Ruin Active
Ransomware group first observed in 2025. Uses SharpDPAPI for deployment.1
Total Victims
2025-01-01
First Seen
2026-03-06
Last Seen
0
Known TTPs
41.8d
Avg Delay
0
Negotiations
ONION URLS
o5hlbjiqt6kru25es5c5il7pqunot5bsk7mfxvzpptzbhpvmifgi5q5h.onion
TOOLS
SharpDPAPI
Mythic
FILE EXTENSIONS
.crypt
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| 2026-03-06 | Pacific Group | Sweden | Utilities | Removed |
No TTPs data
No YARA rules
No IoCs
No ransom notes