blackout

Ransomware group profile

2Victims

RussiaSource country

73Impact score

Also Known As

Blackoutware

Description

Blackout is a sophisticated ransomware group that targets critical infrastructure and large enterprises. They utilize advanced infiltration techniques to deploy ransomware and employ double extortion tactics, resulting in significant operational disruptions for their victims.

Key insights

•Targets critical infrastructure, particularly in the healthcare sector.
•Employs double extortion tactics by encrypting data and threatening to release stolen information.
•Uses custom malware and sophisticated phishing schemes for initial access.
•Has been observed leveraging zero-day vulnerabilities and collaborating with other cybercriminal groups.
•Ransom demands typically range in the millions of dollars.

Industries

Energy & Utilities Government & Defense Healthcare Hospitality Manufacturing Other Technology Transportation

Threat Level & Status Breakdown

For blackout · Based on incidents in selected period

0.2threat level

Aggressiveness0.5/ 10

Lethality0/ 10

Criticality0/ 10

Status Breakdown

Claimed100.0%2

First seenJul 2025

Last seenFeb 2026

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 2, 2026

Recent activity

Monthly attack count for blackout in the selected period

2Total attacks

1peak in Jul

1avg / month

Intelligence

IOCs, YARA/Sigma rules, and related families for blackout

3e9d22280a28ec73b6e84550febb8425d9c660f9777e2e4d3b5baaedea263cbe
1b5a73cafa33d82e994e8928279a3b97b0c424422bf678284ee9877c00de2c48
c3dc5c64193f849ca5048d0e81ee1778ffc086087a20de1e09aef68a8bd560b2
19eb63db7fa79fae746e1f2b4d3bc5c4fbd0e7a7a9e372e7345cddd6cb0020c1
a4839090ffea89bc9c9223d1f9cdeff2
d520d06d78afcad2e03842cb8db4622d18b92739e89dfb8dadf5743f30dcd903
f3ed5373dc99b6f6525723110e904f2f
e75e5778e71e062ce4a7af673f0b2513854d2367fee0f01a26c0c998863bdf6e
1e20360e439594eeb38782b6dbf8de1de214a0b0f657d6c83c6c7a150498d6f4
507e8666c239397561c58609f7ea569c9c49ddbb900cd260e7e42b02d03cfd87
ed6ebcd28b28e938d78a603a324973739170581a
eae09889399fe4fb8e78b114dba0527de913d12fb1802944a88ed136e3e90577
c0621954bd329b5cabe45e92b31053627c27fa40853beb2cce2734fa677ffd93

View full IOC feed500 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for blackout

Defense Evasion

T1562

Impair Defenses

Execution

T1059

Command and Scripting Interpreter

T1047

Windows Management Instrumentation

T1140

Deobfuscate/Decode Files or Information

Impact

T1486

Data Encrypted for Impact

T1490

Inhibit System Recovery

Lateral Movement

T1021

Remote Services

Other

T1550

T1125

Persistence

T1078

Valid Accounts

Victims(2)

Company	Domain	Country	Industry	Status	Discovered
en.yofc.com	—	CN China	Technology	Claimed	3 months ago
www.miatech.net	—	US United States	Hospitality	Claimed	11 months ago

Affected countries(13)

Countries where this group has been reported to target or leak victims.

🇧🇷Brazil 🇨🇦Canada 🇨🇳China 🇩🇪Germany 🇪🇸Spain 🇫🇷France 🇬🇷Greece 🇭🇷Croatia 🇯🇵Japan 🇲🇽Mexico 🇵🇪Peru 🇺🇸United States 🇿🇦South Africa