Related Families: RansomHub
Verticals Targeted: Healthcare, Government, Critical Infrastructure
Related Families: DragonForce, RansomHub, LockBit
Verticals Targeted: Construction, Real Estate, Financial
Executive Summary
Recent industry reporting highlights the ransomware threats faced by various entities in the Middle East. DragonForce ransomware was recently observed targeting a real estate and construction company in Saudi Arabia. However, this is only the tip of the iceberg, as entities in the Middle East, particularly financial services entities in Saudi Arabia and the UAE, are also being heavily targeted by ransomware.
Verticals Targeted: Healthcare, Government, Education, Technology, Manufacturing, SMBs
Executive Summary
Ghost, also known as Cring, is a ransomware family that has been active since at least late 2020. A recent uptick in Ghost activity prompted US agencies to release a joint cybersecurity advisory on Ghost.
Related Families: INC
Verticals Targeted: Legal Services, Retail, Finance, Telecommunications, Agriculture, Manufacturing, Construction, Transportation, Healthcare, Energy
Executive Summary
Lynx ransomware is a ransomware-as-a-service (RaaS) that was first observed in July 2024. Since its debut, the ransomware has gained momentum and has continued its activity into early 2025.
Verticals Targeted: Government, Insurance, Real Estate, Healthcare, Manufacturing, Legal Services, Construction, Retail, Business Services, Energy, Education, Telecommunications, Software, Hospitality, Transportation, Financial
Executive Summary
Medusa ransomware is a RaaS that has been active since at least 2023. Medusa has claimed several victims so far in 2025, including UK’s Gateshead Council.
Verticals Targeted: Government, Business Services, Education, Insurance, Software, Media, Finance, Agriculture, Manufacturing, Construction, Healthcare, Retail
Verticals Targeted: Manufacturing, Finance, Transportation, Legal Services, Healthcare, Defense, Business Services