Ransomware Intelligence
Active ransomware gang campaigns, victim disclosures from leak sites, RaaS affiliate recruitment, and SIGMA detection rules for every known ransomware family targeting enterprise environments.
Ransomware — Archive & Latest
QILIN Ransomware: Surge in Business Services Attacks & Exploitation of New Check Point CVE
Qilin posts 19 new victims, heavily targeting US Business Services. Immediate patching of Check Point and ScreenConnect CVEs required.
QILIN Ransomware Gang: 19 New Victims Posted — Sector Targeting Analysis & Detection Rules
QILIN intensifies attacks on Business Services sector across US and Europe. Detection rules provided.
QILIN Ransomware: 19 New Victims Posted — Surge in Professional Services & Detection Engineering
Qilin claims 19 new victims, heavily targeting Business Services & Legal sectors via VPN/RDP exploits. Patch ScreenConnect & Check Point immediately.
QILIN Ransomware Gang: 19 New Victims Posted — Critical Firewall & RaaS Activity Surge
QILIN claims 19 new victims, heavily targeting US Business Services. Immediate action required on Check Point & Cisco CVEs and RDP hardening.
QILIN Ransomware Gang: Surge in Attacks on US Business Services & Critical Infrastructure Vulnerabilities
QILIN posts 21 victims, heavily targeting US Business Services via Check Point and ScreenConnect exploits. Immediate patching required.
QILIN Ransomware: Aggressive Campaign Targeting US Professional Services — Critical CVEs & IOCs
Qilin gang heavily targeting US Business Services and Retail. Patch Check Point and ScreenConnect CVEs immediately.
QILIN Ransomware: 15 New Victims in Professional Services & Retail — KEV Exploitation Alert
Qilin claims 15+ US victims in Business & Consumer services. Immediate patching of ConnectWise and Check Point CVEs is critical.
QILIN Ransomware: 15+ Victims in 48 Hours — Check Point & ConnectWise Exploitation Surge
Qilin gang posts 15+ new victims targeting US Consumer/Business sectors. Immediate patching for Check Point CVE-2026-50751 required.
QILIN Ransomware: Legal Sector Under Siege — 15 Victims Posted & Critical Check Point CVE Exploited
Qilin posts 15 new victims targeting US legal and energy sectors. Actively exploiting Check Point VPN and ScreenConnect vulnerabilities.
QILIN Ransomware: Critical Check Point & Cisco Firewall Exploits Fueling Healthcare & Manufacturing Surge
QILIN gang exploits CVE-2026-50751; targeting US Healthcare & Manufacturing. Detection rules and IOCs included.
THEGENTLEMEN Ransomware: Global Surge Exploiting Check Point & Cisco Perimeter Flaws
THEGENTLEMEN claims 15+ global victims, heavily targeting Healthcare and Tech via CVE-2026-50751 and ScreenConnect exploits.
THEGENTLEMEN Ransomware: Critical Surge in Healthcare & Tech Targets — CVE-2026-50751 Exploitation Analysis
THEGENTLEMEN posted 15+ victims in 24h. Active exploitation of CVE-2026-50751 (Check Point) and ScreenConnect detected. Patching and detection rules required.
THEGENTLEMEN Ransomware Gang: 24 New Victims Posted — Sector Targeting Analysis & Detection Rules
THEGENTLEMEN ransomware group posts 15 victims in 24 hours, heavily targeting healthcare and technology sectors. Detection rules and mitigation included.
THEGENTLEMEN Ransomware: Global Healthcare & Tech Surge — Critical Exploit Analysis
THEGENTLEMEN claims 15 new victims targeting Healthcare and Technology sectors globally. Action required for CVE-2024-1708 and Exchange exploits.
THEGENTLEMEN Ransomware: 15 New Victims Posted — Surge in Healthcare & Tech Targeting via Cisco & ConnectWise
THEGENTLEMEN posted 15 victims on June 8, heavily targeting Healthcare and Tech. Immediate patching of Cisco FMC and ConnectWise CVEs is critical.
THEGENTLEMEN Ransomware: Global Surge Targeting Healthcare & Tech — Critical CVEs & Detection Rules
THEGENTLEMEN claims 24 victims targeting Healthcare/Tech. Exploits include ScreenConnect & Nx Console. Immediate action required.
THEGENTLEMEN Ransomware: 15 New Victims Posted — Global Healthcare & Tech Surge + KEV Exploitation
THEGENTLEMEN gang posted 15 new victims, heavily targeting Healthcare and Tech sectors via ConnectWise and Exchange exploits. Immediate patching required.
QILIN Ransomware Gang: 15 New Victims Posted — Global Targeting Analysis & Detection Rules
QILIN posts 15 new victims targeting healthcare, construction & energy sectors. Detection rules and TTPs analysis included.
QILIN Ransomware: Global Surge in Healthcare & Energy Sectors — Campaign Analysis & Detection Engineering
Qilin ransomware aggressively targets Healthcare, Energy, and Business Services via ScreenConnect exploits. Immediate detection rules provided.
QILIN Ransomware: 15 New Victims Identified — Cross-Sector Surge & Critical CVE Exploitation
Qilin claims 15 new victims across Healthcare, Construction, and Energy, leveraging ConnectWise and Cisco CVEs for initial access.
QILIN Ransomware: Critical Infrastructure & Healthcare Under Siege via KEV Exploits
Qilin gang exploits CISA KEV vulnerabilities to target Healthcare and Energy sectors globally. Immediate patching of ScreenConnect and Cisco FMC required.
QILIN Ransomware: Surge in Healthcare & Energy Targeting — 15 New Victims Confirmed
Qilin posted 15 new victims targeting Healthcare, Energy, and Construction globally. Immediate patching of ScreenConnect and Exchange advised.
QILIN Ransomware: Multi-Sector Surge Targeting Healthcare & Energy — IOCs & Detection Rules
QILIN gang intensifies attacks on Healthcare, Energy, and Logistics across US and EU. Critical CVEs exploited. Immediate detection guidance inside.
QILIN Ransomware Gang: Healthcare & Energy Sector Attacks Surge — Detection & Response Guidance
QILIN targets 15 new victims across healthcare and energy sectors. Detection rules and IR priorities included.
THEGENTLEMEN Ransomware: Aggressive Campaign Targets Healthcare & Logistics — Analysis of 16 New Victims
THEGENTLEMEN group posts 16 new victims, heavily targeting US healthcare and logistics. Immediate patching of ScreenConnect and Exchange required.
THEGENTLEMEN Ransomware: Global Healthcare & Logistics Assault — Detection Engineering
THEGENTLEMEN exploits ScreenConnect & Exchange CVEs to target US healthcare and global logistics. Immediate detection rules provided.
THEGENTLEMEN Ransomware: Global Surge in Healthcare & Logistics — Critical CVE Analysis
THEGENTLEMEN group exploits ScreenConnect and Cisco FMC flaws to target Healthcare and Logistics sectors. Immediate patching and detection advised.
THEGENTLEMEN Ransomware: Healthcare & Logistics Surge — ScreenConnect Exploitation & Detection
THEGENTLEMEN surge targets Healthcare/Logistics via ScreenConnect/CVE-2026-48027. Immediate detection rules required.
THEGENTLEMEN Ransomware Gang: 21 Victims Posted — Healthcare & Logistics Targeting & Detection Rules
THEGENTLEMEN posts 21 new victims, heavily targeting US healthcare & global logistics. Immediate detection of CVE-2024-1708 & lateral movement required.
GENESIS Ransomware: US Sector Blitz — Technical Analysis & Defense
GENESIS targets US Business & Healthcare sectors with 9 new victims. Exploits ConnectWise & Exchange. Immediate detection rules inside.
GENESIS Ransomware: US Sector Blitz — Critical Exploitation of ScreenConnect & Firewall Management Flaws
GENESIS gang posts 9 US victims in 5 days, targeting Healthcare & Business Services. Leverages ScreenConnect and Cisco FMC CVEs.
SAFEPAY Ransomware: European Campaign Escalation — Exploitation of ScreenConnect & Nx Console Vulnerabilities
SAFEPAY claims 7 new victims. Recent spike linked to ScreenConnect (CVE-2024-1708) and Nx Console (CVE-2026-48027) exploitation.
QILIN Ransomware Gang: Healthcare Sector Under Siege — 13 New Victims Posted & Critical CVE Exploitation
Qilin ransomware gang posted 13 new victims in early June, heavily targeting healthcare sector across US, Chile, Australia. Immediate patching of CVE-2026-48027 and CVE-2024-1708 strongly advised.
CISA KEV Flash: Critical PAN-OS Auth Bypass & Linux Kernel Flaws Under Active Attack
CISA adds 8 CVEs. PAN-OS auth bypass, Linux Kernel LPE, and supply chain attacks active. Patch immediately.
QILIN Ransomware: Aggressive Healthcare Campaign Leveraging CVE-2026-48027
Qilin posted 15 new victims, heavily targeting US healthcare. Suspected use of new Nx Console exploit; immediate patching and hunting required.
QILIN Ransomware: 14 New Victims Posted — Healthcare & Manufacturing Under Siege
Qilin claims 14 new victims, heavily targeting US healthcare and manufacturing. Exploitation of CVE-2024-1708 and ScreenConnect observed.
QILIN Ransomware Gang: 14 New Victims Posted — Sector Targeting Analysis & Detection Rules
QILIN ransomware attacks surge with 14 new victims, targeting Manufacturing, Healthcare and Business Services sectors in the US. Organizations in these verticals should review detection rules immediately.
QILIN Ransomware: Aggressive US Healthcare & Manufacturing Campaign — KEV Exploitation
Qilin targets US Healthcare/Manufacturing using ConnectWise & Exchange exploits. Immediate IOCs and Sigma rules provided.
QILIN Ransomware: Global Blitz on Manufacturing & Healthcare — Critical CVE Detection & IOCs
QILIN claims 15+ new victims across US, AU, and EU. Manufacturing and Healthcare are primary targets. Detect ScreenConnect and SmarterMail exploits.
QILIN Ransomware Campaign: US Manufacturing & Healthcare Under Siege — IOCs & Detection Engineering
Qilin heavily targets US Manufacturing & Healthcare. Patch CVE-2026-48027 immediately. Detection rules for lateral movement included.
QILIN Ransomware: Critical Vulnerability Exploitation Wave Hits US Healthcare & Manufacturing
Qilin aggressively exploits ScreenConnect and Cisco FMC flaws to target US healthcare and manufacturing. Immediate patching and IOC hunting required.
QILIN Ransomware: Surge in US Healthcare & Manufacturing Attacks — Detection Engineering Brief
QILIN posted 15+ new victims, heavily targeting US Healthcare & Manufacturing. Immediate detection rules for ScreenConnect & RDP abuse inside.
QILIN Ransomware: Aggressive Exploitation of Nx Console & ScreenConnect Vulnerabilities Targeting US Healthcare
QILIN exploits new Nx Console and ConnectWise flaws, heavily targeting US Healthcare and Manufacturing. Immediate patching and detection rules required.
QILIN Ransomware: 15+ Victims in 48-Hour Blitz — US Healthcare & Manufacturing Under Siege
Qilin posted 15+ victims in 48 hours, heavily targeting US healthcare & manufacturing. Immediate patching for ConnectWise & Cisco flaws required.
DRAGONFORCE Ransomware: Mass Exploitation via Nx Console & Critical Infrastructure Attack
DRAGONFORCE exploits CVE-2026-48027 targeting Manufacturing and Tech. 15+ new victims posted in 48 hours. Immediate detection engineering required.
DRAGONFORCE Ransomware: 25 New Victims — Manufacturing & Services Targeted via RMM & Firewall Exploits
DRAGONFORCE aggressively targets US/GB Manufacturing & Services. Actively exploiting ConnectWise & Cisco FMC flaws. Patch CISA KEVs now.
DRAGONFORCE Ransomware Gang: 15 New Victims in 3 Days — Business Services & Technology Sectors Targeted
DRAGONFORCE posts 15 victims targeting Business Services & Technology. Organizations must patch CVE-2026-48027 immediately.
DRAGONFORCE Ransomware Gang: Multi-Sector Attack Campaign — Detection Engineering & Threat Intel Briefing
DRAGONFORCE ransomware posts 15 victims across 7 sectors, exploiting CVE-2026-48027 and CVE-2024-1708. Enterprises must implement detection rules immediately.
DRAGONFORCE Ransomware: 15 New Victims Posted — Cross-Sector Targeting Analysis & Detection Rules
DRAGONFORCE surge: 15 new victims hit in Logistics, Tech, and Healthcare. Critical detection rules for ScreenConnect and Exchange exploitation.
DRAGONFORCE Ransomware: 15-Victim Surge — Cross-Sector Blitz & Critical CVE Exploitation
Dragonforce claims 15 new victims in Logistics, Tech, and Healthcare. Immediate patching for ScreenConnect (CVE-2024-1708) and Nx Console required.
Showing 50 of 179 reports. Archive expands automatically as new intel is generated.
Every RansomwareReport Includes SIGMA & KQL Detection Rules
Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.