RANSOMWARE OPERATION💰 FINANCIAL
blackout
Limited data
Intelligence Profile
Blackout is a ransomware group that first appeared in early 2024, initially claiming attacks against healthcare entities in Canada, France, and Germany before expanding to telecommunications, mining, and manufacturing sectors, operating a double-extortion model with a data leak site.
Threat Analysis
blackout is a ransomware operation that deploys encryption-based extortion against organizations globally. This group maintains a data leak site (DLS) to pressure victims into paying ransom demands.
Financially motivated threat actors like blackout prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
Intelligence Reports Mentioning blackout
Internet Starts to Return in Iran After 3-Month Blackout
Wired Security· May 26, 2026
In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking
SecurityWeek· May 22, 2026
Your Push Notifications Aren’t Safe From the FBI
Wired Security· Apr 11, 2026
Iranians Don’t Have a Missile Alert System, So Volunteers Built Their Own Warning Map
Wired Security· Mar 25, 2026
Iran internet blackout reaches 6th day as rights groups call for end to digital shutdown
The Record· Mar 6, 2026
Quick Facts
TypeRansomware Operation
Motivation💰 financial
DLS Infrastructure
● ONLINEblack3gnkizshuynieigw6ejgpblb53mpasftzd6pydqpmq2vn2xf6yd.onion
● ONLINE4qyjonpyksc52bc3fsgfgedssqgo4a6vlfsjknqnkncbyl4layqkqjid.onion
● ONLINEao5oo2luy6avdfomyw7hcegmfl4let2g5bzjqjzch6b5rpdshmuvccad.onion
● ONLINEurey23jtg6z7xx3tiybmc4sgcim7dawiz2abl6crpup2lfobf7yb5wyd.onion
● ONLINEmu6se7h7qfwuqclr4cc6zy7qevod6gyk37aq5vwnayrtbx3qqycx2fyd.onion
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.