Related Families: DragonForce, RansomHub, LockBit
Verticals Targeted: Construction, Real Estate, Financial
Verticals Targeted: Healthcare, Government, Education, Technology, Manufacturing, SMBs
Executive Summary
Ghost, also known as Cring, is a ransomware family that has been active since at least late 2020. A recent uptick in Ghost activity prompted US agencies to release a joint cybersecurity advisory on Ghost.
Related Families: INC
Verticals Targeted: Legal Services, Retail, Finance, Telecommunications, Agriculture, Manufacturing, Construction, Transportation, Healthcare, Energy
Executive Summary
Lynx ransomware is a ransomware-as-a-service (RaaS) that was first observed in July 2024. Since its debut, the ransomware has gained momentum and has continued its activity into early 2025.
Verticals Targeted: Government, Insurance, Real Estate, Healthcare, Manufacturing, Legal Services, Construction, Retail, Business Services, Energy, Education, Telecommunications, Software, Hospitality, Transportation, Financial
Executive Summary
Medusa ransomware is a RaaS that has been active since at least 2023. Medusa has claimed several victims so far in 2025, including UK’s Gateshead Council.
Verticals Targeted: Government, Business Services, Education, Insurance, Software, Media, Finance, Agriculture, Manufacturing, Construction, Healthcare, Retail
Verticals Targeted: Manufacturing, Finance, Transportation, Legal Services, Healthcare, Defense, Business Services
Executive Summary
Black Basta is a ransomware group that rose in the aftermath of the dissolution of Conti ransomware in 2022. In recent months, Black Basta has begun using tactics that are reminiscent of nation-state threat actor tactics and has shifted from opportunistic targeting to more refined, strategic targeting.
Related Families: RustyStealer