J, also known as J Group, emerged as a new ransomware group in early 2025, launching its data leak site in May 2025. This group operates as a cybercriminal cartel primarily focused on double extortion through data exfiltration and public leakage. Their primary motivation is financial gain, monetizing stolen data even if ransom negotiations fail. J Group's behavior indicates an evolving modus operandi, as they are still establishing their operational procedures, and have been observed to adopt data brokerage as a common approach. They are often characterized as a leak-site-centric extortion identity, distinguishing themselves by attempting to sell data publicly rather than solely relying on encryption-based ransom payments.