Shadowbyt3$
| Active | RaaS
ShadowByt3$ is a ransomware-as-a-service group first observed in October 2025, using multi-method extortion and communicating via Telegram and Tox, with a very small confirmed victim list suggesting it remains in early-stage operation.
Victims
6
First Discovered
2026-02-25
victim
Last Discovered
2026-05-14
victim
Inactive Since
1
day
Avg Delay
8
days
Infostealer
40.0%
victims with domain
Countries
4
hit
Attack Velocity — Last 12 months
5 victims this month
Known Locations (3)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
Leaks | No | 2026-05-15T21:38:10 |
mfbbt65kir2drc7tuoukwibikgvxquauscnzgbeltkmidjtgqlzm2qad.onion
|
|||
|
ShadowByt3$ | No | 2026-04-28T07:28:57 |
shadowbyt3s.8bit.ca
|
|||
|
SB | DDOS SHIELD | Yes | 2026-05-15T21:37:55 | nginx |
52rtvdymcqvebbamd3la3wtu3ofrcuzuzja3vrsu6wiyrq223osptzqd.onion
|
Target
Top 5 Activity Sectors
- Education 3
- Technology 1
- Hospitality and Tourism 1
Top 5 Countries
-
United States
2
-
India
1
-
United Kingdom
1
-
Singapore
1
Heatmap
YARA Rules (1)
Victims (6)
Cloud-based school management and collaboration platform targeting educational institutes in India, …
Stride Learning Should've Paid the ransom. We were only asking $500,000 in bitcoin or monero it's no…
Amplify technology has been a victim of an attack. There project they were working on with the pakis…
ShadowByt3$ has breached University of Georgia. The full data is on are leak site. We stole approxim…
We are ShadowByt3$. We have claimed responsibility for hacking Hotelogix. They have been breached th…
