Ransomware Group

Vortex

Also known as: VortexLocker, VX-Ransom

Status: active • First seen 2024-0375+ known victims

Vortex hackers are patient and sneaky. They break into big companies and quietly look around for weeks before locking everything up. They use the company own tools to avoid detection.

Overview

Vortex is a sophisticated ransomware operation that targets enterprise environments using living-off-the-land techniques and custom tooling. They are known for patient operations lasting weeks before encryption.

Target Industries

Finance, Technology, Critical Infrastructure, Energy

How They Attack

  • Living off the land
  • Extended dwell time
  • AD exploitation
  • Triple extortion

Notable Victims

Major financial institutions (2024), Energy companies (2025)

Is your business exposed?

How to Protect Against Vortex

  1. 1.

    Implement behavior-based detection

  2. 2.

    Monitor for suspicious PowerShell activity

  3. 3.

    Segment Active Directory administration

MITRE ATT&CK Techniques

T1059.001, T1021.002, T1486, T1567.002

Related Groups

Black Basta, Royal

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices