This page will serve as a curated list of helpful CTI (Cyber Threat Intelligence) resources in relation to Ransomware and Advanced Persistent Threats (APTs).
Ransomware
| CTI Source | Description |
|---|---|
| #StopRansomware | CISA | Joint project between CISA, FBI, NSA, MS-ISAC and JRTF which consists of a one-stop resource with best practices and ways to prevent, protect and/or respond to a ransomware attack. |
| Coveware | Learn more about ransomware trends through Coveware's quarterly ransomware reports. |
| CrowdStrike | CrowdStrike's global threat landscape. All RaaS (Ransomware as a Service) threat actor groups are listed inside of the eCrime section. |
| DFIR Ransomware Project | The DFIR Ransomware Project helps digital forensic examiners, SOC analysts, and incident responders understand various types of ransomware. |
| Halcyon Power Rankings | Halcyon's power rankings on the latest RaaS (Ransomware as a Service) groups. |
| Halcyon Ransomware Research Center | Halcyon 's Ransomware Research Center. |
| Microsoft | Microsoft's new method of naming RaaS (Ransomware as a Service) threat actor groups. The relevant groups will be noted in the table as financially motivated. (Microsoft Threat Actor Naming Mapping). |
| Palo Alto Networks Unit 42 | Palo Alto Networks Unit 42's threat research center on Ransomware. |
| Ransomware.Live | Free resource for comprehensive information and updates on the ever-evolving landscape of ransomware along with providing the latest insights, analysis, and news related to ransomware attacks, trends, and defense strategies. |
| Ransomware Tool Matrix | A resource containing all the tools each ransomware gangs uses. |
| Ransomwatch | Ransomwatch trails the extortion sites used by ransomware groups and surfaces an aggregated feed of claims (Github Page). |
| The DFIR Report | Ransomware articles produced by The DFIR Report - Real Intrusions by Real Attackers, The Truth Behind the Intrusion. |
| Trend Micro | Trend Micro's Ransomware Spotlight provides threat intelligence on the most notorious ransomware families used in threat actor campaigns. |
| WorldWatch Ransomware Ecosystem | Global CERT Orange CyberDefense - World Watch team's ransomware ecosystem map. |
Advanced Persistent Threats (APTs)
| CTI Source | Description |
|---|---|
| CISA | CISA's naming of nation-state cyber actors. |
| CrowdStrike | CrowdStrike's global threat landscape. All nation-state groups are listed outside of the eCrime section. |
| Mandiant | Mandiant's naming of advanced persistent threat (APT) groups. |
| Microsoft | Microsoft's new method of naming nation-state threat actor groups. The relevant groups will be noted in the table as Nation-state. (Microsoft Threat Actor Naming Mapping). |
| Palo Alto Networks Unit 42 | Palo Alto Networks Unit 42's threat research center on nation-state threat actor groups. |
| Russian APT Tool Matrix | A tool matrix for Russian APTs based on the Ransomware Tool Matrix. |