Spy

Spy is a ransomware group that develops and deploys ransomware malware to encrypt victims' files and extort payment for decryption keys. The group operates from a headquarters located in the United States of America and is known by the alias "Spy". In March 2022, Spy participated in a simultaneous ransomware attack on a subsidiary of VSS Medical Technology alongside the Hive group. During that incident, Spy encrypted critical files first and subsequently demanded a decryption fee of $750,000 for the release of the data. The victim organization ultimately paid Spy $675,000 for the decryption keys after negotiations.

The attack highlighted Spy's tactic of prioritizing file encryption prior to data exfiltration, contrasting with Hive's six‑month network presence and theft of 160 GB of source code, financial and personal information. Spy's ransom demand was accompanied by a threat of permanent data loss, a common extortion approach used by ransomware actors. The victim organization is a subsidiary of VSS Medical Technology, a medical technology firm, showing that Spy has targeted a healthcare‑related entity. No quantitative data regarding the group's size, revenue, or employee count is provided in the source material. Likewise, details about Spy's ownership structure, parent companies, or subsidiary relationships are not disclosed.