Skip to content
Ransomware group

auditteam

AuditTeam is a ransomware and data-extortion threat actor observed claiming intrusions against organizations in Russia.

Profile source: Mallory opens in a new tab

auditteam

Family profile

AuditTeam is a ransomware and data-extortion threat actor observed claiming intrusions against organizations in Russia. Publicly available reporting in this context attributes multiple ransomware incidents and associated data-breach claims to the group during 2026. The actor appears to operate as an extortion-focused cybercriminal group that compromises victim environments, deploys ransomware, and alleges theft of victim data to increase pressure for payment.

High-confidence information currently available is limited. AuditTeam has been linked to ransomware attacks against companies in the RU region, but there is insufficient corroborated public detail here to reliably assess its malware lineage, initial access methods, preferred tooling, affiliate structure, or broader victimology beyond those reported incidents. No verified nation-state attribution is available based on the present information, and AuditTeam is best characterized as a financially motivated ransomware actor unless further evidence emerges.

Known alias usage in the available reporting is limited to AuditTeam.

Ransomware.live

Operational record

View group record ↗

Ransomware.live

Recent claims

All published claims ↗

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.