Ransomware Group

Werewolves

Status: active • First seen 2024-0630+ known victims

Werewolves breaks the unwritten rule that ransomware gangs do not attack Russia. They target Russian companies using stolen LockBit tools, which is very unusual.

Overview

Werewolves is notable for targeting organizations in Russia, which is unusual since most ransomware groups avoid Russian targets. They use LockBit variant code.

Target Industries

Technology, Manufacturing, Government, Financial

How They Attack

  • LockBit variant
  • Russian targeting
  • Double extortion
  • Unusual target selection

Notable Victims

Russian companies (2024), CIS region organizations

Is your business exposed?

How to Protect Against Werewolves

  1. 1.

    Understand geopolitical threat landscape

  2. 2.

    Monitor for LockBit variant indicators

  3. 3.

    Implement regional threat intelligence

MITRE ATT&CK Techniques

T1486, T1567, T1078, T1021

Related Groups

Lockbit

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices