RANSOMWARE OPERATION💰 FINANCIAL

j group

3
victims
1
aliases

Intelligence Profile

j group — tracked by MISP Galaxy (ransomware).

Threat Analysis

j group is a ransomware operation that deploys encryption-based extortion against organizations globally. This group maintains a data leak site (DLS) to pressure victims into paying ransom demands.

Financially motivated threat actors like j group prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

Ransomware Victims (3)

CTIWATCH tracks 3 organizations claimed as victims by j group on its data leak site, with attack dates, sectors and countries.

View full victims list →

External References

Quick Facts

TypeRansomware Operation
Motivation💰 financial
Aliases1

Also Known As

j group

DLS Infrastructure

○ OFFLINEtwniiyed6mydtbe64i5mdl56nihl7atfaqtpww6gqyaiohgc75apzpad.onion
○ OFFLINEw4d5aqmdxkcsc2xwcz7w7jo6wdmvmakgy3y6mfmdtzmyvxe77cjkfbad.onion
● ONLINEshare.jtor.xyz

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.