This repository serves as an archive of publicly available reports/whitepapers/articles related to Ransomware. This might be useful for researchers as a reference as I didn't find a central repository containing these reports.
This repo is inspired from threat-INTel and APTnotes.
The content in this repository contains detailed analysis of the ransomware and not non-technical blogs about the ransomware like from Zdnet, Dark Reading, etc.
Special thanks to Group-IB whose pictures are extensively used here.
- FireEye - The Evolving Maturity in Ransomware Operations: A Black Hat Europe 2020 Whitepaper - Dec 2020
- FireEye - It's not FINished - The Evolving Maturity in Ransomware Operations - 2020
- Datto - Global State of the Channel Ransomware Report - Nov 2020
- Group-IB the evolution of ransomware and its distribution methods
- Sophos - THE STATE OF RANSOMWARE 2020 - May 2020
- BitDefender - Ransomware A Victim’s Perspective: A study on US and European Internet Users - Jan 2016
- Sophos - How Ransomware Attacks
- FireEye - Ransomware Protection and Containment Strategies Whitepaper
- TrendLabs - Ransomware Past, Present, and Future
- ESET - TRENDS IN ANDROID RANSOMWARE - 2017
- SentinelOne - RANSOMWARE RESEARCH DATA SUMMARY - 2016
- Malwarebytes - CYBERCRIME TACTICS AND TECHNIQUES: Ransomware Retrospective - Aug 2019
- McAfee - Targeted Ransomware No Longer a Future Threat - Feb 2016
- DFIR Report - NetWalker Ransomware in 1 Hour - Aug 2020
- TrendMicro - Reflective Loading Runs Netwalker Fileless Ransomware - May 2020
- Group-IB – Egregor ransomware: The legacy of Maze lives on – Nov 2020
- Cybereason – Cybereason vs. Egregor Ransomware – Nov 2020
- Cyble – EGREGOR RANSOMWARE – A DEEP DIVE INTO ITS ACTIVITIES AND TECHNIQUES – Oct 2020
- FireEye Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents - May 2020
- BitDefender - A Technical Look into Maze Ransomware Whitepaper
- McAfee - Ransomware Maze - Mar 2020
- Preempt - Maze Ransomware Analysis and Protection
- IronNet Blog - Navigating Maze ransomware
- Crowdstrike - The Many Paths Through Maze - May 2020
- HHS Cybersecurity Program - 06/04/2020
- The National Cyber-Forensics and Training Alliance Whitepaper - December 02, 2019
- Maze Ransomware Campaign Spoofs Italian Revenue Agency Correspondence - Oct 2019
- ShieldX Maze Ransomware: Try Not to Be A’Maze’d - Nov 2018
- McAfee Labs Threat Advisory Ransomware-Maze - Feb 2020
- DSCI MAZE RANSOMWARE TECHNICAL REPORT - 2020
- Threat Actor TA2101 (ProofPoint) using Maze Ransomware to target Government and Commercial Entities - Jan 2020
- Cyberinit Cognizant Hit by MAZE Ransomware - Apr 2020
- Ransomware Attackers Use Your Cloud Backups Against You
- Malwation - RYUK Ransomware Technical Analysis Report - 2020
- LogPoint – Comprehensive Detection of Ryuk Ransomware - Nov 2020
- Red Canary - A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak - Nov 2020
- Sophos - They’re back: inside a new Ryuk ransomware attack - Oct 2020
- DFIR Report - Ryuk's Return - Oct 2020
- DFIR Report - Ryuk in 5 hours - Oct 2020
- VMware Carbon Black TAU: Ryuk Ransomware Technical Analysis - Feb 2020
- Red Canary - The Third Amigo: detecting Ryuk ransomware - Feb 2020
- FortiGuard Labs: Ryuk Revisited - Analysis of Recent Ryuk Attack - Mar 2020
- Checkpoint Research - Ryuk Ransomware: A Targeted Campaign Break-Down - Aug 2018
- Malware News - Analysis of Ryuk Ransomware - Dec 2019
- CISA Alert (TA17-132A) - Indicators Associated With WannaCry Ransomware - May 2017
- Security Literate - REVERSING RYUK: A TECHNICAL ANALYSIS OF RYUK RANSOMWARE - Apr 2020
- ZScaler - Examining the Ryuk Ransomware - Oct 2019
- Crowdstrike - Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware - Jan 2019
- HHS Cybersecurity Program - Ryuk Update - Jan 2020
- FBI Flash - Indicators of Compromise Associated with Ryuk Ransomware - May 2019
- Homeland Security and Emergency Services - Threat Report: Emotet, TrickBot, and Ryuk
- RANSOMWARE PLAYBOOK A Special Incident Response Guide for Handling Ryuk Ransomware (Triple-Threat) Attacks - Oct 2019
- Securonix Threat Research - Securonix Threat Research: Detecting High-Impact Targeted Cloud/MSP $14M+ Ryuk and REvil Ransomware Attacks - Jan 2020
- CIS - Security Primer – Ryuk
- Cybereason - Sodinokibi: The Crown Prince of Ransomware - Aug 2019
- Secureworks - REvil/Sodinokibi Ransomware - Sep 2019
- REvil -SodinokibiTechnical analysis andThreat IntelligenceReport - 2019
- DarkTrace - Post-mortem of a targeted Sodinokibi ransomware attack - Feb 2020
- McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us - Oct 2019
- BlackBerry ThreatVector Blog - Threat Spotlight: Sodinokibi Ransomware - Jul 2019
- A brief history and further technical analysis of Sodinokibi Ransomware - Jan 2020
- Acronis - Taking Deep Dive into Sodinokibi Ransomware
- Cisco Talos - Sodinokibi ransomware exploits WebLogic Server vulnerability - Apr 2019
- Sodinokibi Analysis Process
- Cynet Labs - Ransomware Never Dies – Analysis of New Sodinokibi Ransomware Variant - Jul 2019
- KPN - Tracking REvil
- Intel471 - REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation - Mar 2020
- SISA - REvil RANSOMWARE - May 2020
- Tesorion - A connection between the Sodinokibi and GandCrab ransomware families?
- Sodinokibi: Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike - Jun 2020
- McAfee Labs Threat Advisory Ransomware-Sodinokibi - Apr 2020
- Arete - Sodinokibi Ransomware 2020
- Securonix Threat Research:Detecting High-Impact Targeted Cloud/MSP $14M+ Ryuk and REvil Ransomware Attacks - Jan 2020
- Zdnet - REvil ransomware gang launches auction site to sell stolen data - 2020
- Acronis - Evolution of GandCrab Ransomware
- VMRay - The Evolution of GandCrab Ransomware - Jun 2018
- Securonix Threat Research - GANDCRAB RANSOMWARE ATTACK
- FortiNet - GandCrab V4.0 Analysis: New Shell, Same Old Menace - Jul 2018
- CheckPoint - The GandCrab Ransomware Mindset - Mar 2018
- Tesorion - A connection between the Sodinokibi and GandCrab ransomware families?
- BitDefender - GandCrab: The Most Popular Multi-Million Dollar Ransomware of the Year - Oct 2018
- Unpacking GandCrab Ransomware
- LogRhythm - A Technical Analysis of WannaCry Ransomware - May 2017
- FireEye - WannaCry Malware Profile - May 2017
- Cisco Talos - Player 3 Has Entered the Game: Say Hello to 'WannaCry' - May 2017
- Antiy Labs - IN-DEPTH ANALYSIS REPORT ON WANNACRY RANSOMWARE - Jul 2017
- Secureworks - WCry Ransomware Analysis - May 2017)
- Sophos - WannaCry Aftershock
- McAfee Labs - Further Analysis of WannaCry Ransomware - May 2017
- ThaiCERT - WannaCry Ransomware - May 2017
- WannaCry Ransomware: Analysis of Infection, Persistence, Recovery Prevention and Propagation Mechanisms
- Recorded Future - What Is WannaCry? Analyzing the Global Ransomware Attack - May 2017
- "WannaCry" ransomware attack: Technical intelligence analysis - May 2017
- Tripwire - WANNACRY RANSOMWARE
- Elastic - WCry/WanaCry ransomware technical analysis - May 2017
- CRITICAL ALERT - Wannacry / WannaCryptRansomware
- CERT-MU THE WANNACRY RANSOMWARE - May 2017
- Analyzing WannaCry RansomwareConsidering the Weapons and Exploits Whitepaper
- Intezer - WannaCry Ransomware: Potential Link to North Korea
- Department of Health: Investigation: WannaCry cyber attack and the NHS
- Applying Diamond Model on WannaCry Ransomware Incident
- Carbon Black TAU Threat Analysis: Recent Dharma Ransomware Highlights Attackers’ Continued Use of Open-Source Tools - Jul 2018
- Panda Security - Ransomware from the Crysis/Dharma family Report - Nov 2017
- Comodo - Dharma 2.0 ransomware continues to wreak havoc with new variant - Mar 2020
- DarkTrace - Old but still dangerous – Dharma ransomware via RDP intrusion - May 2020
- Crowdstrike - Targeted Dharma Ransomware Intrusions Exhibit Consistent Techniques - Apr 2020
- FortiNet - Dharma Ransomware: What It’s Teaching Us - Nov 2018
- Cymulate - Immediate Threat Analysis – New Dharma Ransomware Strain Found in the Wild - Aug 2019
- Quick Heal - An analysis of the Dharma ransomware outbreak by Quick Heal Security Labs - May 2018
- Quick Heal - Dharma Ransomware Variant Malspam Targeting COVID-19 - Apr 2020
- Dharma ransomware. 36 Variants listed. 2020 removal instructions - Aug 2020
- Crowdstrike - An In-Depth Analysis of Samsam Ransomware and BOSS SPIDER - May 2018
- Sophos - SamSam Ransomware Chooses Its Targets Carefully - Apr 2018
- Secureworks - SamSam Ransomware Campaigns - Feb 2018
- Malwarebytes - SamSam ransomware: controlled distribution for an elusive malware - Jun 2018
- Sophos - SamSam: The (Almost) Six Million Dollar Ransomware
- CISA Alert (AA18-337A) SamSam Ransomware - Dec 2018
- Healthcare Cybersecurity and Communications Integration Center - Report on Ongoing SamSam Ransomware Campaigns - Mar 2018