Trinetra Threat Intel · Ransomware Groups
GROUP
DOSSIERS.
Deep-dive profiles on the most active ransomware crews — victim counts, sectors targeted, tactics, and the defense checklist we hand to every engagement. Updated continuously from open-source leak-site monitoring.
20
Active profiles
12K+
Named victims tracked
2026
Continuously updated
20 dossiers · sorted by victim count
LO
LockBit 3.0
2,017 named victims
Read dossier →
QI
Qilin (Agenda)
1,697 named victims
Read dossier →
AK
Akira
1,448 named victims
Read dossier →
CL
Cl0p
1,253 named victims
Read dossier →
PL
Play (PlayCrypt)
1,239 named victims
Read dossier →
LO
LockBit 2.0
1,006 named victims
Read dossier →
RA
RansomHub
844 named victims
Read dossier →
IN
Incransom
764 named victims
Read dossier →
AL
ALPHV / BlackCat
731 named victims
Read dossier →
BI
Bianlian
553 named victims
Read dossier →
BL
Black Basta
524 named victims
Read dossier →
ME
Medusa
518 named victims
Read dossier →
DR
Dragonforce
488 named victims
Read dossier →
8B
8Base
455 named victims
Read dossier →
SA
Safepay
454 named victims
Read dossier →
LY
Lynx
402 named victims
Read dossier →
CO
Conti (defunct)
351 named victims
Read dossier →
EV
Everest
350 named victims
Read dossier →
DI
Dispossessor
344 named victims
Read dossier →
TH
Thegentlemen
344 named victims
Read dossier →
Your organisation could already be on next month's list.
These groups are actively scanning Indian BFSI, manufacturing, and SaaS infrastructure. Trinetra runs ransomware readiness reviews, VAPT, and incident response with sector context.