Sicarii launches as ransomware-as-a-service on underground forums
Threat Actor Meta
Summary
Hide ▲
Show ▼
Sicarii has emerged as a ransomware-as-a-service offering advertised on underground cybercrime forums, signaling a criminal service launch that can broaden access to the operation. The shift matters because it turns the ransomware into an affiliate-ready ecosystem rather than a one-off strain. Halcyon said it observed the offering last month and documented the operator-driven marketplace activity.
Related Happenings
Qilin consolidates into dominant RaaS position as ransomware market reconcentrates
Threat Actor Meta
H score39
First: 03.07.2026 16:00
Last: 03.07.2026 16:00
Sources 1
About this happening:
**Qilin** is consolidating into a dominant **RaaS** position as the ransomware ecosystem shifts back from fragmentation to concentration, increasing affiliate scale and victim vol...
Qilin consolidates into dominant RaaS position as ransomware market reconcentrates
Threat Actor MetaAbout this happening: **Qilin** is consolidating into a dominant **RaaS** position as the ransomware ecosystem shifts back from fragmentation to concentration, increasing affiliate scale and victim vol...
The Gentlemen affiliate-driven RaaS expansion and enterprise scale-up
Threat Actor Meta
H score57
First: 21.04.2026 17:00
Last: 21.04.2026 17:00
Sources 1
About this happening:
**The Gentlemen** ransomware-as-a-service operation is using an operator-maintained **EDR-killer** portfolio, led by **GentleKiller**, to disable security software before encrypti...
The Gentlemen affiliate-driven RaaS expansion and enterprise scale-up
Threat Actor MetaAbout this happening: **The Gentlemen** ransomware-as-a-service operation is using an operator-maintained **EDR-killer** portfolio, led by **GentleKiller**, to disable security software before encrypti...
2025 Automotive carmakers ransomware surge
Trend
H score34
First: 16.04.2026 11:35
Last: 16.04.2026 11:35
Sources 1
About this happening:
In **2025**, ransomware became the **fastest-growing** and most disruptive threat to **automotive carmakers**, accounting for **44% of attacks** and **more than doubling** over th...
2025 Automotive carmakers ransomware surge
TrendAbout this happening: In **2025**, ransomware became the **fastest-growing** and most disruptive threat to **automotive carmakers**, accounting for **44% of attacks** and **more than doubling** over th...
Halcyon automotive ransomware mitigation guidance
Advisory/Mitigation
H score27
First: 16.04.2026 11:35
Last: 16.04.2026 11:35
Sources 1
About this happening:
**Halcyon** urged **automotive sector IT teams** to harden their environments against a **ransomware threat** that is pressuring carmakers and their suppliers. The guidance priori...
Halcyon automotive ransomware mitigation guidance
Advisory/MitigationAbout this happening: **Halcyon** urged **automotive sector IT teams** to harden their environments against a **ransomware threat** that is pressuring carmakers and their suppliers. The guidance priori...
TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns
Threat Actor Meta
H score11
First: 31.03.2026 15:15
Last: 31.03.2026 15:15
Sources 1
About this happening:
TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...
TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns
Threat Actor MetaAbout this happening: TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...
Timeline
-
23.01.2026 02:00 2 articles · 5mo ago
Sicarii RaaS emergence on underground forums
Initial DisclosureSicarii appeared as a ransomware-as-a-service offering on underground cybercrime forums, indicating an affiliate-ready criminal service launch that could broaden access to the operation.
Show sources
- Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted — www.darkreading.com — 28.01.2026 00:15
- Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted — www.darkreading.com — 28.01.2026 00:15