Skip to content
Ransomware group

Thegreenbloodgroup

The Green Blood Group is an emerging ransomware operation first identified in early 2026 whose Go-based Windows payload uses ChaCha8 encryption and aggressively destroys backup and recovery options, targeting organizations in India, Senegal, Egypt, Colombia, and Belgium.

Profile source: Ransomware.live opens in a new tab

Thegreenbloodgroup

Family profile

The Green Blood Group is an emerging ransomware operation first identified in early 2026 whose Go-based Windows payload uses ChaCha8 encryption and aggressively destroys backup and recovery options, targeting organizations in India, Senegal, Egypt, Colombia, and Belgium.

Ransomware.live

Operational record

View group record ↗

Ransomware.live

Published indicators

Full source record ↗

Tox

1 total
  • F97A512AA18917444315510B107AB8B46166CAC4E79DB76B849FFE48A67A4B621AB7CC9A1EFB

Email

1 total
  • thegreenblood@onionmail.org

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.