onyx
Intelligence Profile
Onyx is a ransomware group first observed in April 2022, based on the Chaos ransomware builder, that is notably destructive — files larger than 2MB are overwritten with random data rather than encrypted, making recovery impossible even after ransom payment — claiming approximately 13 victims across six countries.
Threat Analysis
onyx is a ransomware operation that deploys encryption-based extortion against organizations globally. This group maintains a data leak site (DLS) to pressure victims into paying ransom demands.
Financially motivated threat actors like onyx prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
Ransomware Victims (28)
CTIWATCH tracks 28 organizations claimed as victims by onyx on its data leak site, with attack dates, sectors and countries.
View full victims list →