ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
Threat Group Profile

ransomhouse

โ— Active โ€” last 30 days
Victim claims 10
First seen Apr 2026
Last activity 14 Jun 2026
Tracked since โ€”

Group overview

RansomHouse is a double-extortion RaaS operation active since late 2021, attributed to the threat actor "Jolly Scorpius," targeting over 120 organizations across healthcare, finance, transportation, and government, recently upgrading to a multi-layered dual-key encryption architecture.

Preferred targets

Manufacturing ยท 2 Technology ยท 2 Construction ยท 1 Public Sector ยท 1 Agriculture and Food Production ยท 1 Transportation/Logistics ยท 1

Most targeted countries

US ยท 4 IT ยท 1 AR ยท 1 HK ยท 1 IN ยท 1 ID ยท 1

Victim Claims Timeline

Back to radar
Bonacio
๐Ÿ‡ฎ๐Ÿ‡น IT Construction www.bonacio.com
Prince George County
๐Ÿ‡บ๐Ÿ‡ธ US Public Sector www.princegeorgecountyva.gov
Promepla
๐Ÿ‡ฆ๐Ÿ‡ท AR Manufacturing www.promepla.com
Aegle Aviation
๐Ÿ‡ฎ๐Ÿ‡ณ IN Transportation/Logistics www.aegleaviation.com
Ma Pak Leung Company Limited
๐Ÿ‡ญ๐Ÿ‡ฐ HK Agriculture and Food Production www.mapakleung.com
Trellix (McAfee & FireEye)
๐Ÿ‡บ๐Ÿ‡ธ US Technology www.trellix.com
Karl Chevrolet
๐Ÿ‡บ๐Ÿ‡ธ US Consumer Services www.karlchevrolet.com
Cybersecurity Vendor
Unknown Technology *********.***
Star Energy Geothermal Salak
๐Ÿ‡ฎ๐Ÿ‡ฉ ID Energy www.starenergy.co.id
Winnitex (Americas) Limited
๐Ÿ‡บ๐Ÿ‡ธ US Manufacturing www.winnitex.com