LichDark Active
Ransomware group first observed in 2022. Uses Cloudflare Tunnel for deployment.3
Total Victims
2022-12-01
First Seen
2026-03-07
Last Seen
0
Known TTPs
28.3d
Avg Delay
0
Negotiations
ONION URLS
li6crovvktofqpwn2u7zlar35qpl7ikpf2wughb4cyizbjykrvrbegvg.onion
TOOLS
Cloudflare Tunnel
ScreenConnect
Rubeus
net.exe
FILE EXTENSIONS
.hack
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| 2026-03-07 | Guardian Holdings | United Kingdom | Healthcare | Published |
| 2026-03-06 | Vector Global | Greece | Healthcare | Published |
| 2026-03-06 | Digital Labs | Denmark | Logistics | Published |
No TTPs data
No YARA rules
No IoCs
No ransom notes