R
Ransomwhere.org
Live MapLatest VictimsGroups
PaymentsTTPsIdentifyNewsDataAPI
LIVE
Ransomwhere.org

Real-time ransomware intelligence platform. Tracking threat actors, victims, and payments to raise awareness and help defend against ransomware attacks worldwide.

Platform

  • Live Map
  • Latest Victims
  • Groups
  • Payments
  • Identify
  • News

Resources

  • Data & Methodology
  • API Docs
  • NoMoreRansom
  • Ransomware.live
  • CISA Advisories

Data sourced from Ransomware.live API. For informational purposes only.

© 2026 Ransomwhere.org

Groups/nefilim

nefilim

Inactive

According to Vitali Kremez and Michael Gillespie, this ransomware shares much code with Nemty 2.5. A difference is removal of the RaaS component, which was switched to email communications for payments. Uses AES-128, which is then protected RSA2048.

15
Victims
1
Sites

Known Leak Sites

hxt254aygrsziejn.onionDLS

Victims (15)

Live
Atlanta Allergy & Asthma. Part 1.
nefilim
Grimmway Farms. Part 1.
nefilim
Elliott Group / Cascade Engineering / Unitex Textile Rental Services. Teaser.
nefilim
Seven Seas. Part 1.
nefilim
The MADSACK Media Group. Part 1.
nefilim
Tegut. Part 1.
nefilim
TPG Internet. Part 1.
nefilim
Saipa Press. Part 1.
nefilim
Tegut. Part 2.
nefilim
The MADSACK Media Group. Part 2.
nefilim
Whirlpool
nefilim
DKA (refrigeration and air conditioning specialist, Dussmann Group subsidiary)
nefilimDE
Orange (mobile operator)
nefilimFR
Fisher and Paykel Appliances
nefilimNZ
Toll Group
nefilimAU

Top Targeted Countries

Unknown11
Germany1
France1
New Zealand1
Australia1

Activity

Total victims15
Countries affected5
Last seen