The Green Blood Group is an emerging ransomware operation first identified in early 2026 whose Go-based Windows payload uses ChaCha8 encryption and aggressively destroys backup and recovery options, targeting organizations in India, Senegal, Egypt, Colombia, and Belgium.
This group has 0 victims. The victim list API is currently responding slowly for this dataset. Country, sector, and infostealer breakdowns are not available at this time. Basic stats (victim count, first/last seen) are shown above from a faster data source.