madliberator
1 incidentes
0 paises
1 sectores
ransomware Ultimo: 2026-06-25
Mad Liberator is a ransomware group that first emerged in mid-July 2024, notably around July 17. The group's primary motivation is financial gain achieved through data exfiltration and subsequent extortion by threatening to publish stolen information on a dedicated leak site. What distinguishes Mad Liberator is its reliance on social engineering tactics, specifically tricking victims into approving unsolicited AnyDesk remote access connections, and then employing a fake Windows update screen to maintain control and distract victims while data is exfiltrated. While primarily focused on data theft, there are indications they may occasionally use encryption and double extortion tactics. The group is distinct from the music artist Madlib, who also uses the alias "Mad Liberator".
RansomLook pivots
Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.
Paises objetivo (SOCRadar)
Belgium
Brazil
Canada
Switzerland
Germany
Spain
United Kingdom
ItalyKorea, Republic of
NetherlandsSectores atacados
Government (1)
Sectores objetivo (SOCRadar)
Other Information ServicesManufacturingConstructionPublic AdministrationEducational ServicesLegal ServicesJustice, Public Order, and Safety ActivitiesFamily Clothing StoresFreight Transportation ArrangementOffice Machinery and Equipment Rental and Leasing