Helldown
Compare
Parsing: enabled
Description
Helldown is an emerging ransomware group first identified in August 2024, known for its fast-evolving and cross-platform threat capabilities. It exploits critical vulnerabilities—most notably CVE-2024-42057 in Zyxel firewalls—for initial access and demonstrates modular design and anti-detection mechanisms. Helldown targets both Windows and Linux environments, including VMware and ESXi systems. It employs a double-extortion strategy: encrypting files with randomized extensions via executables like hellenc.exe, and threatening victims with data dump releases via its Tor-hosted leak site.
External Analysis4
| External Analysis |
|---|
| https://www.truesec.com/hub/blog/helldown-ransomware-group |
| https://blog.sekoia.io/helldown-ransomware-an-overview-of-this-emerging-threat |
| https://hivepro.com/threat-advisory/new-helldown-ransomware-a-growing-threat-across-cross-platform-systems |
| https://www.broadcom.com/support/security-center/protection-bulletin/helldown-ransomware |
Ransom notes1
Tox1
| Tox |
|---|
| 19A549A57160F384CF4E36EE1A24747ED99C623C48EA545F343296FB7092795D00875C94151E |
Urls4
| Url | ||||
|---|---|---|---|---|
| http://onyxcgfg4pjevvp5h34zvhaj45kbft3dg5r33j5vu3nyp7xic3vrzvad.onion/ | Down |
|
||
| http://onyxcym4mjilrsptk5uo2dhesbwntuban55mvww2olk5ygqafhu3i3yd.onion | Down |
|
||
| http://www.helldown.org | Up |
|
||
| http://onyxcb44xvqra35m3lp3z26kf2pxrlbn64nbzvyvzjyc3uykzrwcjdid.onion | Down |
Activity (interactive) 32
Posts32
| Date | Title | Description | Screen |
|---|---|---|---|
| klinkamkurpark | klinik-am-kurpark.de | Screen | |
| hausdesstiftens.org | hausdesstiftens.org | Screen | |
| nightnurse.ch | www.nightnurse.ch | Screen | |
| fuelco | fuelco-us.com | Screen | |
| VALLEYFIRM | valleyfirm.com | Screen | |
| children | generaldentistryforchildren.com | Screen | |
| knoxlawcenter | www.knoxlawcenter.com | Screen | |
| AMERICANVENTURE | americanventures.com | Screen | |
| CSIKBS | www.csikitchenandbath.com | Screen | |
| SANJACINTOCOUNY | www.co.san-jacinto.tx.us | Screen | |
| compassfs | www.compassfs.net | Screen | |
| lacliniqueducoureur | lacliniqueducoureur.com | Screen | |
| TIVOLI-33 | tivoli-33.org | Screen | |
| qualiform.cz | www.qualiform.cz | Screen | |
| SMARTS-ENGINEER | www.smarts-engineering.de | Screen | |
| HBGJEWISHCOMMUN | www.jewishharrisburg.org | Screen | |
| cincinnatipainphysicians | www.cincinnatipainphysicians.com | Screen | |
| BARRYAVEPLATING | Here's something encrypted, password is required to continue reading. | Screen | |
| RSK-IMMOBILIEN | Here's something encrypted, password is required to continue reading. | Screen | |
| Khonaysser | Here's something encrypted, password is required to continue reading. | Screen | |
| kbo | Here's something encrypted, password is required to continue reading. | Screen | |
| zyxel | Zyxel.eu | Screen | |
| hugwi | hugwi.ch | Screen | |
| deganis | deganis.fr | Screen | |
| SCHLATTNER | SCHLATTNER.de | Screen | |
| XPERT | XPERT Business Solutions GmbH | Screen | |
| MyFreightWorld | MyFreightWorld | Screen | |
| cbmm | cbmm.org | Screen | |
| ATP | AZIENDA TRASPORTI PUBBLICI S.P.A. | Screen | |
| briju | briju.pl | Screen | |
| vindix | vindix.pl | Screen | |
| Albatros | Albatros S.r.l. | Screen |
