The Kill ransomware group is a threat actor that has surfaced intermittently in 2023–2024. Public information about the group is limited.

Kill uses data encryption and extortion tactics, with some indications of double extortion, where stolen data is leveraged alongside system disruption to pressure victims. Targets are typically small to mid-sized organizations, often those with exposed services or weak access controls. Initial access is believed to rely on phishing, compromised credentials, or exploitation of unsecured remote access points.

From a technical standpoint, Kill does not demonstrate novel capabilities, instead relying on commodity ransomware techniques, including disabling backups and basic security controls before encryption.