Close Menu
Cybercrime and Ransomware

Global Group RaaS Expands with AI-Powered Negotiation Tools

Staff WriterBy No Comments4 Mins Read6 Views

Fast Facts

  1. Emergence of GLOBAL GROUP: A new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP has been identified, targeting multiple sectors across Australia, Brazil, Europe, and the U.S. since June 2025, and is believed to be a rebranding of the BlackLock RaaS.

  2. Operational Tactics: The group relies on initial access brokers to infiltrate corporate networks by exploiting vulnerable edge appliances and using brute-force methods, allowing affiliates to focus on delivering payloads rather than initial breaches.

  3. Advanced Features: GLOBAL GROUP offers an affiliate panel with AI-driven negotiation tools and customizable payloads, boasting an enticing 85% revenue-sharing model to attract affiliates, enhancing its competitive edge in the RaaS market.

  4. Ransomware Landscape: Despite a 15% decline in overall ransomware victims from May to June 2025, geopolitical tensions and high-profile cyber attacks suggest an unstable environment, with 314 victims listed on leak sites in Q1 2025, a significant increase from previous quarters.

The Issue

Cybersecurity researchers have uncovered a new ransomware-as-a-service (RaaS) operation, known as GLOBAL GROUP, which has emerged as a formidable threat since its inception in June 2025. Targeting diverse sectors across Australia, Brazil, Europe, and the United States, this operation is thought to be a rebranding of the previously active BlackLock, itself an evolution of the Mamona ransomware scheme. The operation is helmed by a threat actor referred to as “$$$,” known for leveraging initial access brokers (IABs) to infiltrate corporate networks, particularly those in critical fields such as healthcare and industrial manufacturing. By creating pre-compromised entry points, GLOBAL GROUP streamlines its operations, allowing affiliates to focus on data exfiltration and ransomware deployment over network intrusion.

Arda Büyükkaya of EclecticIQ highlights that GLOBAL GROUP offers an innovative RaaS platform that incorporates AI-driven negotiation tools and customizable payload builders, enticing criminals with an impressive revenue-sharing model. As of mid-July 2025, the group has reportedly targeted 17 victims across various critical industries. The analysis of GLOBAL GROUP is timely, coinciding with a broader scrutiny of ransomware trends, as cybersecurity companies note a decline in overall ransomware activity juxtaposed with rising geopolitical tensions and sophisticated cyber threats.

Security Implications

The emergence of the GLOBAL GROUP ransomware-as-a-service operation poses a significant threat not only to its immediate victims in various sectors—such as healthcare, manufacturing, and legal services—but also to a broader ecosystem of businesses and organizations that could find themselves caught in the crossfire of cyber extortion. The sophisticated structure of GLOBAL GROUP, with its utilization of initial access brokers and AI-driven negotiation tools, creates a highly efficient model for attackers that can quickly scale and adapt, amplifying the risk of collateral damage across interconnected networks. This means that even entities outside the direct target list may face operational disruptions, reputational harm, increased regulatory scrutiny, and financial losses should their suppliers, partners, or clients fall victim to this cyber menace. As interconnected digital infrastructures become standard, the ripple effects of such breaches become increasingly pronounced, making robust cybersecurity measures and inter-organization communication crucial to mitigate these widespread risks.

Possible Action Plan

In the rapidly evolving landscape of Ransomware as a Service (RaaS), particularly concerning newly emerged global entities, the timeliness of remediation is paramount in safeguarding organizational integrity and resilience.

Mitigation Steps

  • Implement AI Systems
  • Strengthen Cyber Hygiene
  • Routine Vulnerability Assessments
  • Staff Training Programs
  • Incident Response Plans
  • Collaborative Information Sharing

NIST Guidance
NIST Cybersecurity Framework (CSF) emphasizes the necessity of continuous monitoring and adaptive strategies in response to evolving threats. For further details, refer to the NIST Special Publication (SP) 800-53, which outlines security and privacy controls in depth.

Continue Your Cyber Journey

Explore career growth and education via Careers & Learning, or dive into Compliance essentials.

Learn more about global cybersecurity standards through the NIST Cybersecurity Framework.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.