Wallstreet is a ransomware threat actor observed conducting data-theft and extortion operations against organizations in multiple sectors. Reported victims include entities in healthcare, public sector law enforcement, manufacturing, and insurance-related services, with activity affecting organizations in the United States and Ecuador. The group has been associated with incidents characterized as ransomware attacks accompanied by data breaches, indicating a double-extortion model in which victim data is exfiltrated and used to pressure payment in addition to system encryption or disruption. Publicly identified targeting suggests opportunistic victim selection rather than a narrowly specialized vertical focus. High-confidence public reporting currently provides limited detail on Wallstreet’s malware tooling, intrusion tradecraft, infrastructure, or organizational structure, and no corroborated nation-state attribution is available. No additional widely established aliases or sub-groups are currently available from the provided information.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
1 distinct technique observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Conducting a ransomware attack against Gold Standard Automotive.
Conducting a ransomware attack against Baraga County Memorial Hospital.
Conducting a ransomware attack against the Edgewood Police Department, a public sector law enforcement organization in the United States.
Conducting a ransomware attack resulting in a data breach against Asisken, a medical assistance/health insurance company in Ecuador.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.