Arsenal Exploits TTP Matrix KillChain Mapa Actores SSLBL RansomLook Ransomwhere Alertas CyberNews

benzona

7 incidentes 4 paises 2 sectores ransomware Ultimo: 2026-06-25

Benzona is a financially motivated ransomware group that emerged in late November 2025, operating under a double-extortion model. The group distinguishes itself by encrypting victim files and exfiltrating sensitive data, threatening to publish this information on a dedicated Tor-based leak site if ransom demands are not met. They primarily target small to mid-sized organizations across various sectors, demonstrating a coordinated approach in simultaneous attacks against multiple related entities. The group is known solely as Benzona in public reporting, with no widely reported aliases or confusion with other threat actors.

RansomLook pivots

Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.

Abrir perfil →

Data

Recent Browse Trending Stats

Intel

Group URLs Crypto Leaks Notes Analyses Torrents

Info

API Glossary About

Victimas

TTPs unicas

Info robada historica

N/D

Rescates reclamados

N/D

Pagos detectados

N/D

TTPs observadas

T1566 Phishing

Paises afectados

Guatemala (1)

United States (3)

France (1)

Tanzania (1)

Paises objetivo (SOCRadar)

Côte d'Ivoire

France

Guatemala

IndiaIran, Islamic Republic of

JapanNamibia

New Zealand

RomaniaTaiwan, Province of China

Sectores atacados

Healthcare (3) Hospitality and Tourism (1)

Sectores objetivo (SOCRadar)

Other Information ServicesHospitalsEnterprises & HoldingAccommodationManufacturingWholesale TradeRestaurantsEducational ServicesAircraft ManufacturingAutomotive