exorcist
1 incidentes
1 paises
0 sectores
ransomware RU Ultimo: 2026-06-25
Exorcist emerged around June 2020 as a Ransomware-as-a-Service (RaaS) operation, surfacing on underground Russian forums. This financially motivated group is distinguished by its tactic of avoiding encryption on systems located in Commonwealth of Independent States (CIS) countries, a geographic carve-out determined by checking system language and keyboard layout. Exorcist evolved to include a "2.0" variant distributed via fake software cracking websites. The group employs aggressive extortion tactics, including significantly increasing ransom demands if not paid within a strict 48-hour timeframe and engaging in double extortion by threatening to leak stolen data.
RansomLook pivots
Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.
Paises afectados
Paises objetivo (SOCRadar)
Russian Federation
United StatesSectores objetivo (SOCRadar)
Energy & Utilities ManufacturingRetailFinanceProfessional&Technical ServicesEnterprises & HoldingEducational ServicesHealthCare & Social AssistanceOtherPublic Administration