bravox
Ransomware group profile
Description
BravoX is an emerging ransomware group that surfaced in January 2026, operating as a Ransomware-as-a-Service (RaaS) and distinguished by its sophisticated double-extortion model. It seeks to exploit high-revenue targets while avoiding attacks within the CIS countries, reflecting common practices among Russian-speaking cybercriminals.
Key insights
- •Operates as a Ransomware-as-a-Service (RaaS) with an affiliate-driven model.
- •Initial access is often gained through compromised SSL VPNs with weak passwords and no multi-factor authentication.
- •Utilizes Rclone for large-scale data exfiltration and maintains sophisticated persistence mechanisms.
- •Imposes a double-extortion model, threatening data publication if ransom demands are not met.
- •Targets high-revenue sectors across various industries, with clear pressures applied through automated data leak site features.
Threat Level & Status Breakdown
For bravox · Based on incidents in selected period
Status Breakdown
Recent activity
Monthly attack count for bravox in the selected period
No intelligence data for this group.
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for bravox
T1486
T1486
T1490
T1490
T1078
T1078
T1059
T1059
T1562
T1562
T1021.001
T1021.001
T1046
T1046
T1027
T1027
T1543
T1543
T1547
T1547
T1105
T1105
T1210
T1210
Victims(29)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Grupo Mauá | grupomaua.com.br | BR Brazil | Manufacturing | Claimed | 3 days ago | |
| AcademyHealth | academyhealth.org | US United States | Healthcare | Claimed | 5 days ago | |
| Emek Elektrik | emek.com.tr | TR Turkey | Energy & Utilities | Claimed | 11 days ago | |
| Salvation Army | salvationarmy.ca | CA Canada | Retail & E-Commerce | Claimed | 11 days ago | |
| Rivadeneyra Treviño | rivtrev.com | MX Mexico | Professional Services | Claimed | 23 days ago | |
| Soprolux | soprolux.com | FR France | Hospitality | Claimed | 27 days ago | |
| blog | bravoxxwcfz5qk43ychgveprpd5mw5hvxfs4a2uz2okx7mumiht4fzyd.onion | — | — | Claimed | about 1 month ago | |
| blog | bravoxxwcfz5qk43ychgveprpd5mw5hvxfs4a2uz2okx7mumiht4fzyd.onion | — | — | Claimed | about 1 month ago | |
| 1st Solution CTC 🇩🇪 | — | DE Germany | Professional Services | Claimed | about 1 month ago | |
| blog | bravoxxtrmqeeevhl7gdh2yzvlrjxajr66d33c7ozosrccx4cz7cepad.onion | — | — | Claimed | about 2 months ago | |
| blog | bravoxxtrmqeeevhl7gdh2yzvlrjxajr66d33c7ozosrccx4cz7cepad.onion | — | — | Claimed | about 2 months ago | |
| Aculab | aculab.com | GB United Kingdom | Technology | Claimed | about 2 months ago | |
| UMBERG TREUHAND AG | umberg-treuhand.ch | CH Switzerland | Financial Services | Claimed | 3 months ago | |
| VATIER | — | FR France | Professional Services | Claimed | 3 months ago | |
| Soreco | soreco.ch | CH Switzerland | Professional Services | Claimed | 3 months ago | |
| OEC Bretagne | bretagne.experts-comptables.fr | FR France | Financial Services | Claimed | 4 months ago | |
| SPEC 🇺🇸 | — | US United States | Technology | Unknown | 4 months ago | |
| FUSION HILL 🇺🇸 | — | US United States | Professional Services | Claimed | 4 months ago | |
| John O's Foods 🇨🇦 | — | CA Canada | Retail & E-Commerce | Claimed | 4 months ago | |
| jasper-avocats.com | jasper-avocats.com | FR France | Professional Services | Claimed | 4 months ago |
Page 1 of 2
Affected countries(9)
Countries where this group has been reported to target or leak victims.