PanelActoresCampanasMapaTTPs
Panel » Actores » rancoz
ArsenalExploitsTTP MatrixKillChainMapaActoresSSLBLRansomLookRansomwhereAlertasCyberNews
rancoz logo

rancoz

1 incidentes 0 paises 0 sectores ransomware EE Ultimo: 2026-06-25
Ver en IntelTracker → APTTrail →
Rancoz is a ransomware group that first emerged in November 2022, operating with a financial motivation through double extortion tactics. The group distinguishes itself by leveraging a combination of NTRUEncrypt, a post-quantum algorithm, and ChaCha20-Poly1305 for its encryption processes. Rancoz primarily targets virtualization platforms such as Proxmox to maximize operational disruption by encrypting multiple virtual machines simultaneously. Although sharing code similarities with Vice Society ransomware, no direct link has been established; however, Rancoz is assessed to be from the same developer as Buddy ransomware.
Tecnicas MITRE
T1059.001, T1071.001, T1486, T1027

RansomLook pivots

Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.

Abrir perfil →
Data
RecentBrowseTrendingStats
Intel
GroupURLsCryptoLeaksNotesAnalysesTorrents
Info
APIGlossaryAbout
Victimas
0
TTPs unicas
0
Info robada historica
N/D
Rescates reclamados
N/D
Pagos detectados
N/D

Paises objetivo (SOCRadar)

CanadaFranceIndiaLithuaniaUnited States

Sectores objetivo (SOCRadar)

Construction of BuildingsSoftware PublishersEnterprises & HoldingManufacturingConstructionElectrical Equipment, Appliance, and Component ManufacturingPublic AdministrationEducational ServicesEnergy & Utilities Insurance

URLs nuevas detectadas en IntelTracker

ransomware.anggipradana.com