NetRunner
NetRunner is a threat actor associated with data exfiltration and extortion operations, including activity against healthcare-related organizations and service providers in 2026.
Profile source: Mallory opens in a new tabNetRunner
Family profile
NetRunner is a threat actor associated with data exfiltration and extortion operations, including activity against healthcare-related organizations and service providers in 2026. The available reporting describes NetRunner as focusing on extracting sensitive data for extortion rather than relying solely on encryption, and as often targeting enterprise environments with large data stores. In Q1 2026, NetRunner was reported to have made the largest reported healthcare ransom demand in the dataset: $100 million against Nippon Medical School Musashi Kosugi Hospital in Japan; the ransom was not paid. The content links NetRunner to healthcare-sector targeting and extortion activity, but does not provide high-confidence attribution to any nation-state, malware family, or additional sub-groups. Known alias in the provided content: netrunner.
Ransomware.live