Skip to content
Ransomware group

Genesis

Genesis is a ransomware and data-extortion threat group that emerged in late 2025 and has since claimed intrusions primarily affecting organizations in the United States.

Profile source: Mallory opens in a new tab

Genesis

Family profile

Genesis is a ransomware and data-extortion threat group that emerged in late 2025 and has since claimed intrusions primarily affecting organizations in the United States. Reported victims span healthcare, legal, construction, staffing, financial services, technology, agriculture, real estate, and nonprofit sectors, indicating broad opportunistic targeting rather than a narrowly specialized victim profile. Publicly associated incidents include attacks against medical providers, business services firms, trade associations, and nonprofits, including a claimed attack on the National Association on Drug Abuse Programs.

Genesis operates as a conventional ransomware actor, combining data theft with encryption and using a leak site to pressure victims. The group publicly claims responsibility for attacks, alleges exfiltration of victim data, and uses the threat of publishing stolen information to coerce payment. Reported victim notifications and public claims indicate that Genesis seeks both restoration-related ransom payments and payment in exchange for deleting stolen data.

Available reporting supports characterization of Genesis as a relatively new criminal ransomware operation rather than a nation-state actor. High-confidence public information on its internal structure, operators, geographic base, affiliate model, malware lineage, or stable sub-groups is currently not available. No widely used aliases beyond the name Genesis are established in the available information.

Ransomware.live

Operational record

View group record β†—

Ransomware.live

Recent claims

All published claims β†—

MITRE ATT&CK

Genesis in ATT&CK

8 distinct techniques

Reporting

Research mentioning Genesis

Jul 5
Hookphish

Ransomware Group genesis Hits: East Texas Family Medicine

East Texas Family Medicine β€” an organization based in US β€” has fallen victim to a ransomware attack conducted by the group genesis.

Jul 5
Hookphish

Ransomware Group genesis Hits: Synergy Interactive

Synergy Interactive β€” an organization based in US β€” has fallen victim to a ransomware attack conducted by the group genesis.

Jul 5
Hookphish

Ransomware Group genesis Hits: Dunagan Associates

Dunagan Associates β€” an organization based in US β€” has fallen victim to a ransomware attack conducted by the group genesis.

Jul 5
Hookphish

Ransomware Group genesis Hits: Westgate

Westgate β€” an organization based in US β€” has fallen victim to a ransomware attack conducted by the group genesis.

Jul 5
Hookphish

Ransomware Group genesis Hits: DICON

DICON β€” an organization based in US β€” has fallen victim to a ransomware attack conducted by the group genesis.

Jul 5
Hookphish

Ransomware Group genesis Hits: SBI Software

SBI Software β€” an organization based in US β€” has fallen victim to a ransomware attack conducted by the group genesis.

Jul 5
Hookphish

Ransomware Group genesis Hits: Bri-Tech, Inc

Bri-Tech, Inc β€” an organization based in US β€” has fallen victim to a ransomware attack conducted by the group genesis.

Jul 5
Hookphish

Ransomware Group genesis Hits: Mirage Endoscopy Center

Mirage Endoscopy Center β€” an organization based in US β€” has fallen victim to a ransomware attack conducted by the group genesis.

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.