arcusmedia
Arcus Media is a ransomware-as-a-service operation that emerged in 2024 and has been described as a technically advanced and active extortion actor.
Profile source: Mallory opens in a new tabarcusmedia
Family profile
Arcus Media is a ransomware-as-a-service operation that emerged in 2024 and has been described as a technically advanced and active extortion actor. The group is associated with double-extortion ransomware activity, combining data theft with encryption and public leak-site pressure. Arcus Media has been observed targeting organizations across multiple countries and sectors, including technology, transportation and logistics, consumer services, public-sector entities, and organizations linked to industrial and critical infrastructure.
Reporting indicates that Arcus Media has shown interest in industrial and critical infrastructure targets, placing it within the broader trend of ransomware actors pursuing operationally sensitive victims. The group has been associated with credential harvesting, including theft of browser-stored credentials, and appears to participate in the broader ransomware ecosystem’s use of common affiliate-driven tradecraft such as opportunistic targeting, data exfiltration, and timed extortion deadlines.
Known aliases include arcusmedia and arcus_media. Based on available information, Arcus Media is best characterized as a financially motivated ransomware group rather than a clearly attributed nation-state actor. Publicly available information in this dataset does not establish a confirmed government affiliation, geographic origin, or identified sub-groups with high confidence.
Ransomware.live
Operational record
Ransomware.live