2026-20131. Targeting logistics & healthcare globally. Includes detection rules.
CISA KEV Flash: 5 CVEs Added — Lantronix & Ubiquiti Under Active Attack
Active exploitation confirmed for Lantronix EDS5000, Ubiquiti UniFi OS, and Splunk Enterprise. Patch immediately.
NOVA Ransomware: Global Surge in Transportation & Tech Sectors — Critical KEV Exploitation Detected
NOVA gang exploits ScreenConnect & Check Point flaws in new campaign targeting Logistics and Tech. Detection rules and patching guidance included.
QILIN Ransomware Gang: 17 New Victims Posted — Global Campaign Targeting Financial & Construction Sectors
QILIN ransomware group accelerates attacks targeting financial services and construction firms globally. Enterprise defenders need to review VPN configurations and monitor for unusual lateral movement patterns immediately.
QILIN Ransomware: Surge in Construction Sector Attacks & Critical Firewall Exploitation
QILIN exploits Check Point and Cisco CVEs against global construction/finance firms. Immediate patching and VPN hardening required.
QILIN Ransomware: Global Campaign Targets Construction & Finance — Detection Engineering & TTPs
Qilin posts 16 new victims heavily targeting construction & finance sectors. Immediate detection rules for RDP brute force & PowerShell staging included.
QILIN Ransomware: 15 Victims in 5 Days — Construction Sector Under Siege
QILIN aggressively targets Construction and Finance sectors exploiting Check Point and Cisco CVEs. Immediate patching advised.
QILIN Ransomware Campaign: Surge in Construction & Financial Sector Attacks
Qilin gang aggressively targets construction and financial sectors via Check Point and ScreenConnect exploits. Immediate patching required.
QILIN Ransomware: 16 Victims Hit in Global Construction & Finance Surge — Detection Rules
Qilin gang aggressively targets US construction & global finance. Patch ScreenConnect & Cisco FMC immediately. Includes SIGMA & KQL.
QILIN Ransomware: Financial Sector & Critical Infrastructure Under Siege — Detection Rules & IOCs
Qilin claims 15 victims incl. Central Bank of Libya. Active exploitation of Check Point & ConnectWise. Patch immediately.
LOCKBIT5: Manufacturing & Healthcare Sectors Under Siege — Check Point & Cisco Firewall Exploits Detected
LOCKBIT5 exploits CVE-2026-50751 to target Manufacturing & Healthcare. Patch firewalls & harden RDP immediately.
LOCKBIT5 Ransomware: Global Surge Targeting Healthcare & Manufacturing — Detection Engineering Brief
LOCKBIT5 posts 15 new victims in 72 hours, heavily targeting healthcare and manufacturing. Patch CVE-2026-50751 & CVE-2024-1708 immediately.
Showing 50 of 252 reports. Archive expands automatically as new intel is generated.
Every RansomwareReport Includes SIGMA & KQL Detection Rules
Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.