RANSOMWARE OPERATION💰 FINANCIAL
evolution
Limited data
Threat Analysis
evolution is a ransomware operation that deploys encryption-based extortion against organizations globally. This group maintains a data leak site (DLS) to pressure victims into paying ransom demands.
Financially motivated threat actors like evolution prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
Intelligence Reports Mentioning evolution
ST Engineering iDirect iQ-Series Terminals
CISA Alerts· Jul 2, 2026
Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
The Hacker News· Jun 26, 2026
British Police Built a Sprawling Crime-Prediction Machine. Some Results Couldn’t Be Trusted
Wired Security· Jun 25, 2026
CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms
Microsoft Security Blog· Jun 24, 2026
INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023
The Hacker News· Jun 18, 2026
Hacker Conversations: Isira Adithya, the Evolution of an Ethical Hacker
SecurityWeek· Jun 16, 2026
Analysis of a Year of Files Uploaded to DShield Sensors, (Wed, May 27th)
SANS ISC· May 28, 2026
2 PhaaS 2 Furious: The Evolution of Chinese-language Phishing Services
Mandiant Blog· May 25, 2026
Quick Facts
TypeRansomware Operation
Motivation💰 financial
DLS Infrastructure
○ OFFLINEui2uleaiisccbtcooyi34cy5u3plpd5wraiza6wtibolshuf7tnzziid.onion
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.