termite
Ransomware group profile
36Victims
RussiaSource country
85Impact score
Description
Termite is a ransomware group known for utilizing advanced encryption techniques to target organizations and demanding high ransoms for decryption keys. The group employs stealthy operations and exploits various vulnerabilities to gain access to crucial files, focusing particularly on disrupting supply chain operations.
Key insights
- •Termite uses double extortion tactics, combining file encryption with data exfiltration.
- •The group is known to leverage phishing emails and software vulnerabilities for initial access.
- •Termite's ransomware appends a '.termite' extension to encrypted files and drops a ransom note named 'How To Restore Your Files.txt'.
- •The operation has been linked to a threat actor tracked as Velvet Tempest (DEV-0504).
- •Termite targets high-value sectors, including supply chain and healthcare.
- •The group is recognized for sophisticated encryption algorithms like ChaCha20.
- •Indicators of compromise include sudden system performance degradation and unauthorized access alerts.
Threat Level & Status Breakdown
For termite · Based on incidents in selected period
3.3threat level
Aggressiveness5/ 10
Lethality0/ 10
Criticality5/ 10
Status Breakdown
Claimed100.0%36
First seenSep 2025
Last seenJun 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 18, 2026
Recent activity
Monthly attack count for termite in the selected period
36Total attacks
9peak in Feb
5.1avg / month
↑ 2 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for termite
- 82f194e6baeef6eefb42f0685c49c1e6143ec850
- 7d8c4c742689c097ac861fcbf7734709fd7dcab1f7ef2ceffb4b0b7dec109f55
- cf9b6dda84cbf2dbfc6edd7a740f50bddc128842565c590d8126e5d93c024ff2
- 9ab05651daf9e8bf3c84b14613cd98e8479018bbcf3543521e94458012eba96e
- 5d6b9e80e12bfc595d4d26f6afb099b3cb471dd4
- e48cf17caffc40815efb907e522475722f059990afc19ac516592231a783e878
- 20a04e7fc12259dfd4172f5232ed5ccf
- f3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
- 9349e1cc3de7c7f6893a21bd6c3c4a6b
- fba7180ad49d6a7f3c60c890e2784704
- ed1548744db512a5502474116828f75737aec8bb11133d5e4ad44be16aa3666b
- 8c69830a50fb85d8a794fa46643493b2
- 94f73b5dc06ba6705fcef3e759413a747049c2949a0c2e44afc03b2f9989cf73
- f7af51f1b2b98b482885b702508bd65d310108a506e6d8cef3986e69f972c67d
- c8f75487d0d496a3746e6c81a5ecc6dc
- a243ce234fc8294e2e2e526418b4eaadc2d6c84f
- f561f9e3c949fe87f12dbfa166ffb2eb85712419
- 21807d9fcaa91a0945e80d92778760e7856268883d36139a1ad29ab91f9d983d
- 37c320983ae4c1fd0897736a53e5b0481edb1d1d91b366f047aa024b0fc0a86e
- c3804d1329b55a37bfa2f835e1e9bbc7bdb2b260f8e3627c06e02c9f52685d44
- 4b5229b3250c8c08b98cb710d6c056144271de099a57ae09f5d2097fc41bd4f1
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for termite
CVE-2024-55956
CVE-2024-50623
Other
T1486
T1486
T1490
T1490
T1021
T1021
T1562
T1562
T1078
T1078
T1059
T1059
T1547
T1547
T1021.001
T1021.001
T1110
T1110
T1203
T1203
T1040
T1040
T1080
T1080
Victims(36)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| https://calfresh.ca.gov/ | — | US United States | Government & Defense | Claimed | 10 days ago | |
| https://www.wieseusa.com/ | — | US United States | Other | Claimed | 11 days ago | |
| https://www.rolandmachinery.com/ | — | US United States | Manufacturing | Claimed | 11 days ago | |
| Cal Fresh | calfresh.ca.gov | CA Canada | Other | Claimed | 10 days ago | |
| Roland Machinery | rolandmachinery.com | AU Australia | Manufacturing | Claimed | 11 days ago | |
| Wiese USA | wieseusa.com | US United States | Manufacturing | Claimed | 11 days ago | |
| https://www.imminet.com/ | — | US United States | Manufacturing | Claimed | 21 days ago | |
| Indiana Mills and Manufacturing | imminet.com | US United States | Manufacturing | Claimed | 20 days ago | |
| https://www.uei.edu/ | — | US United States | Education | Claimed | 22 days ago | |
| UEI College | uei.edu | US United States | Education | Claimed | 20 days ago | |
| https://www.ramarfoods.com/ | — | US United States | Manufacturing | Claimed | about 1 month ago | |
| RAMAR FOODS INTERNATIONAL | ramarfoods.com | US United States | Other | Claimed | about 1 month ago | |
| Millennium Dental Technologies | lanap.com | US United States | Healthcare | Claimed | 2 months ago | |
| https://www.lanap.com/ | — | US United States | Healthcare | Claimed | 2 months ago | |
| https://www.nollandtam.com/ | — | US United States | Professional Services | Claimed | 3 months ago | |
| Noll and Tam Architects | nollandtam.com | US United States | Other | Claimed | 3 months ago | |
| https://www.cityofhuntington.com/ | — | US United States | Government & Defense | Claimed | 3 months ago | |
| City of Huntington | cityofhuntington.com | US United States | Government & Defense | Claimed | 3 months ago | |
| https://www.bartramtrail.net/ | — | US United States | Other | Claimed | 4 months ago | |
| Bartram Trail Surveying | bartramtrail.net | US United States | Professional Services | Claimed | 4 months ago |
Page 1 of 2
Affected countries(19)
Countries where this group has been reported to target or leak victims.