Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/yashma Note: This page is dedicated to the Yashma (Chaos v6.0) ransomware builder and does not reflect any encryptors created from the builder. Note: This is the second iteration of the Chaos ransomware builder series. For…
Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/chaos-v50 Note: This page is dedicated to the Chaos v5.0 ransomware builder and does not reflect any encryptors created from the builder. Note: This is the second iteration of the Chaos ransomware builder series. For preliminary…
Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/chaos-v40 Note: This page is dedicated to the Chaos v4.0 ransomware builder and does not reflect any encryptors created from the builder. Note: This is the second iteration of the Chaos ransomware builder series. For preliminary…
Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/chaos-v30 Note: This page is dedicated to the Chaos v3.0 ransomware builder and does not reflect any encryptors created from the builder. Note: This is the second iteration of the Chaos ransomware builder series. For preliminary…
Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/chaos-v20 Note: This page is dedicated to the Chaos v2.0 ransomware builder and does not reflect any encryptors created from the builder. Note: This is the second iteration of the Chaos ransomware builder series. For preliminary…
Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/chaos-v10 Note: This page is dedicated to the Chaos v1.0 ransomware builder and does not reflect any encryptors created from the builder. The Chaos v1.0 builder was first seen in June 2021 when a user named ryukRans on the XSS…
Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/0mid16B 0mid16B is a Singaporean national living in Thailand who was arrested in February 2025. It was not a "group," as the individual who ran the operation often claimed. He would use an alias and then change his name on forums…
Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/wagner-0 WAGNER ransomware claims to be the "official virus of PMC Wagner on employment." PMC stands for Private Military Company, and Wagner is a PMC backed by the Russian government. They are more commonly referred to as the…
Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/hakuna-matata Hakuna Matata is a Swahili phrase meaning "there are no worries" (Hakuna = there are no; Matata = worries). It's popularized by the Disney movie The Lion King, performed by Timon and Pumbaa. However, native speakers…
Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/bagli Bagli is commonly called Bagli Wiper because it doesn't actually encrypt files; it overrides the file's bytes with the Random() function (.NET). Therefore, it's technically not ransomware; it's pseudo-ransomware as a wiper…