Ransomware Groups

Ransomware Groups

The Ransomware Groups tab provides complete visibility into all known ransomware operators tracked by the system. This section is crucial for understanding the evolving threat landscape, as it not only lists the groups but also tracks their status, activity, and victims. By continuously monitoring both active and inactive groups, the system ensures that no potential threat actor goes unnoticed.

Group Statistics (Top Summary Boxes)

At the top of the interface, you will see four key indicators, each of which is clickable to drill down into more detail:

  • All Ransomware Groups

    Displays the total number of ransomware groups that have been detected and cataloged by the system. Clicking this shows the complete list of groups regardless of their current activity.

  • Active Groups

    Represents the groups that are currently operational and launching attacks. These are the most dangerous and require close monitoring. Clicking this filters the list to only display groups marked as Active.

  • Offline Groups

    Shows groups that have been dismantled, disappeared, or stopped their operations. Even though they’re offline, their past activities remain important for historical analysis. Clicking this displays only Offline groups.

  • Groups Created Recently

    Highlights newly discovered ransomware groups. This metric is especially important for detecting emerging threats early. Clicking this reveals only the latest groups added to the database.

Detailed Group List

When you scroll down, the system displays a table of groups, and clicking on any of them opens deeper details. Each column represents specific intelligence:

  • # (Number / ID)

    An internal identifier assigned to each ransomware group for reference within the system.

  • Group Name

    The official or commonly used name of the ransomware group (e.g., qilin, play, everest).

  • Victim Detected

    Shows the number of victims attributed to this ransomware group, allowing you to gauge its scale and aggressiveness.

  • Status

    Indicates whether the group is Active (still attacking) or Offline (no longer operational).

  • Last Update

    The timestamp of the most recent intelligence update about this group, ensuring that the information you see is always fresh.

  • Last Victim

    The exact date and time when the latest victim of this ransomware group was detected.

Why This Matters

By combining historical intelligence (offline groups) with real-time activity tracking (active and newly created groups), this section provides unmatched visibility into the ransomware ecosystem. It empowers security teams to:

  • Prioritize defenses against currently active groups.

  • Detect newly emerging groups before they spread widely.

PreviousRansomware NotesNextVictims by Country

Last updated

Was this helpful?