Find notable cyber news and cases, enriched with sources, timelines, and signals.

Sicarii launches as ransomware-as-a-service on underground forums

Threat Actor Meta
First reported
Last updated
Happening score
H score 25
1 unique sources, 1 articles

Summary

Hide ▲

Sicarii has emerged as a ransomware-as-a-service offering advertised on underground cybercrime forums, signaling a criminal service launch that can broaden access to the operation. The shift matters because it turns the ransomware into an affiliate-ready ecosystem rather than a one-off strain. Halcyon said it observed the offering last month and documented the operator-driven marketplace activity.

Related Happenings

Qilin consolidates into dominant RaaS position as ransomware market reconcentrates

Threat Actor Meta
H score39 First: 03.07.2026 16:00 Last: 03.07.2026 16:00 Sources 1

About this happening: **Qilin** is consolidating into a dominant **RaaS** position as the ransomware ecosystem shifts back from fragmentation to concentration, increasing affiliate scale and victim vol...

The Gentlemen affiliate-driven RaaS expansion and enterprise scale-up

Threat Actor Meta
H score57 First: 21.04.2026 17:00 Last: 21.04.2026 17:00 Sources 1

About this happening: **The Gentlemen** ransomware-as-a-service operation is using an operator-maintained **EDR-killer** portfolio, led by **GentleKiller**, to disable security software before encrypti...

2025 Automotive carmakers ransomware surge

Trend
H score34 First: 16.04.2026 11:35 Last: 16.04.2026 11:35 Sources 1

About this happening: In **2025**, ransomware became the **fastest-growing** and most disruptive threat to **automotive carmakers**, accounting for **44% of attacks** and **more than doubling** over th...

Halcyon automotive ransomware mitigation guidance

Advisory/Mitigation
H score27 First: 16.04.2026 11:35 Last: 16.04.2026 11:35 Sources 1

About this happening: **Halcyon** urged **automotive sector IT teams** to harden their environments against a **ransomware threat** that is pressuring carmakers and their suppliers. The guidance priori...

TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns

Threat Actor Meta
H score11 First: 31.03.2026 15:15 Last: 31.03.2026 15:15 Sources 1

About this happening: TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...

Timeline

  1. 23.01.2026 02:00 2 articles · 5mo ago

    Sicarii RaaS emergence on underground forums

    Initial Disclosure

    Sicarii appeared as a ransomware-as-a-service offering on underground cybercrime forums, indicating an affiliate-ready criminal service launch that could broaden access to the operation.

    Show sources