helldown
1 incidentes
0 paises
1 sectores
ransomware Ultimo: 2026-06-25
Helldown is a ransomware group that emerged in August 2024. The group targets various sectors, including healthcare, IT services, telecommunications, manufacturing, museums, cargo transport, and network equipment manufacturers like Zyxel. Their operational model is characterized by 'living off the land' techniques, leveraging existing legitimate system tools rather than dedicated command-and-control frameworks. Helldown employs a double extortion strategy, exfiltrating sensitive data and threatening its publication if ransom demands are not met. The group has also expanded its focus to include Linux systems and VMware ESXi servers, and its Windows ransomware variant has been noted to share code similarities with LockBit3.0.
RansomLook pivots
Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.
Paises objetivo (SOCRadar)
Austria
Australia
Brazil
Canada
Switzerland
Czech Republic
Germany
Denmark
France
United KingdomSectores atacados
Healthcare (1)
Sectores objetivo (SOCRadar)
Construction of BuildingsFood ManufacturingOther Information ServicesRail TransportationSoftware PublishersReal EstateHospitalsAir TransportationManufacturingConstruction