Emerging Ransomware-as-a-Service, Supporting AI Driven Negotiation and Mobile Control Panel for Their Affiliates
A new Ransomware-as-a-Service (RaaS) group called GLOBAL GROUP has emerged, likely a rebranding of the BlackLock RaaS operation. The group targets various sectors across the US and Europe, with a focus on healthcare providers. GLOBAL GROUP utilizes Initial Access Brokers to gain entry to vulnerable edge appliances and employs brute-force tools for Microsoft Outlook and RDWeb portals. Their ransom negotiation panel features AI-driven chatbots, enabling non-English-speaking affiliates to engage victims more effectively. The group offers an 85% revenue share to affiliates and provides a mobile-friendly control panel. GLOBAL GROUP's infrastructure has been traced to a Russia-based VPS provider, and their operations show similarities to previous Mamona ransomware activities.
Pulse ID: 6877cee47723c96cd1d54e25
Pulse Link: https://otx.alienvault.com/pulse/6877cee47723c96cd1d54e25
Pulse Author: AlienVault
Created: 2025-07-16 16:10:12
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
