hellcat
1 incidentes
1 paises
1 sectores
ransomware JO Ultimo: 2026-06-25
Hellcat is a ransomware-as-a-service (RaaS) group that emerged in October 2024, with its individual members conducting attacks as early as Q3 2024 before forming collectively. The group's primary motivation is financial gain through data encryption and exfiltration. Hellcat distinguishes itself by its aggressive targeting of high-profile entities and a unique communication style, often incorporating humor and cultural references into its ransom notes to generate media attention and pressure victims. For instance, in one attack, the group demanded a ransom denominated as "baguettes," a humorous nod to the victim's French origin. Hellcat is strongly linked to the Morpheus ransomware group due to their nearly identical ransomware payloads, which atypically leave original file extensions intact after encryption, suggesting a shared codebase or builder application used by affiliates. The group was also originally known as "ICA Group." One of its alleged founders, "Pryx," claimed to be 17 ye
RansomLook pivots
Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.
Paises afectados
Paises objetivo (SOCRadar)
Barbados
Switzerland
China
Germany
Spain
France
United Kingdom
Indonesia
Israel
India
SwitzerlandChinaGermanySpainFranceUnited KingdomIndonesiaIsraelIndiaSectores atacados
Government (1)
Sectores objetivo (SOCRadar)
Other Information ServicesSoftware PublishersManufacturingPublic AdministrationOil & GasEducational ServicesInternet PublishingEnergy & Utilities InsurancePharmaceutical and Medicine Manufacturing