Tox
2 total389EFCEB8DB8143C000A0A70B6C44A0436761784760F23E2F43A421F48A45D72A4A22814F01157A9B30B2D9E5F692A100C8E264082FC5F9B8F445C47E7333CBBB04DBF42640085620A9FA795
D4rk4rmy is a ransomware-associated cybercriminal group that emerged publicly in 2024 and has been tracked as one of the newer entrants in the ransomware ecosystem.
Profile source: Mallory opens in a new tabD4rk4rmy
D4rk4rmy is a ransomware-associated cybercriminal group that emerged publicly in 2024 and has been tracked as one of the newer entrants in the ransomware ecosystem. The group is also referred to as d4rk_4rmy and D4rk 4rmy. Reporting links it to extortion activity conducted through public victim claims and leak-site style operations, indicating a financially motivated intrusion model centered on data theft and coercive disclosure.
Observed victim claims span multiple sectors, including higher education, finance, legal services, hospitality, and commercial enterprises. Publicly claimed targets have included organizations such as Loyola University Chicago, Bridgewater Associates, Vinson & Elkins, the University of Puerto Rico Rio Piedras Campus, and Monte-Carlo Société des Bains de Mer. This victimology suggests opportunistic targeting rather than a narrowly specialized vertical focus.
D4rk4rmy has been identified in ransomware trend reporting as a newly active group alongside other emerging crews, reflecting the continued fragmentation and rapid turnover of the ransomware landscape. It has been associated with dark-web forum activity as well, with members reportedly involved in managing DarkForums during its early period. That overlap indicates participation not only in extortion operations but also in the broader cybercriminal ecosystem that supports data trading, access brokerage, and underground collaboration.
There is no high-confidence public evidence in the available material tying D4rk4rmy to a specific nation-state sponsor. The group is best characterized as a criminal ransomware and extortion actor operating in the broader financially motivated underground.
Ransomware.live
Ransomware.live
389EFCEB8DB8143C000A0A70B6C44A0436761784760F23E2F43A421F48A45D72A4A22814F01157A9B30B2D9E5F692A100C8E264082FC5F9B8F445C47E7333CBBB04DBF42640085620A9FA795Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.