The Green Blood Group emerged as a newly active ransomware operation in early 2026, distinguishing itself as a technically competent and professionally engineered threat rather than a rebrand of a legacy group. The group's primary motivation is financial gain through a double-extortion model, leveraging a dedicated Tor-based leak site where victim data is initially withheld and then publicly disclosed to exert negotiation pressure. Their operational strategy includes a unique staged data disclosure, allowing victims a fixed period to negotiate before their identities and stolen information are exposed. The group was active for approximately one month, from January to February 2026.

Paises afectados

URLs nuevas detectadas en IntelTracker