Mamona is a commodity ransomware strain that emerged in March 2025 with the public leak of its builder tool, subsequently becoming more widely adopted by cybercriminals. Initially used by affiliates of the BlackLock group, its operations were later taken over by the DragonForce group, which rebranded and enhanced activities under the Mamona banner following BlackLock's dismantling. This threat actor's primary motivation is financial, achieved through encrypting victim files and demanding ransom. Mamona distinguishes itself by operating entirely offline without relying on command-and-control infrastructure or data exfiltration, employing a unique timing mechanism that utilizes the Windows ping command to 127.0.0.7, and using a custom-built cryptographic algorithm for encryption instead of standard libraries. This builder-based model lowers the entry barrier, allowing less technical cybercriminals to launch attacks. While the ransomware's ransom note falsely claims data theft, analysis c

URLs nuevas detectadas en IntelTracker