threeam
Ransomware group profile
Description
Threeam is a ransomware group that emerged in February 2023, known for its quick deployment and sophisticated encryption methods. Primarily motivated by financial gain, they employ double extortion tactics to pressure high-value organizations into paying ransoms after encrypting their data and exfiltrating sensitive information.
Key insights
- •Utilizes custom-built ransomware variants written in Rust.
- •Employs social engineering tactics to gain initial access, including phishing and voice phishing.
- •Focuses on double extortion by encrypting files and threatening to release sensitive data publicly.
- •Targets high-value sectors such as healthcare and financial services.
- •Uses advanced evasion techniques like disabling security software and deleting Volume Shadow Copies.
- •Linked to other ransomware operations like LockBit and Conti, indicating a collaborative nature among threat groups.
Threat Level & Status Breakdown
For threeam · Based on incidents in selected period
Status Breakdown
Recent activity
Monthly attack count for threeam in the selected period
No intelligence data for this group.
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for threeam
T1486
T1486
T1490
T1490
T1021
T1021
T1562
T1562
T1080
T1080
T1078
T1078
T1547
T1547
T1041
T1041
T1021.001
T1021.001
T1059
T1059
Victims(20)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| jetmachprod.com | jetmachprod.com | US United States | Manufacturing | Claimed | 7 days ago | |
| jastrebarsko.hr | jastrebarsko.hr | HR Croatia | Government & Defense | Claimed | 7 days ago | |
| palmero.com | palmero.com | AR Argentina | Other | Claimed | 7 days ago | |
| insamani.com.ar | insamani.com.ar | AR Argentina | Other | Claimed | 7 days ago | |
| bsynchro.com | bsynchro.com | DE Germany | Technology | Claimed | 7 days ago | |
| molinoscabodi.com.ar | molinoscabodi.com.ar | AR Argentina | Other | Claimed | 7 days ago | |
| ws.com.br | ws.com.br | BR Brazil | Professional Services | Claimed | 7 days ago | |
| amc.org.au | amc.org.au | AU Australia | Education | Claimed | 7 days ago | |
| agroexportavocados.com | agroexportavocados.com | MX Mexico | Other | Claimed | 7 days ago | |
| hoplongtech.com | hoplongtech.com | VN Vietnam | Technology | Claimed | 7 days ago | |
| mgrlaw.com | mgrlaw.com | US United States | Professional Services | Claimed | 7 days ago | |
| wyomingcountyny.gov | wyomingcountyny.gov | US United States | Government & Defense | Claimed | about 2 months ago | |
| sequoiadental.com | sequoiadental.com | US United States | Healthcare | Claimed | about 2 months ago | |
| townofnorwell.net | townofnorwell.net | US United States | Government & Defense | Claimed | about 2 months ago | |
| curedentalbeltontx.com | curedentalbeltontx.com | US United States | Healthcare | Claimed | about 2 months ago | |
| austinplasticandreconstructivesurgery.com | austinplasticandreconstructivesurgery.com | US United States | Healthcare | Claimed | about 2 months ago | |
| hsjlawyers.com | hsjlawyers.com | CA Canada | Professional Services | Claimed | about 2 months ago | |
| bun.nl | bun.nl | NL Netherlands | Other | Claimed | about 2 months ago | |
| ic-controls.com | ic-controls.com | DE Germany | Manufacturing | Claimed | about 2 months ago | |
| aceforwarding.com | aceforwarding.com | US United States | Transportation | Claimed | about 2 months ago |
Affected countries(18)
Countries where this group has been reported to target or leak victims.