Uptime Hamster: 15d 3h 57mDeploy: 13 Jul 2026 08:04Updated: 2026-07-14
Logo del actor de amenaza ragroup

ragroup

0 incidentes 0 paises 0 sectores ransomware CN Ultimo: -
Aliases: RA World
Ver en IntelTracker → APTTrail →
RAGROUP is a ransomware group that emerged in mid-April 2023, notably launching its data leak site by April 22, 2023. The group's operations are financially motivated, and it is distinguished by its use of customized ransomware derived from the leaked Babuk source code, with unique modifications such as intermittent file encryption to evade detection. RAGROUP employs a double extortion model, threatening to publish exfiltrated victim data if ransoms are not paid. They are also known for tailoring ransom notes with specific victim names and details, and uncommonly, for selling stolen data.

Aliases del actor

RA World

Actores similares

worldleaksransomware · 167raworldransomware · 1

Canales, DLS e infraestructura asociada

Clasificacion automatica desde IntelTracker/APTTrail/OSINT. Estado real solo si viene indicado por la fuente.

TipoEstadoHost / enlaceTitle / ultimo titulo
DLS / leak siteunknownwww.zoominfo.comIndra Group
DLS / leak siteunknownwrite.asIndra Group
DLS / leak siteunknownwww.zoominfo.comIndra Group
DLS / leak siteunknownwww.zoominfo.comIndra Group
DLS / leak siteunknownwww.zoominfo.comIndra Group
DLS / leak siteunknownwww.zoominfo.comIndra Group
DLS / leak siteunknownwww.tkmsgroup.comIndra Group
DLS / leak siteunknownwww.linkedin.comIndra Group
DLS / leak siteunknownen.wikipedia.orgIndra Group
DLS / leak siteunknownwww.zoominfo.comIndra Group
DLS / leak siteunknownwww.zoominfo.comIndra Group
DLS / leak siteunknownwww.shamrock.comIndra Group
DLS / leak siteunknownwww.medicrescue.orgIndra Group
DLS / leak siteunknownwww.zoominfo.comIndra Group
DLS / onionunknownpeargxn3oki34c4savcbcfqofjjwjnnyrlrbszfv6ujlx36mhrh57did.onionORA Group Information
DLS / onionunknownpearsmob5sn44ismokiusuld34pnfwi6ctgin3qbvonpoob4lh3rmtqd.onionORA Group Information
Tecnicas MITRE
TA0001: Initial Access, TA0004: Privilege Escalation, TA0009: Collection, TA0011: Command and Control, TA0010: Exfiltration, TA0006: Credential Access
Tipo
ransomware
Pais origen
CN
Motivacion
-
Impacto
69
Actualizado
Fri, 19 Ju

Paises objetivo (SOCRadar)

ArgentinaAustraliaBrazilChinaGermanyFranceUnited KingdomIndiaKorea, Republic ofNetherlands

Sectores objetivo (SOCRadar)

Construction of BuildingsOther Information ServicesSoftware PublishersEnterprises & HoldingManufacturingElectrical Equipment, Appliance, and Component ManufacturingPublic AdministrationWholesale TradeData Processing ServicesInternet Publishing