Nevada is a ransomware-as-a-service (RaaS) program referenced in reporting on the Russian-language cybercrime forum RAMP. RAMP advertised Nevada among 14 RaaS programs, and one cited listing shows Nevada offering an 85/15 affiliate/operator revenue split in December 2022. Separately, Nevada Ransomware is identified as one of multiple ransomware families observed targeting VMware ESXi systems in the wild. The provided content does not attribute Nevada to a specific nation state or provide high-confidence details on its operators, malware lineage, or distinct sub-groups beyond the alias/name Nevada.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
1 distinct technique observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
RaaS program advertised on RAMP with an 85/15 affiliate/operator split.
Named ransomware operation cited as one of several non-Babuk-based strains targeting VMware ESXi virtual machines.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.