R
Ransomwhere.org
Live MapLatest VictimsGroupsPaymentsTTPs
IdentifyNewsDataAPI
LIVE
Ransomwhere.org

Real-time ransomware intelligence platform. Tracking threat actors, victims, and payments to raise awareness and help defend against ransomware attacks worldwide.

Platform

  • Live Map
  • Latest Victims
  • Groups
  • Payments
  • Identify
  • News

Resources

  • Data & Methodology
  • API Docs
  • NoMoreRansom
  • Ransomware.live
  • CISA Advisories

Data sourced from Ransomware.live API. For informational purposes only.

© 2026 Ransomwhere.org

//> mitre att&ck

Ransomware TTPs

Techniques, Tactics, and Procedures used by ransomware families, mapped to the MITRE ATT&CK framework. Data from attack.mitre.org.

15
Ransomware Families
20
Unique Techniques
9
Tactic Categories
8
Threat Groups

Most Common Techniques

Techniques by Tactic

Initial Access

3 techniques

Execution

3 techniques

Persistence

1 techniques

Credential Access

1 techniques

Defense Evasion

4 techniques

Lateral Movement

3 techniques

Impact

3 techniques

Ransomware Families

S0570BitPaymeraka FriedEx
3 TTPs1 group
S0611Clopaka Cl0p
4 TTPs1 group
S0575Conti
5 TTPs1 group
S0616DarkSide
4 TTPs1 group
S0554REvilaka Sodinokibi
5 TTPs1 group
S0481Mazeaka ChaCha Ransomware
4 TTPs
S0366WannaCryaka WanaCrypt0r, WCry
4 TTPs1 group
S0446Ryuk
4 TTPs1 group
S0370NotPetyaaka Petya, ExPetr, Nyetya
4 TTPs1 group
S0638LockBitaka LockBit 2.0, LockBit 3.0
6 TTPs
S0640BlackCataka ALPHV, Noberus
5 TTPs
S0650Hive
4 TTPs
S0660Black Basta
5 TTPs
S0670Royal
4 TTPs
S0680Akira
4 TTPs
Data mapped from MITRE ATT&CK. Updated periodically via automated scraping.