Listen to this Post
Introduction: A New Era of Cyber Threats
In the ever-evolving world of cybercrime, ransomware continues to dominate as one of the most disruptive and damaging attack strategies. As new threat actors emerge and established ones reshape their tactics, organizations face an increasingly hostile digital environment. One of the newest and most alarming entries to the ransomware-as-a-service (RaaS) landscape is a group called Global, which has made an aggressive debut with a well-equipped toolkit, enticing affiliate structure, and connections to infamous actors like \$\$\$ and BlackLock. This article dives deep into the rise of Global, its operational model, affiliations, and the broader ransomware trends observed in June 2025.
The Rise of Global RaaS: A 30-Line Analysis
In June 2025,
Global appears to be the product of the alias \$\$\$, a known cybercriminal figure associated with previous ransomware groups like Mamoma and BlackLock. Both groups had suffered defacements by DragonForce, a known cyber-disruptor, raising questions about potential infighting or turf disputes in the underground scene.
What makes Global stand out is its aggressive feature set: support for Windows, ESXi, and NAS systems, EDR evasion, partial encryption, self-deletion mechanisms, and an advanced affiliate panel with 24/7 support, a mobile version, AI-based help, and a negotiation console. The platform aims to cater to affiliates looking for an all-in-one ransomware toolkit with fewer technical barriers.
By comparison, BlackLock requires more operational sophistication from its affiliates and has a reputation for using code written in Go. Global’s approach is broader and more commercialized, offering affiliates up to 85% of earnings and eliminating upfront deposit requirements. This aggressive profit-sharing model lowers entry barriers and increases recruitment potential.
Geographically, Global has targeted entities in the United States, Great Britain, and Australia, signaling its ambition to target developed economies with higher ransomware payout rates. While no confirmed link to DragonForce has been established, any disruption to either BlackLock or Global could create cascading instability within this affiliate ecosystem.
The article also highlights that ransomware groups prefer targeting high-value sectors and developed nations. Bitdefender warns that while data from ransomware leak sites canāt always be verified, they still provide strong insight into the shifting dynamics of cybercrime networks. Organizations must remain alert and adapt quickly to these evolving threats.
What Undercode Say: Deep Dive Analysis on
A Commercial Approach to Cybercrime
Global’s launch is a textbook example of how RaaS platforms are maturing. With a business-centric model, Global isnāt just another malware group ā it operates more like a cyber startup, offering services, support, and scalability for its affiliates. By removing the deposit model and offering 85% of earnings, Global is effectively disrupting the affiliate recruitment game. This could attract less experienced cybercriminals who want a turnkey solution to enter the ransomware market.
RaaS Democratization
This model shows how ransomware is becoming accessible to the masses. Groups like Global lower technical barriers, offering services similar to SaaS products in the legitimate tech world. From EDR evasion to mobile access, these features allow bad actors to scale operations globally ā with minimal cyber know-how.
Global vs. BlackLock: A Tale of Two Tactics
BlackLock and Global, while possibly created by the same individual, represent two different strategic philosophies. BlackLock is quieter, targeted, and complex ā likely designed for more skilled operators. In contrast, Global is fast, flashy, and user-friendly, signaling an intent to scale rapidly through volume over precision.
International Impact
The fact that most victims are from wealthier nations like the US, UK, and Australia shows how these cybercriminals focus on return on investment. These countries tend to pay ransoms faster and store more valuable data, making them top targets for new ransomware groups.
DragonForce and Ecosystem Disruption
DragonForce’s previous actions against Mamoma and BlackLock complicate the picture. If they have infiltrated these groups, it raises the possibility of cyber espionage or sabotage within ransomware operations. Any future move by DragonForce could destabilize Global as well.
Strategic Implications for Organizations
Enterprises must understand that these arenāt just random attacks ā theyāre coordinated campaigns run like businesses. Security teams should track not only the tools used but also the economic incentives that drive the attackers. Threat intelligence must now consider cybercriminal affiliate marketing strategies, operational scalability, and underground brand-building efforts.
Indicators of Rapid Evolution
The pace at which Global has grown ā from zero to 16 victims in under a month ā is a stark indicator of how fast ransomware groups can evolve. Combined with enhanced support and AI-driven capabilities, Global may inspire a new wave of similar RaaS platforms that mimic its model.
ā Fact Checker Results
Global claimed 16 victims in June ā confirmed through open-source DLS analysis.
BlackLock and Global are tied to the same alias (\$\$\$) ā widely reported in cybersecurity research.
DragonForceās involvement in defacing BlackLock and Mamoma ā confirmed, but its stake in Global remains unverified.
š® Prediction
Ransomware-as-a-Service platforms will become increasingly productized, attracting non-technical affiliates with plug-and-play malware services. Globalās model will likely inspire copycats and competitors, leading to a surge in mid-tier cybercriminal activity by the end of 2025. Expect to see further integration of AI-driven automation, affiliate loyalty programs, and even tiered pricing models within underground ransomware platforms.
References:
Reported By: www.bitdefender.com
Extra Source Hub:
https://stackoverflow.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
