genesis

Ransomware group profile

93Victims

RussiaSource country

80Impact score

Description

Genesis is a ransomware group that surfaced in late 2025, known for its focus on data exfiltration and public leaks instead of purely data encryption. They employ a double extortion strategy, targeting organizations with sensitive or regulated data while evading indiscriminate mass attacks. This group's emergence suggests the involvement of highly skilled actors from other cybercriminal circles, motivated primarily by financial gain through extortion activities.

Key insights

•Utilizes phishing and stolen credentials for initial access to networks.
•Employed double extortion tactics, threatening to publish stolen data if ransoms are not paid.
•Targets organizations with sensitive data, particularly in finance and health sectors.
•Exploits unpatched remote access services and uses infostealer malware for credential harvesting.
•Has a dedicated dark web leak site for publishing victim information.
•Implements strong encryption and disables backups during attacks.

Industries

Education Energy & Utilities Financial Services Government & Defense Healthcare Hospitality Manufacturing Other Professional Services Retail & E-Commerce Technology Transportation

Threat Level & Status Breakdown

For genesis · Based on incidents in selected period

No victim data for this group in the selected period.

First seenAug 2025

Last seenJun 2026

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 28, 2026

Recent activity

Monthly attack count for genesis in the selected period

93Total attacks

21peak in May

8.5avg / month

↑ 3 vs first month

Intelligence

IOCs, YARA/Sigma rules, and related families for genesis

6fd538e4a8e3493dda6f9fcdc96e814bdd14f3e2ef8aa46f0143bff34b882c1b
76b6d36e04e367a2334c445b51e1ecce97e4c614e88dfb4f72b104ca0f31235d
d96a028d42b362213f964df95225dc5c08e78bc9123b3e1d73ba4cf71d84f670
b936378d6ecf7ec777b69d9d78fc8a9e0a5a0241ab52365ab254960a536599bb
4b4182e84fc16ea6051f4059e1f0adbc95082dc59512affa0c1603bc383bb22a
55b3e4dfd2283f2d8310390ebdd686764196e0ef5ac31907b95cfdd403af3f7f
23094d64721a279c0ce637584b87d6f1
b8a96d032283cb6ab49e24d867f6e4ec36e243f475de20c7ee5faa30231bcdc6
0d872e3c6f84edd0d7d0b3701b84c35aed1431df1a4d841fa820e805e698e526
226cbb501fe9c38ab1b3f1ecbe71e6c79cebc0e183eb550a76a67103a9b1ec22
215501994098adec0751a8141d730ebe90dd0a5d02bfc0862296d1c43d310bb6
cbdd242b05aed20ccffac7cf21b435274a5b0be56b524ea79bd95d9f0a3b2b35
e0dd17a51a63e5699263994f350d2a688ba72e421e4c3dcfa4d2a07044863f00
0926210d6e8f14bb2dd893666f9c4e52d6d222f2702d699301b27ca706d0f7f8
9b6cafe54aaab8c24aa7ffb8d6047270492293a044e6f6f30388452e60e205e3
0893797cae008270ff613b47769e6eb22564184c0121e3bec8ee1769e2da688a
a547b1f0a6469960850476b75092be9a22a2f9d03ab302667d281c9453fed78c
4871816be6a1128d2cf2f516788a6b8bc39b0d60
26f7ef66b12ed2560580f5cb49f0460b121f23ec6042dcf3614e22ab0f5d256c
c0cd67a32a3f2ef01af403bcf9be434cc945f0a82b367b08fc6e12494b2ae347
5e22d206c4bd8ab71b5a30712516f01a2b0bfab96c10592528ec223aed35eda6
1a5c12ad81440e25dca1eee86fd2f012dd18e2667d21ca64ae7134304e7022f0
dc394099b6745567728c5abc29693c76db89a96b87dac5130c1503bff2ac9b78

View full IOC feed39 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for genesis

Other

T1486

T1490

T1078

T1021

T1562

T1040

T1080

T1059

T1609

T1027