CASE STUDIES

Sarcoma is a criminal ransomware group that breaks into company networks, steals sensitive data, encrypts all the files so the business cannot operate, and then demands a payment to restore access. If the company refuses to pay, Sarcoma publishes the stolen data on a public dark web website for anyone to download -including competitors, journalists, and regulators. The group first appeared in October 2024 and immediately became one of the most active ransomware gangs in the w

Executive Summary The Akira ransomware group emerged in March 2023 and rapidly escalated into one of the most financially destructive threat actors globally. By late 2025, the group had extorted approximately $244.17 million - a 480% increase from $42 million reported in January 2024. Akira succeeds not through exotic zero-days but through identity compromise and weak exposure management : unpatched VPN appliances, absent MFA, and credential reuse. The complete attack lifec

Executive Summary SPYGAME is not a hacking group. It is not whistleblowing. It is not political activism. SPYGAME is a criminal data exploitation marketplace that profits directly from the non-consensual exposure of private images, live hacked IP-camera surveillance feeds, and stolen personal data - targeting women, minors, and private individuals across more than 30 countries. The platform operates on a Leak-and-Earn model - a structured criminal system that financially in

Executive Summary The cybersecurity landscape in 2023 saw the emergence of several new ransomware groups, but few demonstrated the structural sophistication of CiphBit . First observed in April 2023, this group quickly established itself as a credible threat to businesses across Europe and the United States. Unlike opportunistic actors, CiphBit operates with a clear business model, defined affiliate structure, and a calculated approach to victim pressure. For executives and d

Executive Summary The Daixin Team is a financially motivated cybercriminal group responsible for multiple high-impact Daixin Team ransomware operations since mid-2022. Classified as a double-extortion ransomware actor, the group conducts Daixin Team ransomware attacks by combining system encryption with large-scale data theft and coercive dark web exposure. The Daixin Team ransomware attack model is designed to exploit both operational disruption and data exposure risk, ma