SkuggaheimarRansomwareFrag
FRAG
RANSOMWARE
EXTORTION
RansomwareThreat IntelligenceMay 01, 2025

Frag Ransomware Group

Frag is a ransomware/extortion group operating a dark web leak site for victim data publication. This profile covers the group's operations, tactics, known campaigns, and defensive recommendations.

Frag is a ransomware/extortion group operating a dark web leak site for victim data publication. This profile covers the group's operations, tactics, known campaigns, and defensive recommendations. This report provides Mjolnir Security's analysis of the group's operations, extortion model, known targeting, and recommended defenses.

Overview

Frag is a ransomware and/or data extortion operation tracked by Mjolnir Security. The group maintains a presence on the dark web where victim data is published to pressure payment. Operations typically involve double extortion: encrypting victim systems and threatening to leak stolen data.

Threat Level

Frag is an active ransomware/extortion threat. Organizations should review their ransomware readiness posture and ensure backup, detection, and incident response capabilities are current.

Tactics & Techniques

Common MITRE ATT&CK techniques observed in ransomware operations like Frag:

TechniqueDescription
T1486Data Encrypted for Impact
T1490Inhibit System Recovery
T1078Valid Accounts
T1059.001PowerShell Execution
T1567.002Exfiltration to Cloud Storage

Detection & Defense

Recommended defenses against Frag and similar ransomware groups:

How Mjolnir Security Can Help

Ransomware Defense & Response

Mjolnir Security provides ransomware readiness assessments, incident response, and threat intelligence to help organizations defend against extortion threats.

Ransomware Readiness Incident Response Threat Intelligence Red Team Assessment

Contact us: mjolnirsecurity.com

Written by: Mjolnir Security  |  Published: May 01, 2025
Related Reports
Ransomware Hub

All Ransomware Profiles

View All →
Threat Library

Full Threat Intelligence Catalog

Browse →