Meow
Meow is a ransomware/extortion threat associated with Conti-derived code.
Profile source: Mallory opens in a new tabMeow
Family profile
Meow is a ransomware/extortion threat associated with Conti-derived code. Reporting in the provided content describes Meow ransomware as a variant of Conti that appends the ".MEOW" extension to encrypted files and uses the ChaCha20 encryption algorithm, while excluding .exe and text files. Infection and access vectors mentioned for Meow include unprotected RDP, email spam, and malicious downloads. Separate reporting in the content states that Meow later operated as a data-extortion-focused threat actor, also referred to as MeowLeaks or MeowCorp, first emerging in late 2022 and believed to be a Conti spinoff due to code similarities. That reporting says the group transitioned to a pure extortion model in which it steals sensitive data and publishes it on its leak site without deploying file-encrypting malware. The content also places Meow among active ransomware/extortion groups targeting U.S. organizations, including small and mid-sized U.S. organizations, and notes it was among the more active groups in U.S. ransomware victim reporting in 2024. A mutex name reused by DragonForce was noted as having previously been used by Meow and LockBit Green, further supporting linkage to Conti-based ransomware code. Aliases explicitly mentioned in the content are MeowLeaks and MeowCorp.
Ransomware.live
Operational record
Reporting
Research mentioning Meow
Fake Out: 0APT Data-Leak Ransomware Group Branded a Scam
"...and even other groups like LockBit and Meow..."
Fake Out: 0APT Data-Leak Ransomware Group Branded a Scam
victims... copied from various other ransomware groups... and even other groups like LockBit and Meow
Detailed Analysis of DragonForce Ransomware | by S2W | S2W BLOG | Medium
this mutex name has been used previously in Meow and LockBit Green ransomware, both of which are known to be Conti-based ransomware.
Power Rankings: Ransomware Malicious Quartile Q2-2025
Meow ransomware (aka MeowLeaks or MeowCorp) continues to operate as a data extortion-focused threat actor that first emerged in late 2022. Believed to be a spinoff of the Conti gang due to code similarities, Meow initially operated with limited visibility but has since transitioned to a pure extortion model, stealing sensitive data and publishing it on its leak site without deploying file-encrypting malware.
VPN vulnerabilities, weak credentials fuel ransomware attacks
40% of the Q3 attacks can be traced to five groups: RansomHub, PLAY, LockBit 3.0, MEOW and Hunters International.
Infostealers increasingly impact global security
Meow Ransomware is a variant of Conti ransomware... appending the ".MEOW" extension... spreads through... unprotected RDP... email spam, and malicious downloads... uses the ChaCha20 encryption algorithm...
Analyzing Recent Cyber Attacks in the United States Coinciding with Columbus Day Celebration
"Meow, the fifth most active ransomware group in the United States..."