RansomExx is a ransomware family that targeted multiple companies starting in mid-2020. It shares commonalities with Defray777.
Genera un perfil del actor con IA (defensivo) cuando lo pidas.
Este grupo no tiene TTPs curadas. Puedes generar un mapeo MITRE ESTIMADO por IA (no confirmado) a partir de su descripción/notas, solo cuando lo pidas.
Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.
/*
RansomEXX / Defray777 ransomware
*/
rule RansomEXX_Ransomnote
{
meta:
author = "ransomware.live"
family = "ransomware.ransomexx"
description = "Detects RansomEXX ransom note"
date = "2026-05-04"
severity = 7
score = 70
strings:
$s1 = "RansomEXX" ascii nocase
$s2 = "RANSOM_NOTE.txt" ascii nocase
$s3 = ".ransom" ascii nocase
$s4 = "Defray777" ascii nocase
condition:
any of them
}
rule RansomEXX_PE
{
meta:
author = "ransomware.live"
family = "ransomware.ransomexx"
description = "Detects RansomEXX ransomware executable"
date = "2026-05-04"
severity = 9
score = 90
strings:
$s1 = "RansomEXX" ascii wide
$s2 = "Defray777" ascii nocase
$s3 = "/proc/sys/vm/drop_caches" ascii
condition:
(uint16(0) == 0x5A4D or uint32(0) == 0x464C457F) and 2 of them
}
Attention: Your data has undergone encryption. It is imperative that you abstain from any attempts to modify or rename the encrypted files, as such actions could result in substantial data loss and decryption complications. We have downloaded 134GB of your confidential data and we are ready yo publish it. Access your personalized link to communicate with us about resolving this issue (make sure to use the Tor browser): [redactado]
Laboratorios Vargas stands out in the pharmaceutical sector, not just for its longevity but also through continuous innovation and dedication toward creating high-quality medications tailored to meet diverse healthcare needs. Leak size: 37.6GB.
Retemex is a virtual mobile operator in Mexico, operating on the country’s 4.5G LTE network. 24883 clients data even with PLAINTEXT PASSWORDS!
| Organización | País | Sector | Grupo | Descubierta |
|---|---|---|---|---|
| Grupo Vargas | VE | Healthcare | — | 4 mar 2025 |
| Retemex | MX | Telecommunication | — | 14 sept 2024 |
| Ministry of Defense of Peru | PE | Public Sector | — | 22 abr 2024 |
| Fundo Nacional de Desenvolvimento da Educação | BR | Education | — | 3 sept 2022 |
| Corporación Nacional de Telecomunicación (CNT) | EC | Telecommunication | — | 12 jul 2021 |
| Brazil’s Superior Tribunal de Justiça (Court System) | BR | Public Sector | — | 3 nov 2020 |
Las direcciones de los sitios de filtración (.onion) se conocen pero no se publican ni se enlazan. Solo se muestran metadatos públicos. ética
The Peruvian Ministry of Defense (Ministerio de Defensa del Perú) is the government agency responsible for overseeing the defense and security affairs of Peru. Leaked data size: 763.8GB.
The National Fund for Educational Development (FNDE) is a federal agency under the Ministry of Education, responsible for implementing programs nationwide, including the National School Nutrition Program – PNAE, which serves 47 million students throughout the country, offering adequate and safe food in schools. Since its establishment, the FNDE has undergone several changes, which became more intense when the Brazilian government laid the groundwork for the formation of a substantive conception of education that pervades all levels of education and procedures. Thus, the agency was strengthened, especially with regard to the ongoing management of activities, projects and educational programs as a strategy to support the promotion of educational quality. Nowadays, besides the National School Nutrition Program - PNAE, the FNDE is responsible for implementing the Programs of School Transportation, National Textbook, School Direct Money, Brazil Literate, Pro-Youth, Joint Action Plan, Pro-Child, Decentralization and the Open University Credits.