global
Ransomware group profile
Description
Global Group is a newly emerged Ransomware-as-a-Service operation believed to be a rebranding of the BlackLock/Mamona ecosystem. They offer innovative features like AI-powered negotiation systems and an affiliate revenue share model. The group is linked to Russian infrastructure and deploys sophisticated tactics to infiltrate targets.
Key insights
- •Employs AI-driven negotiation tools for ransom discussions.
- •Utilizes a double extortion model, leveraging both data encryption and data leaks.
- •Targets various sectors, including healthcare, education, and manufacturing.
- •Relies on Initial Access Brokers for pre-compromised entry points.
- •Uses Golang, C++, and C to build cross-platform ransomware.
- •Known for aggressive negotiation tactics, including threats of public data exposure.
Threat Level & Status Breakdown
For global · Based on incidents in selected period
Status Breakdown
Recent activity
Monthly attack count for global in the selected period
Intelligence
IOCs, YARA/Sigma rules, and related families for global
- 16bc5adc4f46cdf7c4852d17ebf9f499
- 1f6640102f6472523830d69630def669dc3433bbb1c0e6183458bd792d420f8e
- 2a0ec79f3d0d2f2996a9c5263a112197
- c5f49c0f566a114b529138f8bd222865c9fa9fa95f96ec1ded50700764a1d4e7
- 8bf379efd813e2b19e3c0abf2dc08f05
- b4315d71fb374e4d6b12b7b3c412b027f2d5c231
- 55f3a2d89485bb40ea45e5fa1f24828f71a81ef4ccc541b6657fc7a861ef3add
- 70a4afab44d6a9ecd7f42ab77972be074dec8383a47a2011eb0133a230a4fae3
- 2e339540ab604bb0b317fab1e61c99e44c09ce32
- 74c021250ef2c027deb141d8f8b35329de082209
- 28f3de066878cb710fe5d44f7e11f65f25328beff953e00587ffeb5ac4b2faa8
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for global
T1486
T1486
T1490
T1490
T1078
T1078
T1021
T1021
T1562
T1562
T1059
T1059
T1047
T1047
T1080
T1080
T1021.001
T1021.001
T1203
T1203
T1110
T1110
T1003
T1003
Victims(30)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| awmedicalvillage.org | awmedicalvillage.org | LB Lebanon | Healthcare | Unknown | 10 months ago | |
| hmsaojose.com | hmsaojose.com | BR Brazil | Healthcare | Unknown | 10 months ago | |
| RUKU Tore - Türen | rukutore.de | DE Germany | Manufacturing | Unknown | 10 months ago | |
| Albavision.tv | albavision.tv | GT Guatemala | Technology | Unknown | 10 months ago | |
| Medical Village LIV | — | CH Switzerland | Healthcare | Unknown | 10 months ago | |
| Rete Toscana Classica | rtcn.toscana.it | IT Italy | Technology | Unknown | 10 months ago | |
| Geomaticks Grecia | geomaticks.gr | GR Greece | Professional Services | Unknown | 10 months ago | |
| Dithelm Travel Group | dthtravel.com | TH Thailand | Hospitality | Unknown | 10 months ago | |
| Cyme Servicios Médicos | cymserviciosmedicos.com.mx | MX Mexico | Healthcare | Unknown | 10 months ago | |
| MukundRhotindian | — | NA Namibia | — | Unknown | 10 months ago | |
| CONTRAQI | — | MX Mexico | Technology | Unknown | 10 months ago | |
| RTE | — | IE Ireland | Technology | Unknown | 10 months ago | |
| moelco.es | moelco.es | ES Spain | Manufacturing | Unknown | 10 months ago | |
| lafavoritaservice.it | lafavoritaservice.it | IT Italy | Manufacturing | Unknown | 10 months ago | |
| loraincountyauditor.gov | loraincountyauditor.gov | US United States | Government & Defense | Unknown | 11 months ago | |
| Emphail.com | emphail.com | US United States | Technology | Unknown | 11 months ago | |
| entab.se | entab.se | SE Sweden | Technology | Unknown | 11 months ago | |
| Skyline Dubuque | skylinesalt.com | US United States | Other | Unknown | 12 months ago | |
| Letry | letry.be | BE Belgium | Other | Unknown | 12 months ago | |
| Fenol Kimya | fenol.com.tr | TR Turkey | Manufacturing | Unknown | 12 months ago |
Page 1 of 2
Affected countries(31)
Countries where this group has been reported to target or leak victims.