GLOBAL GROUP is a ransomware-as-a-service operation that has begun targeting diverse sectors in Australia, Brazil, Europe, and the United States since June 2025. It is connected to a threat actor known as '$$$,' who also managed previous RaaS schemes. The operation appears to be a rebranding of BlackLock, which was itself a rebrand of Eldorado. This group uses initial access brokers to exploit vulnerabilities in network appliances. An affiliate model offers a revenue-sharing system, enticing new participants with tools for managing ransomware operations.
GLOBAL GROUP has emerged as a ransomware-as-a-service operation targeting sectors in Australia, Brazil, Europe, and the United States since early June 2025.
The group is believed to be a rebranding of BlackLock, which itself was a rebrand of the Eldorado scheme after its data leak site was attacked.
The operation heavily relies on initial access brokers to target vulnerable edge appliances and employs brute-force utilities for Microsoft Outlook and RDWeb.
GLOBAL GROUP offers a negotiation portal and affiliate panel, allowing cybercriminals to manage victims, create ransomware payloads, and monitor their operations.
Collection
[
|
...
]