VanirGroup is an Eastern European ransomware group composed of former affiliates from Karakurt, LockBit, and Knight ransomware that emerged in mid-2024, before German law enforcement (Karlsruhe Public Prosecutor's Office) seized its leak site.