BlackNevas, also known as "Trial Recovery," emerged in November 2024 as a financially motivated ransomware group. It is a derivative of the Trigona ransomware family, focusing on double extortion by encrypting data and threatening public exposure of exfiltrated information. While not operating as a traditional Ransomware-as-a-Service (RaaS) model, BlackNevas functions independently, often partnering with other groups like Kill Security, Hunters International, DragonForce, Blackout, Embargo Team, and Mad Liberator to facilitate data leaks. A distinguishing characteristic of BlackNevas is its use of a "trial-recovery" naming convention for encrypted files of certain types (e.g., .doc, .jpg, .pdf) to demonstrate to victims that their data is recoverable. Furthermore, the group employs conditional runtime checks for file exclusion rather than relying on static exclusion lists, allowing for dynamic targeting while avoiding critical system files. They also offer to provide stolen data to com

Paises afectados

Sectores atacados

URLs nuevas detectadas en IntelTracker