genesis
Ransomware group profile
Description
Genesis is a ransomware group that surfaced in late 2025, known for its focus on data exfiltration and public leaks instead of purely data encryption. They employ a double extortion strategy, targeting organizations with sensitive or regulated data while evading indiscriminate mass attacks. This group's emergence suggests the involvement of highly skilled actors from other cybercriminal circles, motivated primarily by financial gain through extortion activities.
Key insights
- •Utilizes phishing and stolen credentials for initial access to networks.
- •Employed double extortion tactics, threatening to publish stolen data if ransoms are not paid.
- •Targets organizations with sensitive data, particularly in finance and health sectors.
- •Exploits unpatched remote access services and uses infostealer malware for credential harvesting.
- •Has a dedicated dark web leak site for publishing victim information.
- •Implements strong encryption and disables backups during attacks.
Threat Level & Status Breakdown
For genesis · Based on incidents in selected period
Status Breakdown
Recent activity
Monthly attack count for genesis in the selected period
Intelligence
IOCs, YARA/Sigma rules, and related families for genesis
- 6fd538e4a8e3493dda6f9fcdc96e814bdd14f3e2ef8aa46f0143bff34b882c1b
- 534b2707937c2ed87e53f8951b9167026e3d9d3cfa98f00ac38487d68d730fb5
- 23094d64721a279c0ce637584b87d6f1
- 0893797cae008270ff613b47769e6eb22564184c0121e3bec8ee1769e2da688a
- 4871816be6a1128d2cf2f516788a6b8bc39b0d60
- 1a5c12ad81440e25dca1eee86fd2f012dd18e2667d21ca64ae7134304e7022f0
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for genesis
T1486
T1486
T1490
T1490
T1078
T1078
T1021
T1021
T1562
T1562
T1040
T1040
T1080
T1080
T1059
T1059
T1609
T1609
T1027
T1027
Victims(88)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Cedar Street Capital (A part of a Cynvestors Limited Partnership) | cedarstreetcapital.com | US United States | Financial Services | Claimed | 4 days ago | |
| Wentworth | wentworthstudio.com | US United States | Other | Claimed | 4 days ago | |
| Cavalier Flooring Systems Inc. | cavalierflooring.com | US United States | Manufacturing | Claimed | 4 days ago | |
| A Roettgers | arc-rci.com | US United States | Professional Services | Claimed | 4 days ago | |
| Green Resource | green-resource.com | US United States | Energy & Utilities | Claimed | 4 days ago | |
| ******** & Co | — | US United States | Financial Services | Claimed | 5 days ago | |
| *M** | — | US United States | Healthcare | Claimed | 5 days ago | |
| Peña & Bromberg | — | US United States | Professional Services | Claimed | 6 days ago | |
| **** & ******** | — | US United States | Manufacturing | Claimed | 12 days ago | |
| Pequod Associates | pequodassociates.com | US United States | Other | Claimed | 23 days ago | |
| HostBooks (HOT!) | — | US United States | Professional Services | Claimed | 23 days ago | |
| Ben F. Barcus and associates pllc | — | US United States | Professional Services | Claimed | 23 days ago | |
| Palo | palo.us | US United States | Technology | Claimed | 23 days ago | |
| Casino Gaming Commission | — | JM Jamaica | Government & Defense | Claimed | 23 days ago | |
| Fargo Moorhead West Fargo Chamber | — | US United States | Professional Services | Claimed | 23 days ago | |
| Integrated Process Engineers & Constructors. | — | US United States | Professional Services | Claimed | 23 days ago | |
| Prescott & Holden | familylaw.com | US United States | Professional Services | Claimed | 25 days ago | |
| Van Atta Engineering | vae.cc | US United States | Manufacturing | Claimed | 25 days ago | |
| CarePoint Health | carepointhealth.ca | CA Canada | Healthcare | Claimed | 25 days ago | |
| The American Board of Preventive Medicine | theabpm.org | US United States | Healthcare | Claimed | 25 days ago |
Page 1 of 5
Affected countries(29)
Countries where this group has been reported to target or leak victims.