DragonForce Threat Actor Profile
DragonForce is a cyber threat group that has rapidly evolved from hacktivist beginnings into a prolific ransomware operation. Active since mid-2023, it initially engaged in ideologically driven attacks but later shifted focus to financially motivated extortion.
Trigona
1. Overview Trigona is a double extortion ransomware group that emerged publicly in late 2022, and quickly gained attention for its aggressive enterprise targeting, database-specific encryption techniques, and rapid tooling evolution. Trigona combines file encryption with data exfiltration, threatening public release of stolen information via its dark web leak site. Though less widely known than […]
Royal Ransomware Group
A threat profile of Royal, a sophisticated ransomware group targeting critical infrastructure and enterprises with double extortion tactics, custom tooling, and high-pressure ransom negotiations.
NoEscape
A threat profile of NoEscape, a ransomware group known for enterprise targeting, cross-platform payloads, and aggressive extortion tactics involving encryption and data theft.
8Base Ransomware Group – Threat Actor Profile
A threat profile of 8Base, a rapidly expanding ransomware group known for double extortion tactics, opportunistic targeting, and the re-use of leaked ransomware infrastructure.
BlackCat (ALPHV)
A threat profile of BlackCat (ALPHV), a technically advanced ransomware group known for multi-extortion tactics, cross-platform payloads, and attacks on critical infrastructure across the UK and beyond.
Rhysida Ransomware Group
A detailed threat profile of Rhysida, a politically ambiguous ransomware group known for public sector targeting, double extortion, and its highly visible dark web leak site.
Incransom Ransomware Group
A threat profile of Incransom, an emerging ransomware group known for targeting small-to-mid-sized enterprises with fast-impact encryption and opportunistic extortion campaigns.
MetaEncryptor Ransomware Group
A detailed threat profile of MetaEncryptor, a ransomware group using advanced evasion techniques, double extortion, and targeted enterprise-level campaigns.
Crypto24 Ransomware Group
A threat profile of Crypto24, an emerging ransomware group using targeted double extortion attacks, low-volume campaigns, and deceptive payment infrastructure.
