Active ransomware operator
← All groupsAtomsilo
5 victims indexed · first seen 4 years ago · last activity 3 months ago
5
Victims indexed
#245 of 348 tracked operators
4y 2m
Active period
Dec 2021 → Feb 2026
2
Countries hit
top Brazil · 2
At a glance
- Status
- active
- First seen
- 4 years ago
- Last activity
- 3 months ago
- Onion sites
- 3 known endpoints
- Primary sector
- Healthcare · 2 hits
About
Atomsilo is a relatively obscure ransomware group that emerged in December 2021, operating with financial motivations and maintaining a low profile compared to major ransomware operations. The group's origin and potential affiliations remain largely undocumented by major threat intelligence sources, though their limited scope of operations suggests they function as an independent entity rather than a large-scale Ransomware-as-a-Service operation. Based on available victim data, Atomsilo appears to employ targeted attacks against specific sectors, though their exact initial access vectors and technical methodologies have not been extensively documented by major security research organizations. The group has demonstrated a preference for targeting healthcare and financial services sectors, with documented activity primarily affecting organizations in Brazil and Japan, suggesting either regional focus or specific linguistic/cultural targeting capabilities. Atomsilo remains a minor player in the ransomware landscape with only five publicly documented victims, and their current operational status is unclear due to limited public reporting and analysis from major threat intelligence sources.
References
14 linksExternal sources curated by the MISP threat-intel community.
- cyfirma.com/outofband/malware-research-on-atomsilo-ransomware/
- zscaler.com/blogs/security-research/atomsilo-ransomware-enters-league-double-extortion
- twitter.com/siri_urz/status/1437664046556274694
- news.sophos.com/en-us/2021/10/04/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack/
- chuongdong.com/reverse%20engineering/2021/10/13/AtomSiloRansomware/
- decoded.avast.io/threatintel/decryptor-for-atomsilo-and-lockfile-ransomware/
- microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/
- news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/
- secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader
- malpedia.caad.fkie.fraunhofer.de/details/win.atomsilo
- chuongdong.com//reverse%20engineering/2021/10/13/AtomSiloRansomware/
- twitter.com/siri_urz/status/1437664046556274694?s=20
- microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself
- ransomlook.io/group/atomsilo
Timeline
2 months2021-12-01T00:00:00+00:002026-02-01T00:00:00+00:00
Top countries
🇧🇷 Brazil
2
🇯🇵 Japan
1
Top sectors
Healthcare
2
Not Found
1
Financial Services
1
MITRE ATT&CK
4 techniques · 4 tacticsTactics
Initial AccessExecutionDefense EvasionImpact
Recent victims
Loading…
Onion infrastructure
3 known- http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion
- http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion/list.html
- http://mhdehvkomeabau7gsetnsrhkfign4jgnx3wajth5yb5h6kvzbd72wlqd.onion
Source
Updated 3 months agoData on this page is sourced from the group's own leak posts, cross-checked with public ransomware trackers (RansomLook, ransomware.live, RansomWatch), MITRE ATT&CK, and our own Tor and Telegram crawlers. This is a public observatory page — share freely.