Threat Group Profile
direwolf
● Active — last 30 days
Victim claims
4
First seen
Jun 2026
Last activity
12 Jun 2026
Tracked since
May 2025
Group overview
Dire Wolf is a sophisticated human-operated ransomware group first documented in May 2025, written in Golang using Curve25519/ChaCha20 encryption, targeting manufacturing and technology sectors across 13+ countries with ransoms up to $500,000, operated by a tight core team rather than a broad affiliate program.
Preferred targets
Agriculture and Food Production · 1
Healthcare · 1
Consumer Services · 1
Most targeted countries
ES · 1
TH · 1
BR · 1
CY · 1