genesis
Ransomware group profile
Description
Genesis is a ransomware group that surfaced in late 2025, known for its focus on data exfiltration and public leaks instead of purely data encryption. They employ a double extortion strategy, targeting organizations with sensitive or regulated data while evading indiscriminate mass attacks. This group's emergence suggests the involvement of highly skilled actors from other cybercriminal circles, motivated primarily by financial gain through extortion activities.
Key insights
- •Utilizes phishing and stolen credentials for initial access to networks.
- •Employed double extortion tactics, threatening to publish stolen data if ransoms are not paid.
- •Targets organizations with sensitive data, particularly in finance and health sectors.
- •Exploits unpatched remote access services and uses infostealer malware for credential harvesting.
- •Has a dedicated dark web leak site for publishing victim information.
- •Implements strong encryption and disables backups during attacks.
Threat Level & Status Breakdown
For genesis · Based on incidents in selected period
Status Breakdown
Recent activity
Monthly attack count for genesis in the selected period
Intelligence
IOCs, YARA/Sigma rules, and related families for genesis
- 6fd538e4a8e3493dda6f9fcdc96e814bdd14f3e2ef8aa46f0143bff34b882c1b
- 23094d64721a279c0ce637584b87d6f1
- 0893797cae008270ff613b47769e6eb22564184c0121e3bec8ee1769e2da688a
- 4871816be6a1128d2cf2f516788a6b8bc39b0d60
- 1a5c12ad81440e25dca1eee86fd2f012dd18e2667d21ca64ae7134304e7022f0
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for genesis
T1486
T1486
T1490
T1490
T1078
T1078
T1021
T1021
T1562
T1562
T1040
T1040
T1080
T1080
T1059
T1059
T1609
T1609
T1027
T1027
Victims(93)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| United Personnel (a division of Masis Staffing Solutions) | msastaffing.org | US United States | Professional Services | Claimed | 2 days ago | |
| The Associated Builders and Contractors of Indiana/Kentucky | abcindianakentucky.org | US United States | Other | Claimed | 2 days ago | |
| *B* | cavalierflooring.com | CN China | Transportation | Claimed | 13 days ago | |
| PB White & Co | — | US United States | Professional Services | Claimed | 16 days ago | |
| Family Medical Associates of Raleigh | — | US United States | Healthcare | Claimed | 16 days ago | |
| Wentworth | wentworthstudio.com | US United States | Other | Claimed | 20 days ago | |
| Cavalier Flooring Systems Inc. | cavalierflooring.com | US United States | Manufacturing | Claimed | 20 days ago | |
| A Roettgers | arc-rci.com | US United States | Professional Services | Claimed | 20 days ago | |
| Green Resource | green-resource.com | US United States | Energy & Utilities | Claimed | 20 days ago | |
| Cedar Street Capital (A part of a Cynvestors Limited Partnership) | cedarstreetcapital.com | US United States | Financial Services | Claimed | 20 days ago | |
| ******** & Co | — | US United States | Financial Services | Claimed | 21 days ago | |
| *M** | — | US United States | Healthcare | Claimed | 21 days ago | |
| Peña & Bromberg | — | US United States | Professional Services | Claimed | 22 days ago | |
| **** & ******** | — | US United States | Manufacturing | Claimed | 28 days ago | |
| Pequod Associates | pequodassociates.com | US United States | Other | Claimed | about 1 month ago | |
| HostBooks (HOT!) | hostbooks.com | US United States | Professional Services | Claimed | about 1 month ago | |
| Palo | palo.us | US United States | Technology | Claimed | about 1 month ago | |
| Ben F. Barcus and associates pllc | — | US United States | Professional Services | Claimed | about 1 month ago | |
| Integrated Process Engineers & Constructors. | ipec-inc.com | US United States | Professional Services | Claimed | about 1 month ago | |
| Rain Makers Solutions | rainmakerssolutions.com | US United States | Professional Services | Claimed | about 1 month ago |
Page 1 of 5
Affected countries(32)
Countries where this group has been reported to target or leak victims.