Ransomware Intelligence

threeam Ransomware Group

Ransomware group profile

22Victims
RussiaSource country
69Impact score
Also Known As
Time 3AM

Description

Threeam is a ransomware group that emerged in February 2023, known for its quick deployment and sophisticated encryption methods. Primarily motivated by financial gain, they employ double extortion tactics to pressure high-value organizations into paying ransoms after encrypting their data and exfiltrating sensitive information.

Key insights

  • Utilizes custom-built ransomware variants written in Rust.
  • Employs social engineering tactics to gain initial access, including phishing and voice phishing.
  • Focuses on double extortion by encrypting files and threatening to release sensitive data publicly.
  • Targets high-value sectors such as healthcare and financial services.
  • Uses advanced evasion techniques like disabling security software and deleting Volume Shadow Copies.
  • Linked to other ransomware operations like LockBit and Conti, indicating a collaborative nature among threat groups.

Threat Level & Status Breakdown

For threeam · Based on incidents in selected period

2.7threat level
Aggressiveness5/ 10
Lethality0/ 10
Criticality3/ 10

Status Breakdown

Claimed100.0%22
First seenNov 2025
Last seenJun 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJul 15, 2026

Recent activity

Monthly attack count for threeam in the selected period

22Total attacks
13peak in Jun
7.3avg / month
↑ 12 vs first month
NovMayJun0481216

No intelligence data for this group.

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for threeam

Other

T1486

T1486

T1490

T1490

T1021

T1021

T1562

T1562

T1080

T1080

T1078

T1078

T1547

T1547

T1041

T1041

T1021.001

T1021.001

T1059

T1059

Victims(22)

CompanyDomainCountryIndustryStatusDiscovered
guardianbarrierservices.comguardianbarrierservices.comGB United KingdomProfessional Services
Claimed
17 days ago
acemacon.orgacemacon.orgMX MexicoGovernment & Defense
Claimed
18 days ago
jetmachprod.comjetmachprod.comUS United StatesManufacturing
Claimed
about 1 month ago
jastrebarsko.hrjastrebarsko.hrHR CroatiaGovernment & Defense
Claimed
about 1 month ago
palmero.compalmero.comAR ArgentinaOther
Claimed
about 1 month ago
insamani.com.arinsamani.com.arAR ArgentinaOther
Claimed
about 1 month ago
bsynchro.combsynchro.comDE GermanyTechnology
Claimed
about 1 month ago
molinoscabodi.com.armolinoscabodi.com.arAR ArgentinaOther
Claimed
about 1 month ago
ws.com.brws.com.brBR BrazilProfessional Services
Claimed
about 1 month ago
amc.org.auamc.org.auAU AustraliaEducation
Claimed
about 1 month ago
agroexportavocados.comagroexportavocados.comMX MexicoOther
Claimed
about 1 month ago
hoplongtech.comhoplongtech.comVN VietnamTechnology
Claimed
about 1 month ago
mgrlaw.commgrlaw.comUS United StatesProfessional Services
Claimed
about 1 month ago
wyomingcountyny.govwyomingcountyny.govUS United StatesGovernment & Defense
Claimed
3 months ago
sequoiadental.comsequoiadental.comUS United StatesHealthcare
Claimed
3 months ago
townofnorwell.nettownofnorwell.netUS United StatesGovernment & Defense
Claimed
3 months ago
curedentalbeltontx.comcuredentalbeltontx.comUS United StatesHealthcare
Claimed
3 months ago
austinplasticandreconstructivesurgery.comaustinplasticandreconstructivesurgery.comUS United StatesHealthcare
Claimed
3 months ago
hsjlawyers.comhsjlawyers.comCA CanadaProfessional Services
Claimed
3 months ago
bun.nlbun.nlNL NetherlandsOther
Claimed
3 months ago

Page 1 of 2