termite
Ransomware group profile
30Victims
RussiaSource country
77Impact score
Description
Termite is a ransomware group known for utilizing advanced encryption techniques to target organizations and demanding high ransoms for decryption keys. The group employs stealthy operations and exploits various vulnerabilities to gain access to crucial files, focusing particularly on disrupting supply chain operations.
Key insights
- •Termite uses double extortion tactics, combining file encryption with data exfiltration.
- •The group is known to leverage phishing emails and software vulnerabilities for initial access.
- •Termite's ransomware appends a '.termite' extension to encrypted files and drops a ransom note named 'How To Restore Your Files.txt'.
- •The operation has been linked to a threat actor tracked as Velvet Tempest (DEV-0504).
- •Termite targets high-value sectors, including supply chain and healthcare.
- •The group is recognized for sophisticated encryption algorithms like ChaCha20.
- •Indicators of compromise include sudden system performance degradation and unauthorized access alerts.
Threat Level & Status Breakdown
For termite · Based on incidents in selected period
4.7threat level
Aggressiveness9/ 10
Lethality0/ 10
Criticality5/ 10
Status Breakdown
Claimed100.0%30
First seenSep 2025
Last seenMay 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 2, 2026
Recent activity
Monthly attack count for termite in the selected period
30Total attacks
9peak in Feb
5avg / month
↑ 2 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for termite
- 82f194e6baeef6eefb42f0685c49c1e6143ec850
- 7d8c4c742689c097ac861fcbf7734709fd7dcab1f7ef2ceffb4b0b7dec109f55
- cf9b6dda84cbf2dbfc6edd7a740f50bddc128842565c590d8126e5d93c024ff2
- 9ab05651daf9e8bf3c84b14613cd98e8479018bbcf3543521e94458012eba96e
- 5d6b9e80e12bfc595d4d26f6afb099b3cb471dd4
- e48cf17caffc40815efb907e522475722f059990afc19ac516592231a783e878
- 20a04e7fc12259dfd4172f5232ed5ccf
- d520d06d78afcad2e03842cb8db4622d18b92739e89dfb8dadf5743f30dcd903
- f3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
- e75e5778e71e062ce4a7af673f0b2513854d2367fee0f01a26c0c998863bdf6e
- fba7180ad49d6a7f3c60c890e2784704
- eae09889399fe4fb8e78b114dba0527de913d12fb1802944a88ed136e3e90577
- ed1548744db512a5502474116828f75737aec8bb11133d5e4ad44be16aa3666b
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for termite
CVE-2024-55956
CVE-2024-50623
Other
T1486
T1486
T1490
T1490
T1021
T1021
T1562
T1562
T1078
T1078
T1059
T1059
T1547
T1547
T1021.001
T1021.001
T1110
T1110
T1203
T1203
T1040
T1040
T1080
T1080
Victims(30)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| https://www.imminet.com/ | — | US United States | Manufacturing | Claimed | 5 days ago | |
| Indiana Mills and Manufacturing | imminet.com | US United States | Manufacturing | Claimed | 4 days ago | |
| https://www.uei.edu/ | — | US United States | Education | Claimed | 6 days ago | |
| UEI College | uei.edu | US United States | Education | Claimed | 4 days ago | |
| https://www.ramarfoods.com/ | — | US United States | Manufacturing | Claimed | 18 days ago | |
| RAMAR FOODS INTERNATIONAL | ramarfoods.com | US United States | Other | Claimed | 18 days ago | |
| Millennium Dental Technologies | lanap.com | US United States | Healthcare | Claimed | about 2 months ago | |
| https://www.lanap.com/ | — | US United States | Healthcare | Claimed | about 2 months ago | |
| https://www.nollandtam.com/ | — | US United States | Professional Services | Claimed | 3 months ago | |
| Noll and Tam Architects | nollandtam.com | US United States | Other | Claimed | 3 months ago | |
| https://www.cityofhuntington.com/ | — | US United States | Government & Defense | Claimed | 3 months ago | |
| City of Huntington | cityofhuntington.com | US United States | Government & Defense | Claimed | 3 months ago | |
| https://www.bartramtrail.net/ | — | US United States | Other | Claimed | 3 months ago | |
| Bartram Trail Surveying | bartramtrail.net | US United States | Professional Services | Claimed | 3 months ago | |
| https://www.joneshaberlaw.com/ | — | US United States | Professional Services | Claimed | 3 months ago | |
| https://www.siskiyoutelephone.com/ | — | US United States | Technology | Claimed | 3 months ago | |
| https://www.artsbma.org/ | — | US United States | Hospitality | Claimed | 3 months ago | |
| Birmingham Museum of Art | artsbma.org | US United States | Education | Claimed | 3 months ago | |
| https://insightchicago.com/ | — | US United States | Healthcare | Claimed | 3 months ago | |
| The Siskiyou Telephone | siskiyoutelephone.com | US United States | Technology | Claimed | 3 months ago |
Page 1 of 2
Affected countries(18)
Countries where this group has been reported to target or leak victims.