blackshrantac

Ransomware group profile

44Victims

United StatesSource country

50Impact score

Description

Blackshrantac is a financially motivated ransomware group that emerged in September 2025, known for its disciplined and sophisticated tactics. The group primarily employs double extortion strategies to maximize pressure on victims, utilizing legitimate commercial tools for intrusion and persistence while focusing on evading detection.

Key insights

•Gains initial access by exploiting CVE-2024-3400 in Palo Alto Networks PAN-OS devices and through phishing emails.
•Utilizes a primary encryptor binary for execution without administrative privileges and leverages legitimate tools for remote access.
•Employs a double extortion model, exfiltrating sensitive data before encrypting files and demanding ransom.
•Disables backups and security controls to enhance the effectiveness of their attacks.
•Uses a leak site on the Tor network to publish victim information and apply pressure through public disclosure threats.

Industries

Energy & Utilities Financial Services Government & Defense Healthcare Hospitality Manufacturing Other Professional Services Retail & E-Commerce Technology Transportation

Threat Level & Status Breakdown

For blackshrantac · Based on incidents in selected period

1.9threat level

Aggressiveness5/ 10

Lethality0/ 10

Criticality0.4/ 10

Status Breakdown

Claimed100.0%44

First seenSep 2025

Last seenJan 2026

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 2, 2026

Recent activity

Monthly attack count for blackshrantac in the selected period

44Total attacks

16peak in Oct

8.8avg / month

↓ 8 vs first month

Intelligence

IOCs, YARA/Sigma rules, and related families for blackshrantac

b5f90df776e6f57a7fec03f9e325ccf9debe4ddbcc8c385f0bb3edd91ef71927
e1201ab8925e3a89bf842ecaab68c3faba5d85b113b42fb05aae687d9dbfb251
7ffacc87f6b1701308fbfcae45c335aadb675c66cc859e998103b090034f6e7c

View full IOC feed3 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for blackshrantac

Other

T1486

T1490

T1078

T1574

T1021

T1562

T1059

T1547

T1040

T1105

T1485

Victims(44)

Company	Domain	Country	Industry	Status	Discovered
PKT QS	pktqs.com	GB United Kingdom	Professional Services	Claimed	4 months ago
National Water Authority	ana.gob.pe	PE Peru	Government & Defense	Claimed	5 months ago
SCHNEIDER PROTOTYPING INDIA PVT. LTD	si-smart.net	IN India	Manufacturing	Claimed	5 months ago
Agrícola Cerro Prieto	agricolacerroprieto.pe	PE Peru	Other	Claimed	5 months ago
Netstar Australia PTY Ltd	netstar.com.au	AU Australia	Technology	Claimed	6 months ago
demilac, Inc	demilac.com.tr	TR Turkey	Retail & E-Commerce	Claimed	6 months ago
VFM Systems & Services (P) Ltd	vfmsystems.com	IN India	Technology	Claimed	6 months ago
Rasen Insaat Ve Yatirim Ticaret A.S.	rasen.com.tr	TR Turkey	Other	Claimed	6 months ago
Badan Pengelola Keuangan Haji	bpkh.go.id	ID Indonesia	Financial Services	Claimed	6 months ago
HexaCream Dental Laboratory	hexadentallab.com	TH Thailand	Healthcare	Claimed	4 months ago
Superintendencia Nacional de Fiscalización Laboral	sunafil.gob.pe	PE Peru	Government & Defense	Claimed	6 months ago
libertyshoes, Inc	libertyfootfashion.com	IN India	Retail & E-Commerce	Claimed	7 months ago
Newgen Digitalwork	newgen.co	IN India	Technology	Claimed	7 months ago
MultistateTax Inc	multistatetax.net	US United States	Financial Services	Claimed	7 months ago
Carvimsa	carvimsa.com.pe	PE Peru	Manufacturing	Claimed	7 months ago
simsekas, Inc	simsekas.com.tr	TR Turkey	Retail & E-Commerce	Claimed	7 months ago
M&BM, Inc	mdm-bg.com	BG Bulgaria	Manufacturing	Claimed	7 months ago
CCI Tax Pros, Inc	ccitaxpros.com	US United States	Financial Services	Claimed	7 months ago
The Matlusky Firm LLC	matluskylaw.com	US United States	Professional Services	Claimed	7 months ago
CyPark Resources Berhad	cypark.com	MY Malaysia	Energy & Utilities	Claimed	7 months ago

Page 1 of 3

Affected countries(24)

Countries where this group has been reported to target or leak victims.