Skip to content
Ransomware group

Meow

Meow is a ransomware/extortion threat associated with Conti-derived code.

Profile source: Mallory opens in a new tab

Meow

Family profile

Meow is a ransomware/extortion threat associated with Conti-derived code. Reporting in the provided content describes Meow ransomware as a variant of Conti that appends the ".MEOW" extension to encrypted files and uses the ChaCha20 encryption algorithm, while excluding .exe and text files. Infection and access vectors mentioned for Meow include unprotected RDP, email spam, and malicious downloads. Separate reporting in the content states that Meow later operated as a data-extortion-focused threat actor, also referred to as MeowLeaks or MeowCorp, first emerging in late 2022 and believed to be a Conti spinoff due to code similarities. That reporting says the group transitioned to a pure extortion model in which it steals sensitive data and publishes it on its leak site without deploying file-encrypting malware. The content also places Meow among active ransomware/extortion groups targeting U.S. organizations, including small and mid-sized U.S. organizations, and notes it was among the more active groups in U.S. ransomware victim reporting in 2024. A mutex name reused by DragonForce was noted as having previously been used by Meow and LockBit Green, further supporting linkage to Conti-based ransomware code. Aliases explicitly mentioned in the content are MeowLeaks and MeowCorp.

Ransomware.live

Operational record

View group record ↗

Reporting

Research mentioning Meow

Feb 10
Bank Info Security

Fake Out: 0APT Data-Leak Ransomware Group Branded a Scam

"...and even other groups like LockBit and Meow..."

Feb 10
Govinfosecurity

Fake Out: 0APT Data-Leak Ransomware Group Branded a Scam

victims... copied from various other ransomware groups... and even other groups like LockBit and Meow

Jan 14
Medium S2wblog

Detailed Analysis of DragonForce Ransomware | by S2W | S2W BLOG | Medium

this mutex name has been used previously in Meow and LockBit Green ransomware, both of which are known to be Conti-based ransomware.

Aug 4
Halcyon Attacks News

Power Rankings: Ransomware Malicious Quartile Q2-2025

Meow ransomware (aka MeowLeaks or MeowCorp) continues to operate as a data extortion-focused threat actor that first emerged in late 2022. Believed to be a spinoff of the Conti gang due to code similarities, Meow initially operated with limited visibility but has since transitioned to a pure extortion model, stealing sensitive data and publishing it on its leak site without deploying file-encrypting malware.

Nov 28
Help Net Security

VPN vulnerabilities, weak credentials fuel ransomware attacks

40% of the Q3 attacks can be traced to five groups: RansomHub, PLAY, LockBit 3.0, MEOW and Hunters International.

Nov 13
Help Net Security

Infostealers increasingly impact global security

Meow Ransomware is a variant of Conti ransomware... appending the ".MEOW" extension... spreads through... unprotected RDP... email spam, and malicious downloads... uses the ChaCha20 encryption algorithm...

Oct 10
Cloudsek

Analyzing Recent Cyber Attacks in the United States Coinciding with Columbus Day Celebration

"Meow, the fifth most active ransomware group in the United States..."

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.