Benzona
| RaaS
Benzona is a financially motivated ransomware group that emerged in late 2024, targeting small to mid-sized organizations across manufacturing, healthcare, technology, and hospitality sectors using double-extortion tactics — encrypting files while exfiltrating data and threatening publication via a Tor-based leak site.
Extension(s): .benzona
Victims
14
First Discovered
2025-11-26
victim
Last Discovered
2026-01-30
victim
Inactive Since
105
days
Avg Delay
N/A
attack→claim
Infostealer
21.4%
victims with domain
Countries
8
hit
Attack Velocity — Last 12 months
Known Locations (2)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
Benzona Ransomware | Yes | 2026-05-15T02:47:55 | nginx 1.29.4 |
benzona6x5ggng3hx52h4mak5sgx5vukrdlrrd3of54g2uppqog2joyd.onion
|
||
|
Support Chat | No | 2026-05-15T02:47:14 |
rwsu75mtgj5oiz3alkfpnxnopcbiqed6wllyoffpuruuu6my6imjzuqd.onion
|
Target
Top 5 Activity Sectors
- Healthcare 3
- Manufacturing 2
- Hospitality and Tourism 1
- Technology 1
- Consumer Services 1
Top 5 Countries
-
Romania
4
-
Guatemala
1
-
France
1
-
Tanzania, United Republic of
1
-
Iran, Islamic Republic of
1
Heatmap
Ransom Notes (1)
YARA Rules (1)
Indicators of Compromise (IoCs) (4)
Hash MD5
1
Hash SHA256
1
IP Address
1
tox
1
Victims (14)
[AI generated] "Casamedica.com.gt" is a Guatemala-based company that provides a range of medical equ…
[AI generated] The Empreinte Hotel is a luxury establishment located in Orleans, France. This 4-star…
[AI generated] PlatinumOne.in is a company based in India that provides outsourced sales force servi…
[AI generated] "SUNNYGO.COM.TW" is an online retailer based in Taiwan. The company specializes in th…
