// group profile

obscura

Inactive

Obscura is a ransomware strain observed in 2025, written in Go and specifically targeting Windows domain controllers via the SYSVOL/NETLOGON share, using Curve25519 + XChaCha20 encryption with double-extortion tactics and a 10-day payment deadline.

Victims

Sites

Victims (33)

Live

Revoil

obscuraGreece

CleverPower

obscuraDenmark

Trend Import Export

obscuraRomania

[Redacted] #1927

obscuraThailand

STC Concrete Product

obscuraThailand

REDtone

obscuraMalaysia

cle**rp**er.eu

obscura

k*m**w.com

obscura

ACE Forwarding

obscuraUnited States

Startek Engineering Inc.

obscuraTaiwan

StanleyCo Malaysia

obscuraMalaysia

New Obscura 2.0!

obscura

New Toyo International Holdings Ltd

obscuraSingapore

Thompson Dorfman Sweatman

obscuraCanada

Federal Auto Holdings Berhad

obscuraMalaysia

Cape Dara Resort Pattaya

obscuraThailand

relationmedia.dk

obscuraDenmark

meamargroup.com

obscuraEgypt

plazadental.com

obscuraUnited States

heavenly-dental.com

obscuraUnited States

thefixingcompany.com

obscuraIreland

eastdesign.com.my

obscuraMalaysia

espectral.pt

obscuraPortugal

michigancityin.gov

obscuraUnited States

EAST Design Architect Sdn. Bhd

obscuraMalaysia

Known Leak Sites

obscurad3aphckihv7wptdxvdnl5emma6t3vikcf3c5oiiqndq6y6xad.onionDLS

Top Targeted Countries

United States6

Malaysia5

Thailand3

Denmark3

Egypt2

Activity

Total victims33

Countries affected14

Last seenNo recent activity

Explore

→

Ransomware NewsRelated articles

→

Check DecryptorsFree tools

→

Payment DataRansom tracking

→

MITRE ATT&CKTechniques

→

Live MapGlobal view

Source: ransomware.live|Refreshes every 5 min