Session
1 total0532b290d16a48f8f81dc1a41c0840145aede477af674c56e6599507aa7f27933c
Global, also referred to as GLOBAL GROUP, is a ransomware family/group publicly introduced on Ramp4u in June 2025 and tied in reporting to earlier brands Mamona and BlackLock.
Profile source: Mallory opens in a new tabGlobal
Global, also referred to as GLOBAL GROUP, is a ransomware family/group publicly introduced on Ramp4u in June 2025 and tied in reporting to earlier brands Mamona and BlackLock. Reporting describes it as a cross-platform ransomware operation with support for Windows, Linux, and VMware ESXi. One cited early sample is associated with the mutex string "Global\\Fxo16jmdgujs437". In January 2026, a ransomware strain resembling the Global family was reportedly deployed via Phorpiex against devices in China, using a public IP-lookup API to verify the target’s location before dropping the payload; a follow-on campaign reportedly expanded to 21 countries including the United States, United Kingdom, Germany, and France. The provided content does not include additional high-confidence details on encryption behavior, ransom note naming, or specific victim sectors for Global itself.
Ransomware.live
Ransomware.live
0532b290d16a48f8f81dc1a41c0840145aede477af674c56e6599507aa7f27933cReporting
Then in January 2026, a strain resembling the Global ransomware family was deployed against devices in China, using a public IP-lookup API to verify the target’s location before dropping the payload.
“Global stands out for its emphasis on cross-platform capability — including support for Linux and ESXi alongside Windows… tied to earlier brands (Mamona / BlackLock).”
“Gunra, Global, Data Leak: Each accounted for 7 incidents…”
Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.