Skip to content
Ransomware group

Blackout

Blackout is identified in the provided content as a ransomware group active from late February 2024.

Profile source: Mallory opens in a new tab

Blackout

Family profile

Blackout is identified in the provided content as a ransomware group active from late February 2024. It initially claimed on its leak site to have attacked healthcare entities in Canada, France, and Germany, and later targeted companies in Mexico and Croatia. The content places Blackout within broader 2024 ransomware activity affecting industrial and other sectors, but does not provide technical details on its malware family, encryption behavior, infection chain, or specific indicators of compromise. Separately, the content also references a distinct tool named Blackout RAT in the arsenal of the Iranian state-linked MuddyWater threat group (also known as Mango Sandstorm or TA450), indicating that the name Blackout may refer to both a ransomware operation and a remote administration tool in different contexts. High-confidence information directly provided supports Blackout as a ransomware actor targeting healthcare and other organizations across multiple countries in 2024.

Ransomware.live

Operational record

View group record ↗

Reporting

Research mentioning Blackout

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.