OCD ransomware map
latest = version 25 (September 2023)
Map tracking multiple ransomware groups, by OCD World Watch team
Released as part of our research paper on cyber extorsion: Cy-Xplorer 2023 report, available here: https://www.orangecyberdefense.com/global/white-papers/cy-xplorer-2023
Global CERT ORANGE CYBERDEFENSE
All rights reserved.
This graph does not aim at being exhaustive. Its goal is to showcase relationships between relevant ransomware operations and does not purposely list all existing ransomware groups since 2015. Names of strains and associated threat actors were chosen arbitrarily by us among the most popular alias used among the cybersecurity community. It does not mean we endorse the vendor that created the alias.
As a reminder, it is extremely complex to assert relationship and attribution when looking at the cybercrime ecosystem: threat actors are extremely volatile and connected between each other, making effective collaborations hard to define and track over time. In addition to our internal resources (monitoring, reverse engineering, Incident Response engagements related to most of these prominent groups), this mapping makes use of numerous public and private reports from incident responders, malware analysts, CTI researchers,… We paid attention to carefully select, corroborate and fact-check such intelligence with trusted and well recognized sources, but may have still made small mistakes or debatable associations. Don’t hesitate to send us your feedback if any.
Changelog:
2023/09/19: V25
Edit: Ako
Edit: Cheers
Edit: Cinnamon Tempest
Edit: Cl0p
Edit: DagonLocker
Edit: DoppelPaymer
Edit: Globe
Edit: GlobeImposter
Edit: Graceful Spider
Edit: Rook
Edit: Scarab
Edit: TommyLeaks
Edit: Vice Society
Edit: Vurten
New addition: 3AM
New addition: AstraLocker
New addition: ARCrypter
New addition: Bidon
New addition: Cloak
New addition: CryptWall
New addition: Dungeon Dragon
New addition: Feral Spider
New addition: FreeWorld
New addition: Frozen Spider
New addition: Good Day
New addition: Hound Spider
New addition: INC
New addition: Key Group
New addition: Masked Spider
New addition: Megazord
New addition: Punk Spider
New addition: Quantum Spider
New addition: Vice Spider
New addition: Zeon
2023/08/03: V24
Edit: 8Base
Edit: BlackSuit
Edit: Cuba
Edit: FIN8
Edit: Industrial Spy
New addition: ARCrypter
New addition: BigHead
New addition: Brain Spider
New addition: CryptNet
New addition: Everbe
New addition: Everbe 2.0
New addition: Everest
New addition: Knight
New addition: Mangled Spider
New addition: Poop69
New addition: Radar
New addition: Storm-0506
New addition: Storm-0970
New addition: Storm-0978
New addition: Storm-1339
New addition: Venus
New addition: Zeoticus
New addition: Zeoticus 2.0
2023/06/28: V23
Edit link: BlogXX
Edit link: Mallox
Edit link: Mountlocker
Edit link: Rorschach
New addition: 8Base
New addition: BlackSuit
New addition: Cyclops
New addition: Darkrace
New addition: El Cometa
New addition: Industrial Spy
New addition: MalasLocker
New addition: NoEscape
New addition: Obsidian ORB
New addition: Rhysida
New addition: SamSam (Boss Spider)
New addition: Synack
New addition: Underground Team
New addition: Wannacry (Lazarus)
New addition: Xollam
2023/05/31: V22
(many changes...)