Blackout
Blackout is identified in the provided content as a ransomware group active from late February 2024.
Profile source: Mallory opens in a new tabBlackout
Family profile
Blackout is identified in the provided content as a ransomware group active from late February 2024. It initially claimed on its leak site to have attacked healthcare entities in Canada, France, and Germany, and later targeted companies in Mexico and Croatia. The content places Blackout within broader 2024 ransomware activity affecting industrial and other sectors, but does not provide technical details on its malware family, encryption behavior, infection chain, or specific indicators of compromise. Separately, the content also references a distinct tool named Blackout RAT in the arsenal of the Iranian state-linked MuddyWater threat group (also known as Mango Sandstorm or TA450), indicating that the name Blackout may refer to both a ransomware operation and a remote administration tool in different contexts. High-confidence information directly provided supports Blackout as a ransomware actor targeting healthcare and other organizations across multiple countries in 2024.
Ransomware.live
Operational record
Reporting
Research mentioning Blackout
Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks
Some of the other notable tools in its arsenal include a Blackout, a remote administration tool (RAT)...
OT Ransomware Trends: Q2 2025 Analysis & Insights | Dragos
“...Blackout… Each accounted for 1 incident…”
Ransomware Review: First Half of 2024
The Blackout ransomware group was first active in late February 2024 and initially claimed on their leak site to have attacked healthcare entities in Canada, France and Germany.