Ransomware Group

ShadowBit

Also known as: ShadowCrypt, DarkBit

Status: active • First seen 2024-0480+ known victims

ShadowBit combines ransomware attacks with political messages. They started as hacktivists but now demand money too. They mostly target companies in the Middle East and Asia.

Overview

ShadowBit is a ransomware operation targeting organizations in the Middle East and Asia with politically motivated messaging alongside financial demands. They have hacktivist origins.

Target Industries

Government, Energy, Finance, Technology

How They Attack

  • Wiper functionality
  • Hacktivist messaging
  • Supply chain
  • Double extortion

Notable Victims

Government agencies (2024), Energy companies (2025)

Is your business exposed?

How to Protect Against ShadowBit

  1. 1.

    Maintain air-gapped backups

  2. 2.

    Implement supply chain security controls

  3. 3.

    Monitor for wiper malware indicators

MITRE ATT&CK Techniques

T1485, T1486, T1195, T1567

Related Groups

Pink Sandstorm, Agrius

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices