Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to malware
MalwareRansomware

ShinySp1d3r RaaS

ShinySp1d3r RaaS is a ransomware-as-a-service (RaaS) program previewed by the Scattered Lapsus$ Hunters, a loosely organized collective of mostly Western teenage cybercriminals. This group, originating from the cybercrime community known as The Com, is known for its chaotic, unpredictable operations and a blend of technical and social engineering tactics, including insider recruitment, help desk attacks, and targeting enterprise applications (e.g., Oracle, SAP, Salesforce). ShinySp1d3r RaaS is notable as a potential first major RaaS offering from English-speaking cybercriminals, marking a shift from the traditional reliance on Russian-speaking ransomware providers. The group has demonstrated increasing technical sophistication and extortion capabilities, targeting a wide range of industries, including major retailers, airlines, insurers, and government agencies. Their operations include data theft, public shaming, and threats to leak sensitive information unless ransoms are paid. Law enforcement has attempted to disrupt their activities, but the group's adaptability and volatility continue to pose significant challenges. No specific indicators of compromise for ShinySp1d3r RaaS are mentioned in the available content.

Share:
For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial
ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app
govinfosecurityNews
Oct 17, 2025
Madman Theory Spurs Crazy Scattered Lapsus$ Hunters Playbook

ShinySp1d3r RaaS is a ransomware-as-a-service platform reportedly being developed by English-speaking cybercriminals, aiming to provide ransomware capabilities to affiliates. It represents a shift from reliance on Russian-speaking RaaS providers.

Read more
bank info securityNews
Oct 17, 2025
Madman Theory Spurs Crazy Scattered Lapsus$ Hunters Playbook

ShinySp1d3r RaaS is a ransomware-as-a-service program reportedly being launched by English-speaking cybercriminals, marking a shift from reliance on Russian-speaking ransomware providers. It is designed to allow affiliates to deploy ransomware attacks for a share of the profits.

Read more
reliaquest com threat huntingNews
Oct 8, 2025
Ransomware and Cyber Extortion in Q3 2025

ShinySp1d3r RaaS is a forthcoming ransomware-as-a-service platform developed by the Scattered Spider group, notable for combining advanced social engineering with ransomware deployment. It is expected to enable affiliates to conduct both data theft and encryption attacks.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.
Start free trial
IOC matching

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.