AndromedaForce Active

Ransomware group first observed in 2025. Uses Atera for deployment.
PDF Report Back to Groups
1
Total Victims
2025-12-01
First Seen
2026-03-07
Last Seen
6
Known TTPs
31.4d
Avg Delay
0
Negotiations
ONION URLS
by64jotjszy4sorumdzjaei346en4zqxjfg2ckb6d6kdokojnkpmxo2h.onion
TOOLS
Atera WinSCP PowerShell Empire ScreenConnect PsExec
FILE EXTENSIONS
.dead
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
2026-03-07 Vertex Group United States Retail Negotiating
Technique ID Technique Name Tactic
T1071.001 Web Protocols Command and Control
T1562.009 Safe Mode Boot Defense Evasion
T1049 System Network Connections Discovery Discovery
T1087 Account Discovery Discovery
T1047 Windows Management Instrumentation Execution
T1189 Drive-by Compromise Initial Access

No YARA rules

No IoCs

No ransom notes