IceFire is a ransomware group that first emerged in March 2022. Initially focusing on Windows systems, the group evolved its attack capabilities to include Linux systems by early 2023, marking a significant shift in its operational model. This adaptability allows IceFire to target a broader range of enterprise networks, particularly critical servers. The group's primary motivation is financial gain, achieved through a double extortion model where sensitive data is exfiltrated before encryption, and then threatened with public release if the ransom is not paid. IceFire distinguishes itself by strategically avoiding the encryption of critical system files to ensure the compromised system remains operational, thereby increasing the pressure on victims to comply with ransom demands. They communicate with victims via a Tor-based payment portal, providing unique credentials for interaction. IceFire aligns with "big-game hunting" ransomware families, consistently targeting large enterprises w

Paises afectados

Sectores atacados

URLs nuevas detectadas en IntelTracker