VortexFury Active
Ransomware group first observed in 2019. Uses SystemBC for deployment.1
Total Victims
2019-09-01
First Seen
2026-03-05
Last Seen
15
Known TTPs
14.1d
Avg Delay
0
Negotiations
ONION URLS
6byxaxeirhqpkwx6iygp2bd2ae26fgl4yoo3fimdaleetg5ytw77auny.onion
TOOLS
SystemBC
PowerShell Empire
MegaSync
FileZilla
FILE EXTENSIONS
.help
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| 2026-03-05 | Coastal Capital | Canada | Government | Published |
| Technique ID | Technique Name | Tactic |
|---|---|---|
| T1005 | Data from Local System | Collection |
| T1074.001 | Local Data Staging | Collection |
| T1071.001 | Web Protocols | Command and Control |
| T1105 | Ingress Tool Transfer | Command and Control |
| T1573.002 | Asymmetric Cryptography | Command and Control |
| T1558.003 | Kerberoasting | Credential Access |
| T1036.005 | Match Legitimate Name or Location | Defense Evasion |
| T1070.004 | File Deletion | Defense Evasion |
| T1562.001 | Disable or Modify Tools | Defense Evasion |
| T1087 | Account Discovery | Discovery |
| T1485 | Data Destruction | Impact |
| T1078 | Valid Accounts | Initial Access |
| T1195.002 | Compromise Software Supply Chain | Initial Access |
| T1021.002 | SMB/Windows Admin Shares | Lateral Movement |
| T1098 | Account Manipulation | Persistence |
No YARA rules
No IoCs
No ransom notes