Orange Cyberdefense CERT - World Watch team's ransomware ecosystem map

latest = version 27 (September 2024)

Visual map of our tracking of most ransomware groups

Released as part of our research paper on cyber extorsion: Cy-Xplorer 2023 report, available at https://www.orangecyberdefense.com/global/white-papers/cy-xplorer-2023

Hope this helps!

World Watch - Global CERT - Orange Cyberdefense

Disclaimer:

This graph does not aim at being exhaustive. Its goal is to showcase relationships between relevant ransomware operations and does not purposely list all existing ransomware groups since 2015. Names of strains and associated threat actors were chosen arbitrarily by us among the most popular alias used among the cybersecurity community. It does not mean we endorse the vendor that created the alias.

As a reminder, it is extremely complex to assert relationship and attribution when looking at the cybercrime ecosystem: threat actors are extremely volatile and connected between each other, making effective collaborations hard to define and track over time. In addition to our internal resources (monitoring, reverse engineering, Incident Response engagements related to most of these prominent groups), this mapping makes use of numerous public and private reports from incident responders, malware analysts, CTI researchers,… We paid attention to carefully select, corroborate and fact-check such intelligence with trusted and well recognized sources, but may have still made small mistakes or debatable associations.

Don’t hesitate to send us your feedback if any.

Changelog:

2024/09/18: V27

Edit: 8base

Edit: Abyss

Edit: Babuk

Edit: BianLian

Edit: BlackSuit

Edit: CryptNet

Edit: Dispossessor

Edit: Donex

Edit: Dunghill

Edit: Gold Feather

Edit: Gold Rebellion

Edit: Hunters International

Edit: Karakurt

Edit: Knight

Edit: Kuiper

Edit: Monti

Edit: NoEscape

Edit: Pilfering Scorpius

Edit: RansomCartel

Edit: Ransomed

Edit: Rhysida

Edit: Shining Spider

Edit: Zeppelin

New addition: 2023lock

New addition: APT73

New addition: Arcus Media

New addition: Brain Cipher

New addition: Burning Scorpius

New addition: Cicada3301

New addition: D0nut

New addition: El Dorado

New addition: Embargo

New addition: Fog

New addition: Gold Crescent

New addition: Gold Sonata

New addition: Gold Tomahawk

New addition: Holiday Spider

New addition: KillSecurity

New addition: Kuza

New addition: LukaLocker

New addition: Lynx

New addition: MeowLeaks

New addition: Oceans

New addition: Phalcon

New addition: Procedural Scorpius

New addition: Pryx

New addition: RansomHub

New addition: Red

New addition: Repellent Scorpius

New addition: Spoiled Scorpius

New addition: Storm-1219

New addition: Trinity

New addition: Tuborg

New addition: Water Gatpanapun

New addition: Weary Scorpius

New addition: Zola

2024/03/21: V26

Edit: 3am

Edit: 8Base

Edit: BlackCat

Edit: BlogXX

Edit: Cactus

Edit: Cylance

Edit: Dark Angels

Edit: Knight

Edit: LockBit 3.0

Edit: Phobos

Edit: Radar

Edit: RagnarLocker

Edit: Rhysida

Edit: Trigona

New addition: BackMyData

New addition: BlackBerserk

New addition: BlackHunt

New addition: BlackOut

New addition: BlackShadow

New addition: BlueLocker

New addition: Ciphbit

New addition: Hunters International

New addition: Kasseika

New addition: Kuiper

New addition: Lambda

New addition: LockBit 4.0

New addition: LostTrust

New addition: MetaEncryptor

New addition: MyData

New addition: Proton

New addition: Proxima

New addition: RobbinHood

New addition: SugarLocker

New addition: Synapse

New addition: Trisec

New addition: Donex

2023/09/19: V25

Edit: Ako

Edit: Cheers

Edit: Cinnamon Tempest

Edit: Cl0p

Edit: DagonLocker

Edit: DoppelPaymer

Edit: Globe

Edit: GlobeImposter

Edit: Graceful Spider

Edit: Rook

Edit: Scarab

Edit: TommyLeaks

Edit: Vice Society

Edit: Vurten

New addition: 3AM

New addition: AstraLocker

New addition: ARCrypter

New addition: Bidon

New addition: Cloak

New addition: CryptWall

New addition: Dungeon Dragon

New addition: Feral Spider

New addition: FreeWorld

New addition: Frozen Spider

New addition: Good Day

New addition: Hound Spider

New addition: INC

New addition: Key Group

New addition: Masked Spider

New addition: Megazord

New addition: Punk Spider

New addition: Quantum Spider

New addition: Vice Spider

New addition: Zeon

2023/08/03: V24

Edit: 8Base

Edit: BlackSuit

Edit: Cuba

Edit: FIN8

Edit: Industrial Spy

New addition: ARCrypter

New addition: BigHead

New addition: Brain Spider

New addition: CryptNet

New addition: Everbe

New addition: Everbe 2.0

New addition: Everest

New addition: Knight

New addition: Mangled Spider

New addition: Poop69

New addition: Radar

New addition: Storm-0506

New addition: Storm-0970

New addition: Storm-0978

New addition: Storm-1339

New addition: Venus

New addition: Zeoticus

New addition: Zeoticus 2.0

2023/06/28: V23

Edit: BlogXX

Edit: Mallox

Edit: Mountlocker

Edit: Rorschach

New addition: 8Base

New addition: BlackSuit

New addition: Cyclops

New addition: Darkrace

New addition: El Cometa

New addition: Industrial Spy

New addition: MalasLocker

New addition: NoEscape

New addition: Obsidian ORB

New addition: Rhysida

New addition: SamSam (Boss Spider)

New addition: Synack

New addition: Underground Team

New addition: Wannacry (Lazarus)

New addition: Xollam

2023/05/31: V22

(many changes...)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Orange Cyberdefense CERT - World Watch team's ransomware ecosystem map

2024/09/18: V27

2024/03/21: V26

2023/09/19: V25

2023/08/03: V24

2023/06/28: V23

2023/05/31: V22

Files

README.md

Latest commit

History

README.md

File metadata and controls

Orange Cyberdefense CERT - World Watch team's ransomware ecosystem map

2024/09/18: V27

2024/03/21: V26

2023/09/19: V25

2023/08/03: V24

2023/06/28: V23

2023/05/31: V22