GLOBAL GROUP is a ransomware-as-a-service operation that emerged in June 2025, reportedly launched by a known Russian-speaking threat actor, featuring AI-driven ransom negotiation and a mobile control panel for affiliates, targeting healthcare, oil and gas, industrial engineering, and automotive sectors.
Genera un perfil del actor con IA (defensivo) cuando lo pidas.
Este grupo no tiene TTPs curadas. Puedes generar un mapeo MITRE ESTIMADO por IA (no confirmado) a partir de su descripción/notas, solo cuando lo pidas.
Para detección/bloqueo en tu EDR/SIEM. Fuente: ransomware.live.
Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.
/*
global ransomware
*/
rule global_Ransomnote
{
meta:
author = "ransomware.live"
family = "ransomware.global"
description = "Detects global ransomware ransom note or artifact"
date = "2026-05-04"
severity = 7
score = 70
strings:
$name1 = "global" ascii nocase
$name2 = "GLOBAL" ascii
$onion = "global.onion" ascii nocase
condition:
any of them
}
GLOBAL Your network has been encrypted. All of your important files — documents, databases, backups, and configurations are now inaccessible. They have been locked using military-grade encryption. Only GLOBAL holds the decryption keys. What happened? ------------------------- We have gained full access to your internal network. During this time, sensitive data was exfiltrated and your systems were encrypted. Your business operations, internal communications, and customer data are at risk. What comes next? ------------------------- To restore access: 1. Download the Tor Browser ([redactado] 2. Visit our secure portal: [redactado] 3. Enter your unique ID: [snip] 4. Follow the instructions to begin negotiations. You may submit one small file (<1MB, non-sensitive) for free decryption as proof we hold the keys. We will also send you a file-listing to prove to you that we have stolen your data. Failure to engage within 3 days will result in: - Public release of your internal documents - Irreversible loss of your encrypted data - Escalation of your case to a wider leak network There is no other way. Do not waste time with third-party tools or law enforcement. You will only make things worse. This is not personal. Just business. Data Leak Site - [redactado] **GLOBAL operates globally.**
Hospital Maternidade São José 1TB of private patient information. Personal details and more.
Albavisión is a major Latin American media company founded by Remigio Ángel González. Headquartered in Miami, it owns numerous TV and radio stations across Latin America. The company is known for acquiring struggling media outlets and revitalizing them with popular programming like telenovelas and U.S. films. === 400GB stolen. ===
| Organización | País | Sector | Grupo | Descubierta |
|---|---|---|---|---|
| hmsaojose.com | BR | Healthcare | — | 20 ago 2025 |
| Albavision.tv | GT | Telecommunication | — | 28 jul 2025 |
| CONTRAQI | MX | Not Found | — | 26 jul 2025 |
| Cyme Servicios Médicos | MX | Healthcare | — | 26 jul 2025 |
| https://www.personalservice.com.br/ | BR | Business Services | — | 7 jun 2025 |
Las direcciones de los sitios de filtración (.onion) se conocen pero no se publican ni se enlazan. Solo se muestran metadatos públicos. ética
Unknown
CYM Servicios Médicos - a Mexican‑based medical services clinic, offering general and specialist consultations, diagnostic services, and appointment-based care. It's active on Facebook and serves local communities with accessible healthcare services
ERSONAL SERVICE is one of the leading service providers in Brazil, operating in the areas of Facilities, Business Process Outsourcing (BPO) solutions that combine Human Resources with processes and technology, and Technical Services for dealerships. Founded 21 years ago, the company is now present in 11 states across the country, with 12,000 employees and around 160 clients in sectors such as industries, shopping malls, corporate headquarters, hospitals, commercial and residential condominiums, among others