genesis
Ransomware group profile
Description
Genesis is a ransomware group that surfaced in late 2025, known for its focus on data exfiltration and public leaks instead of purely data encryption. They employ a double extortion strategy, targeting organizations with sensitive or regulated data while evading indiscriminate mass attacks. This group's emergence suggests the involvement of highly skilled actors from other cybercriminal circles, motivated primarily by financial gain through extortion activities.
Key insights
- •Utilizes phishing and stolen credentials for initial access to networks.
- •Employed double extortion tactics, threatening to publish stolen data if ransoms are not paid.
- •Targets organizations with sensitive data, particularly in finance and health sectors.
- •Exploits unpatched remote access services and uses infostealer malware for credential harvesting.
- •Has a dedicated dark web leak site for publishing victim information.
- •Implements strong encryption and disables backups during attacks.
Threat Level & Status Breakdown
For genesis · Based on incidents in selected period
No victim data for this group in the selected period.
Recent activity
Monthly attack count for genesis in the selected period
Intelligence
IOCs, YARA/Sigma rules, and related families for genesis
- 6fd538e4a8e3493dda6f9fcdc96e814bdd14f3e2ef8aa46f0143bff34b882c1b
- 76b6d36e04e367a2334c445b51e1ecce97e4c614e88dfb4f72b104ca0f31235d
- d96a028d42b362213f964df95225dc5c08e78bc9123b3e1d73ba4cf71d84f670
- b936378d6ecf7ec777b69d9d78fc8a9e0a5a0241ab52365ab254960a536599bb
- 4b4182e84fc16ea6051f4059e1f0adbc95082dc59512affa0c1603bc383bb22a
- 55b3e4dfd2283f2d8310390ebdd686764196e0ef5ac31907b95cfdd403af3f7f
- 23094d64721a279c0ce637584b87d6f1
- b8a96d032283cb6ab49e24d867f6e4ec36e243f475de20c7ee5faa30231bcdc6
- 0d872e3c6f84edd0d7d0b3701b84c35aed1431df1a4d841fa820e805e698e526
- 226cbb501fe9c38ab1b3f1ecbe71e6c79cebc0e183eb550a76a67103a9b1ec22
- 215501994098adec0751a8141d730ebe90dd0a5d02bfc0862296d1c43d310bb6
- cbdd242b05aed20ccffac7cf21b435274a5b0be56b524ea79bd95d9f0a3b2b35
- e0dd17a51a63e5699263994f350d2a688ba72e421e4c3dcfa4d2a07044863f00
- 0926210d6e8f14bb2dd893666f9c4e52d6d222f2702d699301b27ca706d0f7f8
- 9b6cafe54aaab8c24aa7ffb8d6047270492293a044e6f6f30388452e60e205e3
- 0893797cae008270ff613b47769e6eb22564184c0121e3bec8ee1769e2da688a
- a547b1f0a6469960850476b75092be9a22a2f9d03ab302667d281c9453fed78c
- 4871816be6a1128d2cf2f516788a6b8bc39b0d60
- 26f7ef66b12ed2560580f5cb49f0460b121f23ec6042dcf3614e22ab0f5d256c
- c0cd67a32a3f2ef01af403bcf9be434cc945f0a82b367b08fc6e12494b2ae347
- 5e22d206c4bd8ab71b5a30712516f01a2b0bfab96c10592528ec223aed35eda6
- 1a5c12ad81440e25dca1eee86fd2f012dd18e2667d21ca64ae7134304e7022f0
- dc394099b6745567728c5abc29693c76db89a96b87dac5130c1503bff2ac9b78
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for genesis
T1486
T1486
T1490
T1490
T1078
T1078
T1021
T1021
T1562
T1562
T1040
T1040
T1080
T1080
T1059
T1059
T1609
T1609
T1027
T1027
Affected countries(32)
Countries where this group has been reported to target or leak victims.