DarkVault is a ransomware group that emerged in November 2023, known for its diverse cybercriminal activities extending beyond ransomware to include bomb threats, swatting, doxing, website defacing, malware creation, scams, spam, and various forms of fraud. The group operates by maintaining an .onion site where they list alleged victims and advertise their illegal services. DarkVault employs a double extortion model, encrypting victim systems and subsequently threatening to leak stolen data if ransom demands are not met. While some have speculated about a connection to the LockBit ransomware group due to similarities in their data leak site design, there is no concrete evidence to confirm this, and DarkVault is largely regarded as a copycat. The group claims German origin, though this is likely a diversion, and key actors associated with DarkVault include individuals known by the monikers "criminaldo" and "Neroces".

Paises afectados

Sectores atacados

URLs nuevas detectadas en IntelTracker