New Ransomware Group BlackFile Triggers Wave of Vishing Attacks

A new financially motivated hacker group known as BlackFile is linked to a wave of data theft and extortion attacks. Since February 2026, these attacks have specifically targeted companies in the retail and hospitality sectors. The group primarily employs vishing techniques to obtain sensitive information from employees. Vishing, a combination of voice and phishing, involves calling victims to persuade them to disclose confidential data. BlackFile has specialized in this method to gain access to internal systems and subsequently steal data.

The attacks have significantly increased in recent months, indicating a coordinated strategy by the group. The cybersecurity firm CyberGuard noted in its latest report that the number of vishing attacks rose by 45% in the first quarter of 2026 compared to the previous year. This increase is directly associated with the activities of BlackFile, which is characterized by its aggressive tactics. Analysts report that BlackFile targets not only large corporations but also smaller businesses, which are often less well-protected and therefore more vulnerable to such attacks.

The group has already conducted several successful attacks, during which it has seized sensitive customer data and internal information. The ransomware group uses the stolen data to make ransom demands. In many cases, they threaten to make the data public if the companies do not pay. This tactic has put significant pressure on the affected firms to respond quickly to avoid reputational damage. Authorities have reacted to the threat, warning companies to review and strengthen their security protocols.

Experts recommend conducting training for employees to educate them about the dangers of vishing and to train them in recognizing such attacks. The implementation of multi-factor authentication processes is also deemed necessary. The group BlackFile has quickly made a name for itself in cybercrime. Its ability to adapt to various target audiences and develop new techniques makes it a serious threat. The security community is closely monitoring the group's activities to develop appropriate countermeasures.

Investigations into BlackFile are ongoing, and there have already been initial successes in identifying members of the group. Authorities are working internationally to curb the group's activities and hold those responsible accountable. However, no concrete arrests have been reported so far. The security situation remains tense as companies continue to face the threat posed by BlackFile and similar groups.

The increase in vishing attacks shows that cybercrime is a growing problem that can have serious implications for the economy. According to CyberGuard, up to 30% of companies have been affected by a vishing attack in the past six months. The group BlackFile has established itself as one of the most active and dangerous hacker groups currently operating. Their methods and the associated risks require heightened vigilance and proactive measures from companies to protect themselves against such attacks.