BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

New GLOBAL GROUP Ransomware Targets Multiple Sectors Worldwide

GLOBAL GROUP Ransomware Emerges, Targeting Global Organizations With AI-Powered Affiliate Program Despite Decline in Overall Attacks

  • A new Ransomware-as-a-service (RaaS) operation called GLOBAL GROUP has been identified, targeting organizations across Australia, Brazil, Europe, and the United States since June 2025.
  • The operation is reportedly a rebrand of the previous BlackLock and Mamona ransomware programs and relies heavily on initial access brokers for system infiltration.
  • GLOBAL GROUP uses tools against software from companies such as Cisco, Fortinet, and Palo Alto Networks to deploy its ransomware and exploits weaknesses in email and remote desktop portals.
  • The service offers affiliates advanced features like an AI-powered negotiation panel, a mobile-friendly dashboard, and customizable ransomware payloads, with affiliates promised 85% of ransom payments.
  • June 2025 saw a 15% drop in total ransomware victims globally, but experts warn ongoing risks remain high due to rising geopolitical tensions and increased activity by groups like Qilin and DragonForce.

A new ransomware-as-a-service platform called GLOBAL GROUP has started targeting a range of industries in Australia, Brazil, Europe, and the United States since early June 2025. According to researchers at EclecticIQ, the group promotes its services on Hacking forums and has been linked to the same operator behind earlier BlackLock and Mamona ransomware activities.

- Advertisement -

Investigators report that GLOBAL GROUP emerged after BlackLock’s data leak site was attacked by the DragonForce cartel earlier this year. Evidence suggests the ransomware operation is financially motivated, using pre-compromised access points to corporate networks via third-party brokers. Attackers focus on vulnerable software made by Cisco, Fortinet, and Palo Alto Networks, as well as brute-force attacks on Microsoft Outlook and remote desktop portals.

The affiliate program offers cybercriminals tools to build ransomware payloads for various operating systems, including VMware ESXi, NAS, BSD, and Windows. A negotiation panel, supported by AI-powered chatbots, assists in communicating with victims—particularly benefiting non-English speakers. The revenue-sharing model gives affiliates 85% of ransom proceeds.

As of July 14, 2025, GLOBAL GROUP claims to have attacked 17 organizations in sectors such as healthcare, industrial manufacturing, automotive repair, and business process outsourcing. Researchers note strong ties to previous ransomware operations, including BlackLock and Mamona, due to shared infrastructure and programming similarities. The Malware is written in Go programming language for better cross-platform attacks.

Other ransomware groups remain active, with Qilin leading RaaS activity in June 2025 with 81 attacks. DragonForce spiked its attacks by over 200%, while groups like Akira, Play, and SafePay also remained significant in the threat landscape. The overall number of ransomware victims dropped from 545 in May to 463 in June 2025.

- Advertisement -

According to Optiv, ransomware operators continue to depend on traditional methods for initial access, such as social engineering, exploiting software vulnerabilities, and using compromised credentials. Despite a recent decrease in total cases, experts from NCC Group and others warn continued instability and high-profile attacks are likely to sustain the risk from ransomware threats worldwide.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Bank of Thailand scans stablecoin trades for illicit finance

The Bank of Thailand is using data analytics to scan for abnormally high-volume trades...

RWAs Overtake Bitcoin as Hyperliquid’s Largest Open Interest

Hyperliquid's RWA perpetuals hit a record $3.6 billion in open interest, overtaking Bitcoin and...

SK Hynix ADR gains vanish in under a day

SK Hynix's ADRs rose 12.7% on Nasdaq debut Friday but the entire gain was...

Binance futures hit 2026 high as spot market lags

Binance recorded $1.6 trillion in futures trading volume in June, its highest level of...

CISA adds two critical Joomla extension flaws to KEV list

U.S. CISA added two maximum-severity Joomla extension flaws to its Known Exploited Vulnerabilities (KEV)...

Must Read

How to Buy VPS with Crypto from Hostinger – Step by Step guide

Did you know that nowadays you can use Bitcoin to purchase a Windows VPS? If you’re here, you’re probably wondering how to do it....
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading