Blackshrantac Ransomware

Under attack by ransomware or suffering a cyber breach?

Speed is critical when facing a live cyber attack. If you believe you have been compromised by the Blackshrantac ransomware group or another threat actor, contact us immediately.

Under attack? Call us
Get in touch

About Blackshrantac ransomware group

The Blackshrantac ransomware group is a relatively obscure ransomware group with limited public reporting. Activity has been observed affecting small to medium-sized organisations across multiple industries, with no clear sector preference identified to date.

Blackshrantac appears financially motivated and relies on established ransomware techniques rather than bespoke malware development. There is little evidence of a mature affiliate structure or a formal ransomware-as-a-service programme, suggesting the group operates as a small, independent set of threat actors or as a short-lived campaign.

In several incidents, Blackshrantac has claimed responsibility for attacks by publishing victim details or issuing threatening communications following encryption. Public intelligence suggests the group emerged in late 2024, with additional activity identified into September 2025.

What we can help with:

  • Encrypted files & ransomware data recovery
  • Incident response and containment
  • Secure data restoration and system recovery
  • Use of ransomware decryption tools and data recovery software
  • Development of incident response plans and disaster recovery solutions
  • Post-incident reviews and security hardening

Request a call back

If your organisation has been infected with ransomware contact us immediately.

How Blackshrantac operators work

Initial access is most commonly achieved through exposed remote access services, exploitation of known vulnerabilities, or the reuse of compromised credentials obtained from previous incidents. In some cases, phishing emails containing malicious attachments or links have been used to deliver malware or trojans that enable access.

Once inside the network, attackers move quickly to deploy ransomware, often with minimal scanning, reconnaissance, or lateral movement. Encryption focuses on affected systems such as file servers, endpoints, and shared network drives, causing immediate disruption to business services.

Blackshrantac attacks are typically limited to file encryption and ransom demands rather than large-scale data theft. However, some incidents have involved data extortion tactics, with threats to publish stolen data if payment is not made.

We are equipped to deal with an attack from any ransomware group.

Don’t hesitate to contact us if you are under attack from a ransomware group not listed above. 

Under attack? Call us

Recognising a Blackshrantac attack

A Blackshrantac ransomware attack is usually identified by sudden file encryption, loss of access to files and systems, and ransom notes appearing across affected devices. Victims may experience disruption to network services shortly after the incident begins.

Administrators may also observe unauthorised access, exploitation of system flaws, or the presence of unfamiliar malware shortly before encryption. In some cases, victim organisations have reported follow-up messages threatening further action or public disclosure.

Why you must not interfere with your ransomware environment

If you discover a physical break-in at your offices, your first instinct would be to call the police; touch nothing and let them search for clues. Then, your focus would shift to restoring business operations.

A cyber-attack requires the same approach. Your digital environment is a CRIME SCENE. It is crucial to leave the environment untouched to allow for a forensic investigation.

This is not a task for your IT team or MSP. Digital Forensic specialists are available 24/7 to assist you, just like in a physical crime.

description Sector Date Discovered Attack Date Country Screenshot
[AI generated] "Cabinets 2000 Inc" is a US-based company specializing in creating high quality, affordable, and stylish cabinets for homes. With over 20 years of experience in the industry, they offer a variety of designs and finishes to meet diverse aesthetic preferences and functionality needs. This professional, reliable company caters to both the residential and commercial markets, striving for excellence in craftsmanship, design innovation, and durability. Manufacturing 20/01/2026 02:40 PM 15/10/2025 12:00 AM US View' rel='' target='_self'>View
[AI generated] "ETC Companies" is an American consulting company that specializes in providing solutions for employee benefits, HR technology, payroll, and risk management. The company aims to deliver customized programs, strategic planning, and relevant insights to help businesses in different fields efficiently manage their staff and employee services. It offers services like compliance reporting, compensation analysis, among others. Not Found 20/01/2026 02:39 PM 19/10/2025 12:00 AM View' rel='' target='_self'>View
[AI generated] N/A Healthcare 20/01/2026 02:39 PM 28/11/2025 12:00 AM View' rel='' target='_self'>View
[AI generated] N/A Manufacturing 20/01/2026 02:38 PM 20/12/2025 12:00 AM IN View' rel='' target='_self'>View
[AI generated] N/A Not Found 20/01/2026 02:38 PM 16/01/2026 12:00 AM GB View' rel='' target='_self'>View
[AI generated] N/A Public Sector 08/01/2026 02:51 AM 08/01/2026 02:51 AM View' rel='' target='_self'>View
[AI generated] N/A Manufacturing 08/01/2026 02:50 AM 08/01/2026 02:50 AM IN View' rel='' target='_self'>View
[AI generated] Agrícola Cerro Prieto is a Peruvian agricultural company, focused on the cultivation and exporting of a wide assortment of crops. Located in Chao, La Libertad, Peru, the enterprise is known for its cultivation of grapes, avocados, and asparagus among other products. Agrícola Cerro Prieto utilizes sophisticated irrigation systems and other technology to produce high-quality yields. Agriculture and Food Production 23/12/2025 05:41 PM 23/12/2025 05:40 PM PE View' rel='' target='_self'>View
[AI generated] Netstar Australia Pty Ltd is a technology-focused company specializing in the field of fleet and asset management. It offers customized fleet management solutions including GPS vehicle tracking and advanced reporting. With a strong commitment to innovation and customer service, Netstar aims to improve efficiency, productivity, and profitability for businesses. Based in Melbourne, the company serves a diverse range of sectors across Australia. Telecommunication 17/12/2025 04:49 PM 17/12/2025 04:48 PM AU View' rel='' target='_self'>View
[AI generated] N/A Not Found 15/12/2025 04:19 PM 15/12/2025 04:18 PM -
[AI generated] VFM Systems & Services (P) Ltd is an India-based company that specializes in Facilities Management Services. They offer a diverse range of services including property management, security, cleaning, maintenance, and compliance. The company is known for its comprehensive and cost-effective solutions that cater to the specific needs of various industries. They are dedicated to providing high-quality service using advanced technology and experienced professionals. Technology 14/12/2025 08:08 PM 14/12/2025 08:07 PM IN View' rel='' target='_self'>View
[AI generated] N/A Construction 29/11/2025 04:16 PM 29/11/2025 04:16 PM TR View' rel='' target='_self'>View
[AI generated] "Badan Pengelola Keuangan Haji" (BPKH) is an agency overseen by the Indonesian Government. Located in Jakarta, its primary responsibility is to handle and manage the finances related to the Hajj pilgrimage for Indonesian Muslims. Recognized by Law No.34 of 2014, BPKH is accountable for optimizing funds, managing risks and making sure every Hajj participant’s financial demands are met. Financial Services 29/11/2025 04:16 PM 29/11/2025 04:15 PM ID View' rel='' target='_self'>View
[AI generated] The "Superintendencia Nacional de Fiscalización Laboral" (SUNAFIL) is a Peruvian government agency responsible for promoting, supervising and enforcing labor rights. They assure compliance with labor and occupational health and safety standards. They also promote culture of formal employment through the provision of information to workers and employers, aiming to improve working conditions in Peru. Public Sector 21/11/2025 09:12 AM 21/11/2025 09:11 AM PE View' rel='' target='_self'>View
[AI generated] N/A Consumer Services 13/11/2025 01:46 AM 13/11/2025 01:45 AM IN View' rel='' target='_self'>View
[AI generated] Newgen DigitalWorks is an outsourced product development company that focuses on digital content. Its services range from content creation to distribution, assisted by the most advanced digital technologies. They specialize in offering end-to-end solutions tailored to the requirements of publishing, retail, and utility industries, among others. The company is based out of Chennai, India. Technology 13/11/2025 01:45 AM 13/11/2025 01:45 AM IN View' rel='' target='_self'>View
[AI generated] N/A Financial Services 13/11/2025 01:45 AM 13/11/2025 01:44 AM US View' rel='' target='_self'>View
[AI generated] "Carvimsa" or Corporacion Azucarera del Peru is a Peruvian company involved in the agro-industrial sector, specifically specializing in the production and commercialization of sugar, molasses, and alcohol. Their products are primarily for domestic consumption but they also export to other countries. The company's operations are integrated with farming, industrial, and commercial activities. Manufacturing 13/11/2025 01:44 AM 13/11/2025 01:44 AM PE View' rel='' target='_self'>View
[AI generated] N/A Not Found 13/11/2025 01:44 AM 13/11/2025 01:43 AM View' rel='' target='_self'>View
[AI generated] N/A Not Found 13/11/2025 01:43 AM 13/11/2025 01:43 AM View' rel='' target='_self'>View
[AI generated] CCI Tax Pros, Inc., based in Virginia, USA, is a consulting company that specializes in providing comprehensive tax and financial services to both businesses and individual clients. Their services range from personal tax planning, professional tax return preparation, and representation before tax authorities, to business tax management and strategic planning. Their team comprises of experienced accountants and financial advisors who strive to maximize their clients' savings and returns. Financial Services 31/10/2025 08:15 AM 31/10/2025 08:14 AM US View' rel='' target='_self'>View
[AI generated] N/A Not Found 31/10/2025 02:15 AM 31/10/2025 02:15 AM US -
[AI generated] CyPark Resources Berhad is a Malaysian company specializing in renewable energy, environmental engineering, and landscaping infrastructure. They engage in various large-scale projects dealing with solid waste management and renewable energy sources. Additionally, the company provides solutions like landfill construction, waste treatment technologies, and landscape services for various sectors. Energy 31/10/2025 01:21 AM 31/10/2025 01:21 AM MY View' rel='' target='_self'>View
[AI generated] TENAX Law Group, P.C. is a U.S.-based law firm that specializes in numerous sectors. Areas of practice include business law, estate planning & trusts, real estate law, civil litigation, among others. It is committed to providing high-quality legal services & personalized solutions to both individuals and businesses. Located in Point Richmond, California, they're renowned for maintaining professional and cost-effective legal solutions. Business Services 31/10/2025 01:21 AM 31/10/2025 01:20 AM US View' rel='' target='_self'>View
[AI generated] N/A Technology 30/10/2025 03:19 AM 30/10/2025 03:18 AM View' rel='' target='_self'>View
[AI generated] "Eligibility Tracking Calculators" (ETC) is a company that offers technological solutions for employee benefits management. It provides software applications that help employers, insurance brokers, and CPA firms to track and calculate their employee benefits eligibility efficiently. This assists organizations in adhering to various legal compliance requirements related to employee benefits. Technology 28/10/2025 09:14 PM 28/10/2025 09:14 PM US View' rel='' target='_self'>View
[AI generated] "Computer World W.L.L" is a reputable company located in the Kingdom of Bahrain. They specialize in providing IT products and services such as networking and data center solutions, cloud services, software development, and cybersecurity solutions. The company is known for addressing complex business challenges with innovative IT solutions, tailored to the unique needs of each client. They cater to various sectors, including government, education, hospitality, and healthcare. Technology 20/10/2025 04:19 PM 20/10/2025 04:18 PM QA View' rel='' target='_self'>View
[AI generated] "Cabinets 2000, LLC" is a business that manufactures and sells a diverse variety of cabinetry products. Based in Norwalk, California, it serves a range of customers primarily in the residential market. The company is committed to offering high quality, affordable cabinets. Products range from kitchen and bathroom cabinets, to office and storage solutions. Key attributes include design flexibility, on-time delivery and excellent customer service. Manufacturing 20/10/2025 02:50 PM 20/10/2025 02:50 PM US View' rel='' target='_self'>View
[AI generated] Al Ahly Leasing & Factoring Company is an Egyptian financial institution specializing in leasing and factoring services. It's a subsidiary of the National Bank of Egypt, the country's largest commercial bank. The company provides financing solutions for business equipment, machinery, and vehicles, plus it also offers accounts receivable management and finance facilities to boost business liquidity and growth. Financial Services 20/10/2025 02:50 PM 20/10/2025 02:49 PM EG View' rel='' target='_self'>View
[AI generated] "SK shieldus" is a technology company focused on mobile and web application security. They specialize in providing comprehensive security solutions by using Artificial Intelligence algorithms to identify and prevent potential threats. Their services include penetration testing, code review, and vulnerability assessments to help businesses secure their digital assets effectively. They also offer consulting services to help organizations establish and enforce robust security policies. Not Found 17/10/2025 03:21 AM 17/10/2025 03:20 AM KR View' rel='' target='_self'>View
[AI generated] "Gulf Warranties LLC" is a company based in Dubai, United Arab Emirates that provides a range of consumer-focused products. Their product line includes extended warranty programs and insurance for motor vehicles, gadgets, and home appliances. Their solutions cater to both individual and corporate clients, offering protection against unexpected repair costs. Not Found 16/10/2025 02:48 AM 16/10/2025 02:48 AM AE View' rel='' target='_self'>View
[AI generated] N/A Not Found 13/10/2025 10:13 AM 13/10/2025 10:13 AM TR View' rel='' target='_self'>View
[AI generated] Falco Electronics is a company that specializes in electronic components and manufacturing. This company is noted for its dedication to quality and efficiency, producing a range of electronic parts including resistors, capacitors, diodes, and more. Founded in 1991, Falco Electronics has vast experience within the electronics industry. It operates a manufacturing and distribution network that spans North and South America. Technology 10/10/2025 03:40 AM 10/10/2025 03:39 AM MX -
[AI generated] Standard Fiber is a global company specializing in designing and manufacturing bed and home textiles. They maintain key partnerships with manufacturers to provide products, such as bed sheets, comforters and pillows, to retail and hospitality industries. In addition to product development, it provides supply chain solutions and ensures quality control compliance. Established in 1998, Standard Fiber maintains offices in California, USA and Shanghai, China. Manufacturing 04/10/2025 04:39 PM 04/10/2025 04:38 PM US View' rel='' target='_self'>View
Not Found 02/10/2025 09:18 PM 02/10/2025 09:18 PM View' rel='' target='_self'>View
[AI generated] N/A Public Sector 29/09/2025 12:13 PM 29/09/2025 12:13 PM View' rel='' target='_self'>View
Manufacturing 26/09/2025 07:21 PM 26/09/2025 07:21 PM View' rel='' target='_self'>View
Not Found 26/09/2025 09:38 AM 26/09/2025 09:38 AM View' rel='' target='_self'>View
[AI generated] Altaş is a Turkey-based company that specializes in the production and export of automotive spare parts and components. The company offers a wide range of products, including parts for commercial and passenger vehicles, agricultural machinery and industrial equipment. Altaş is known for maintaining high quality standards and constantly evolving with technological advancements in the automotive industry. Not Found 20/09/2025 04:45 PM 20/09/2025 04:45 PM TR View' rel='' target='_self'>View
[AI generated] Klingelnberg India Pvt Ltd is a subsidiary of the global engineering company Klingelnberg Group. Located in India, the company specializes in the development and manufacture of precision technology, providing different industries with gear technology, gear tools, and automation systems. It is recognized for its innovation and quality in products and services, supporting sectors like aerospace, automotive, and energy. Manufacturing 20/09/2025 04:45 PM 20/09/2025 04:44 PM IN View' rel='' target='_self'>View
DATA SIZE : 2TB Not Found 18/09/2025 01:41 AM 18/09/2025 01:40 AM IN View' rel='' target='_self'>View
DATA SIZE : 2TB Not Found 17/09/2025 06:06 AM 17/09/2025 06:05 AM IN View' rel='' target='_self'>View
DATA SIZE : 600GB Not Found 17/09/2025 06:05 AM 17/09/2025 06:05 AM TR View' rel='' target='_self'>View
Known threat actors

Ransomware groups behind the attacks

Below is a breakdown of the most active ransomware groups and the variants driving their attacks.

Post breach actions

  • Call a NCSC Cyber Incident Response approved supplier Some NCSC providers will fund up to 48 hours of investigation into your incident.
  • Report the incident toReport Fraud
  • Locate your business continuity plan Work out what you can do without access to your systems and data.
  • Identify your business insurance contact details
Business woman contacting a Zensec ransomware recovery service

Who are we and what experience do we have in responding to cyber incidents?

We are accredited to ISO 27001 and recognised by the UK’s National Cyber Security Centre (NCSC).

We provide comprehensive cyber risk management services, with a core focus on Digital Forensics and Incident Response (DFIR). Our capabilities are driven by a 24/7 Security Operations Centre and a dedicated in-house intelligence team that delivers timely, actionable threat reporting.

With decades of collective cyber security experience, we have the expertise to assume operational ownership of your entire IT security architecture – simplifying and strengthening cyber security across your business.

As an Assured Service Provider for Cyber Incident Response (CIR) at the Standard Level. This accreditation demonstrates our ability to deliver high-assurance, effective support in response to a wide range of cyber threats.

Your NCSC-approved supplier is a specialist crime scene investigator who will:

  1. Isolate and preserve your environment for forensic investigation.
  2.  Identify where the data has been duplicated and issue a legal takedown order.
  3. Identify your data, application and systems restore points. These might be at different points in time and will need to be carefully restored and reconstructed in a pristine environment.
  4.  Liaise with your business insurance company and if needed, with the Police.
  5. Advise you on notifying your customers of your situation.
  6. Rebuild your systems, restore your data and get you back to full operation. Note: This process can take between 2 weeks – 2 months.

 

Working with us

Our response process

Our team are ransomware recovery specialists with a proven, streamlined approach to resolving incidents quickly and effectively.

Step 1: Triage

We deploy our incident response team the same day. From the first call, we begin onboarding, introduce key stakeholders, set communication schedules, and start gathering critical information to guide the response.

Step 2: Investigation

DFIR (Digital Forensic Incident Response) teams investigate breaches to identify vulnerabilities, attack vectors, and system impacts from ransomware such as Data Loss (PII). We deliver clear forensic insights to guide mitigation.

Step 3: Contain

Our onsite and remote teams act fast to stop the attack in its tracks. That includes isolating affected systems, removing malicious code, and putting protections in place to prevent further spread or damage.

Step 4: Remediate & Eradicate

Once contained, we work to fully eliminate the threat. This includes fixing exploited vulnerabilities, restoring systems to a secure state, and ensuring no traces of the attack remain.

Step 5: Recover

Our incident response teams help get your business back to normal. We restore access to systems, recover data, and ensure services are safe, stable, and functioning, with minimal downtime.

Step 6: Post Incident

We conduct a full review of the incident response and recovery efforts. Together we assess what happened, what worked, and what can be improved, helping you build stronger defences for the future.

Forensic analysis to drive recovery

Our process includes a thorough digital forensic analysis from step two where the output becomes a central component of business recovery. This is because understanding the attack is of critical importance:

  • Informing an initial infection date

  • The extent and spread of infection

  • Data exfiltration having an impact on regulatory positions

  • Ensuring that the attacker and any tooling or artefacts they leave behind are eradicated

It is critical that the analysis of digital evidence is carried out to an agreed plan.

Maximising early root cause discovery and legal leverage

The process is purpose-built to uncover the root cause as early as possible, which is essential to inform remediation / eradication and recovery as well as supporting a legal take-down case if this is applicable. A legal take-down means we can assist in the legal enforcement that stops the criminals from publishing the data, thus undermining the ransom notice.

Our Digital Forensic and Incident Response (DFIR) teams maintain consistent communication throughout. Dedicated Incident Managers and technical engineering leads provide updates during the Cyber Incident Response journey, utilising risk registers and working within change management processes, all from triage through to post-incident, delivering successful business recovery.

Key take aways

  • You will not be able to access your systems or data.
  • It is advised to disconnect from the internet and shut down your systems, including PCs, to prevent further infections.
  • Your Office 365 system might also be compromised, allowing the attackers to monitor your responses. Avoid communicating with individuals through your primary email or team systems.
  • Threat actors typically infiltrate your system at least 2-4 weeks before you become aware of the attack. Your data will have already been exfiltrated. If your system is encrypted, this was not an overnight event.
  • Ransom demands in the UK typically range from £500,000 to £3 million, with some sectors, like education, facing demands that exceed £5 million
  • Paying the ransom may violate financial sanctions, which is a criminal offence and could result in a custodial sentence or further financial penalties.
  • If your data is sold or published online, it puts your customers and staff at risk, potentially implicating you in a Data Protection breach.
  • You will need to submit a data takedown request to the initial location where the data was transferred.
  • Do not overwrite the encrypted data. It is crucial to determine when the infection began and where the data was sent.
  • Avoid rebuilding from the latest backup, as it is likely to be infected.

Why should I trust Zensec to do this work rather than my IT team?

A forensic analysis needs to be meticulous and a clean restore and recovery requires a wealth of experience not normally available in an in-house team who must provide a broader range of IT support skills:

Internal IT teams don’t have the necessary skill set to resolve security encryption issues themselves. 

IT teams may recover to the same position with indicators of compromise ready to do it again… which can lead to another breach.

Internal teams are pressured to restore business operations and may recover before forensic analysis even begins, potentially destroying the crime scene before completion.

Why choose us?
We can help

Frequently asked questions

Key information when you’re under pressure.

Blackshrantac ransomware is a malware strain operated by a small ransomware group that encrypts victim files and demands ransom payments in exchange for decryption. The group has been linked to a limited number of incidents rather than sustained large-scale campaigns.

Yes. The name Black Shrantac has appeared in some reporting and victim communications. Both names are understood to refer to the same ransomware group.

Netstar Australia has been referenced in public reporting and victim listings associated with Blackshrantac ransomware activity. This reference is based on claimed responsibility rather than confirmed attribution.

September 2025 has been cited in some intelligence reporting as a point at which additional Blackshrantac victims were published or added to public lists, indicating continued activity rather than a one-off incident.

In a Blackshrantac data extortion attack, the ransomware encrypts files and issues ransom demands. In some cases, attackers threaten to publish data or incident details if payment is not made, even where large-scale data theft has not been confirmed.

Dealing with a ransomware attack?
Our ransomware recovery service can help

Our expert team works quickly to contain the breach, recover your data, and restore your systems to full operation. We’ll guide you through every step of the recovery process and help strengthen your defences to prevent future attacks. Regain control with Zensec - trusted support when it matters most.

Contact us