Tracking active ransomware
Ransomware rarely arrives out of nowhere. Most incidents begin with a commodity loader or phishing infection, escalate through hands-on-keyboard tooling, and end in encryption once the domain controller is compromised. Blocking the earlier stages is your best chance to stop an attack before it lands, which is why our ransomware coverage spans the full chain, not just the final payload.
Why track it with PrecisionSec
- Break the attack chain early. Commodity loaders and post-exploitation tools like Cobalt Strike often surface days before encryption, so blocking them buys your team time to respond.
- Active and historical coverage. Currently tracked families plus retired ones such as GandCrab and Locky, kept for reference and retro-hunting.
- Built for your stack. Delivered via STIX/TAXII, MISP, CSV and REST API. See all integrations.
Ransomware and precursor-malware IOCs are included in every PrecisionSec intelligence subscription.