Morpheus emerged in late 2024 as a semi-private RaaS operation whose affiliates share identical payloads with the HellCat ransomware group, targeting pharmaceutical, manufacturing, legal, and Italian ESXi environments with ransom demands reaching up to 32 BTC (~$3M USD).
Genera un perfil del actor con IA (defensivo) cuando lo pidas.
Este grupo no tiene TTPs curadas. Puedes generar un mapeo MITRE ESTIMADO por IA (no confirmado) a partir de su descripción/notas, solo cuando lo pidas.
Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.
/*
Morpheus ransomware
*/
rule Morpheus_Ransomnote
{
meta:
author = "ransomware.live"
family = "ransomware.morpheus"
description = "Detects Morpheus ransomware ransom note"
date = "2026-05-04"
severity = 7
score = 70
strings:
$s1 = "Morpheus" ascii nocase
$s2 = "MORPHEUS" ascii
$s3 = "morpheus.onion" ascii nocase
$s4 = ".morpheus" ascii
condition:
any of them
}
Your network has been breached and all data were encrypted. It can be restored to their original state with a decryptor key that only we have. Warning: 1. Do NOT modify encrypted files yourself. 2. Do NOT use third-party software to restore your data. 3. Do NOT hire a recovery company. They can not decrypt without out private key. 4. Do NOT reboot or turn off storage media. If you do not contact us within 3 days, or we cannot reach an agreement, informati on will either be sold, or shared with the media We have already downloaded a huge amount of critical data. Tags of downloaded information: - Confidential docs - Sales data - Finance documents - Business Plans - Resume - Personal data of employees - Oracle, Microsoft sql database backups - Full Gitlab backup - Tech data (network scheme, Remote Desktop Manager backup, etc.) Sources of information: 10.0.2.98 10.0.26.5 10.0.26.14 10.0.26.19 10.0.26.102 10.0.26.103 10.0.26.105 10.0.76.61 10.0.26.20 Total size of downloaded data: 110 GB You will not only receive a decryptor, but also a description of your network vulnerabilities and information security recommendations. If necessary, you will be provided with qualified data recovery assistance. As a proof of our statements, we are ready to restore some files for free and demonstrate how our product works. We guarantee that our negotiations will remain confidential. Contacts: Onion: [redactado] Login: [snip] Password: [snip] Mail: [redactado]
**Website**: sunsetworldresorts.com **Revenue**: $593 Million Sunset World Group is a Mexican family business founded by some of the pioneers of Cancun who helped turn it into the most sought-after
| Organización | País | Sector | Grupo | Descubierta |
|---|---|---|---|---|
| SUNSETWORLDRESORTS | MX | Hospitality and Tourism | — | 29 ene 2026 |
Las direcciones de los sitios de filtración (.onion) se conocen pero no se publican ni se enlazan. Solo se muestran metadatos públicos. ética