1. 🎯 Emergence: RansomEXX came into the spotlight around 2020, primarily targeting notable organizations.
2. 📛 Alias: They are also referred to as Defray777, stemming from a unique identifier in their ransomware code.
3. 🔒 Encryption Techniques: RansomEXX employs strong encryption, making it difficult to restore files without their decryptor.
4. 🌎 Global Attacks: While selective, they have targeted entities across various continents.
5. 🔍 Specific Targets: They have a penchant for large corporations and public sector organizations.
6. 🖥️ Hands-on Approach: RansomEXX prefers manual operations inside a network over automated techniques.
7. 💽 Data Theft: Before encrypting systems, they often steal sensitive data.
8. 📢 Double Extortion: They not only encrypt but threaten to leak stolen data if ransoms aren’t paid.
9. 📜 Personalized Notes: Their ransom communications are typically customized based on the victim.
10. 💰 RaaS: They do operate independently but have been known to operate as a RaaS (Ransomware-as-a-Service) model.
11. 🎣 Phishing Mastery: Deceptive emails are often their initial entry method into networks.
12. 🔗 Exploit Chains: They often chain together multiple software vulnerabilities for deeper access.
13. 🖇️ Unpatched Software: RansomEXX capitalizes on outdated and vulnerable software, especially public-facing applications.
14. 🧰 Diverse Toolkit: Their arsenal includes a mix of custom and off-the-shelf tools.
15. 🔑 Mimikatz: A favored tool for credential dumping and privilege escalation.
16. ⚡ PowerShell Empire: A post-exploitation framework granting wide-ranging capabilities.
17. 💼 Cobalt Strike: Originally a legitimate pen-testing tool, it’s now a favorite among attackers.
18. 🌐 Lateral Tactics: Tools like PsExec help them traverse laterally across compromised networks.
19. 🔍 Network Recon: They actively map networks using tools like BloodHound.
20. ☁️ Data Movement: Rclone can be misused for moving data stealthily to cloud storage.
21. 🔍 Active Directory: They mine AD data using tools like AdFind for understanding permissions and relations.
22. 🚪 Misconfigurations: They exploit insecure settings or exposed services.
23. 📊 Target Research: Before an attack, they spend time researching potential victims for maximum impact.
24. 💰 High Ransoms: Their demands can be exorbitant, reflecting their target’s perceived ability to pay.
25. 📈 Tailored Operations: RansomEXX customizes their attack methods based on the target’s environment.
26. 🛡️ Avoiding Detection: They use “living off the land” tactics to blend into environments.
27. 🚷 No Known Decryptor: As of the last known update, no public decryption tool can counter RansomEXX.
28. 📞 Communication Channels: They often provide a communication channel for ransom negotiations.
29. 🔥 Destruction: In some cases, they may try to delete backups or disrupt recovery efforts.
30. 🌍 Varied Victims: Targets have included healthcare, government entities, and critical infrastructure.
31. 🔄 Network Propagation: Once inside, they work to gain higher privileges and access more systems.
32. 🔐 Credential Theft: Capturing credentials is a priority to facilitate movement and persistence.
33. 🛑 Stopping Security: They might attempt to disable security software or services.
34. 🗂️ File Types: They target a broad range of file extensions, ensuring vital data gets encrypted.
35. ⌛ Dwell Time: They can remain in networks for days to weeks before launching the ransomware.
36. 📝 Detailed Notes: Ransom notes often provide detailed payment instructions using cryptocurrencies.
37. ⚖️ Negotiations: Some victims have successfully negotiated lower ransoms.
38. 🚫 Decryption Issues: Even after payment, decryption isn’t always smooth, with occasional technical issues.
39. 🌐 Network Disruptions: Their operations can disrupt not just endpoints but entire networks.
40. 🚫 No Warranty: Paying the ransom doesn’t guarantee data safety or prevent future attacks.
41. 🕵️ Stealth: They often clean logs or use encrypted channels to avoid detection.
42. 📦 Payload Delivery: Various methods, from malicious attachments to drive-by downloads, are used.
43. 📡 Command & Control: They establish robust C2 communications to control compromised systems.
44. 🛡️ Backup Importance: The best defense against their attack is having secure and isolated backups.
45. 🚫 No Discrimination: Despite being selective, no industry is truly safe from their attention.
46. 🖲️ VPN Exploits: Vulnerable VPNs have been a notable point of entry.
47. 📅 Continuous Evolution: Their techniques and tools evolve to counteract defenses.
48. 💡 Awareness: Training staff to spot phishing and suspicious behavior can prevent initial access.
49. 🚀 Rapid Response: Quick detection and response can mitigate the damage they cause.
50. 🔒 Layered Defense: Employing a multi-layered security approach is crucial in defending against groups like RansomEXX.

Related Posts

• Featured
• Opinion

Digital Public Infrastructure is the most important thing you’ve (probably) never heard of

By Nicole Greene / May 3, 2026

The expertise and learnings from building India’s digital stack did not remain in India.

Read More

• BitDepth
• Featured

How TT journalists can turn modern media realities to advantage

By Mark Lyndersay / April 26, 2026

The faceless, anonymized journalist adhering to a house style holds little value for this next generation audience.

Read More

• Featured
• Technology Reporting

VerifyTT lays a foundation stone for digital identity

By Mark Lyndersay / April 26, 2026

Regardless of the geography, the size of the country, the size of the government, and the level of development, governments are designed to work in a fragmented way by default.

Read More

• Featured
• News Briefs

NPICTT launches free CitizenTT AI service

By Mark Lyndersay / April 23, 2026

Access is granted through a website that sets up the messaging for each user and the entire process takes around five minutes.

Read More

• Featured
• Opinion

Planning a comfortable and safe workspace

By OpEd / April 20, 2026

Practical choices in layout, climate control, lighting, materials, and maintenance create a comforting environment that lasts.

Read More

• BitDepth
• Featured

Reuters report on young news readers holds no surprises

By Mark Lyndersay / April 20, 2026

The critical 18-34 age group recorded a decline in enthusiasm for daily news from 79 percent in 2017 to 64 percent in 2025

Read More

• Press Releases

AMCHAMTT + UWI sign MOU for AI development

By Press Release / April 16, 2026

This partnership with AMCHAM T&T is a timely and important collaboration that represents a deliberate shift from being consumers of technology to becoming creators of responsible, indigenous AI solutions.

Read More

• Press Releases

Women in AI panel discussion on April 23

By Press Release / April 13, 2026

Women do the work that influences outcomes, improves systems, and drives innovation, yet often go unrecognised.

Read More

• BitDepth
• Featured

The state of ransomware in the Caribbean

By Mark Lyndersay / April 12, 2026

The report counted 21 confirmed dumps of information to the dark web, but Parasram estimates that twice that number were breached.

Read More

• Featured
• Opinion

How small businesses can use AI to boost service and growth

By OpEd / April 9, 2026

Reduce risk by keeping the pilot standalone first, then connecting data sources only when you know exactly what the AI must do.

Read More

Digital Public Infrastructure is the most... May 3, 2026

How TT journalists can turn modern... April 26, 2026

VerifyTT lays a foundation stone for... April 26, 2026

NPICTT launches free CitizenTT AI service April 23, 2026

Planning a comfortable and safe workspace April 20, 2026

Reuters report on young news readers... April 20, 2026

AMCHAMTT + UWI sign MOU for... April 16, 2026

Women in AI panel discussion on... April 13, 2026

The state of ransomware in the... April 12, 2026

How small businesses can use AI... April 9, 2026