Sinobi is a private vetted-affiliate RaaS group that emerged in mid-2025, believed to be a rebrand of the Lynx/INC ransomware lineage, claiming 176 victims by end of 2025 through double-extortion attacks primarily against mid-market US organizations via compromised SonicWall VPN credentials.
Genera un perfil del actor con IA (defensivo) cuando lo pidas.
Tácticas y técnicas observadas del actor, mapeadas a MITRE ATT&CK (clic para ver la ficha oficial). Útil para priorizar detecciones.
Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.
/*
sinobi ransomware
*/
rule sinobi_Ransomnote
{
meta:
author = "ransomware.live"
family = "ransomware.sinobi"
description = "Detects sinobi ransomware ransom note or artifact"
date = "2026-05-04"
severity = 7
score = 70
strings:
$name1 = "sinobi" ascii nocase
$name2 = "SINOBI" ascii
$onion = "sinobi.onion" ascii nocase
condition:
any of them
}
Good afternoon, we are Sinobi Group.
As you can see you have been attacked by us! We offer you to make a deal with us. all you need to do is contact us by following the instructions below.
We are not politically motivated group, we are interested only in money, we always keep our word. You have a possibility to decrypt your files and save your reputation in case we find good solution!
You have to know we do not like procrastination. You have 7 days to come to the chat room and start negotiations.
- 1 Communication Process:
In order to contact with us you need to download Tor Browser.
You can download Tor Browser from this link:
[redactado]
After you joined to chat room you have the opportunity to request several things from us for free:
1. make a test decrypt.
2. get a list of the files stolen from you.
At the end, we should agree on the price for our services. Keep in mind that we got your income/insurance documents.
- 2 Access to the chat room:
To access us please use one of the following links:
1. [redactado]
2. [redactado]
3. [redactado]
4. [redactado]
5. [redactado]
6. [redactado]
7. [redactado]
If Tor is blocked in your country you can use this link: [redactado]
Your unique ID: [snip] - use it to register in the chat room.
- 3 Blog:
To access us please use one of the following links:
1: [redactado]
2: [redactado]
3: [redactado]
4: [redactado]
5: [redactado]
6: [redactado]
7: [redactado]
If Tor is blocked in your country you can use this link: [redactado]
- 4 Recommendations:
Do not try to recover your files with third-party programs, you will only do harm.
Do not turn off / reboot your computer.
Do not procrastinate.Galutti Automotive, established in 1988, specializes in the production of wire artifacts such as support rods, comfort screens, springs, tubes, welding, and stamping. With over 35 years in the market, it has become a leading manufacturer in South America, producing automotive components for both two and four-wheeled vehicles, as well as products for white and yellow line machinery. The company focuses on quality and sustainability, holding ISO 14001:2015 certification to ensure environmentally friendly practices. Galutti serves diverse sectors by offering a wide range of automotive parts including seat covers, headrests, and various metallic and spring components.
| Organización | País | Sector | Grupo | Descubierta |
|---|---|---|---|---|
| Galutti Automotive Industria Metalurgica Ltda | BR | Manufacturing | — | 18 ene 2026 |
| Luis Garratón | PR | Transportation/Logistics | — | 27 oct 2025 |
| IDB Clinicas | AR | Healthcare | — | 12 oct 2025 |
| Termotasajero | CO | Energy | — | 8 oct 2025 |
| Tecnomarket | VE | Consumer Services | — | 8 oct 2025 |
Las direcciones de los sitios de filtración (.onion) se conocen pero no se publican ni se enlazan. Solo se muestran metadatos públicos. ética
Luis Garratón, LLC is a full-service distributor specializing in pharmaceutical products, consumer goods, and logistics services. The company aims to meet the needs of its clients through four main service categories: healthcare, consumer products, logistics, and digital marketing. With a focus on professionalism and a dedicated sales force, they strive to achieve their clients' business objectives. Their commitment to excellence ensures lasting results for their customers.
Grupo de Clinicas IDB provides business services. Contact them directly for more information about their offerings.
Termotasajero SA ESP is a power generation and commercialization company that provides high-quality electricity to meet the needs of its clients. They focus on ensuring effectiveness and sustainability in the energy sector. The company emphasizes environmental harmony through recycling and reusing initiatives. Termotasajero caters to various clients in the energy market, demonstrating transparency and high standards in their operations.
Tecnomarket is a company that operates in the Restaurants industry. It employs 5to9 people and has 500Kto1M of revenue. The company is headquartered in Rubiera, Emilia-Romagna, Italy.