m3rx
Ransomware group profile
26Victims
63Impact score
Description
m3rx is a newly identified ransomware group that emerged in late April 2026, recognized for its rapid operational activity and deployment of a Go-based encryptor. It utilizes a double extortion model, encrypting files and threatening to release stolen data if ransom payments are not made.
Key insights
- •Employs a double extortion model with both data encryption and threat of public release of stolen data.
- •Utilizes a Go-based PE32+ x64 encryptor that renames files with a .8hmlsewu extension.
- •Demands payment in Bitcoin after negotiation while leveraging sensitive data exposure to press victims.
- •Erases its own traces by self-deletion through PowerShell post-execution.
- •Targets diverse sectors and countries, impacting organizations globally.
Threat Level & Status Breakdown
For m3rx · Based on incidents in selected period
1.9threat level
Aggressiveness5/ 10
Lethality0/ 10
Criticality0.6/ 10
Status Breakdown
Claimed88.5%23
First seenApr 2026
Last seenJun 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 18, 2026
Recent activity
Monthly attack count for m3rx in the selected period
26Total attacks
12peak in May
8.7avg / month
↓ 2 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for m3rx
- fa410423b2982a435bc488aa652a96c4fe65dad66313378ca7c14bec23697327
- 194086c3836c768a871d9998fccbed7ef73fcc5f3fbd541720b52205c774c735
- 34af56de4c2b7216ce832be471c791eb350248683cb91924eefdcfc67738f296
- 521b1bd3f30ca50eaee6f74718b97dbe8a49c245
- cdbe4aed37c98d67a005ef469e7e0586e0ff8973b91a8d577d320e67cf46b572
- fc18506bbbbe57fdcecaa424735705501480e6708b634457010a5cf6bdc42525
- 1c648500122bb140d0857c15e3af92a1a3f3084e9f7247c8c21fc406a384136f
- b09ece33ffe5efb1903526229595a8c74d983c731505bee09c2a005036c834b8
- 071e2e0087554d96bba6a4ab73d88cd0
- ce1a0de9338a3aeb622ebaf27d4b73def4fcdd203e684084b5da8280357c3b4f
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for m3rx
Other
T1486
T1486
T1490
T1490
T1071.001
T1071.001
T1041
T1041
T1562
T1562
T1080
T1080
T1059
T1059
T1021.001
T1021.001
T1547
T1547
T1027
T1027
Victims(26)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| maringoodman.com | maringoodman.com | US United States | Retail & E-Commerce | Claimed | 8 days ago | |
| suppcenter.global / suppcentersa.com | suppcenter.global | AR Argentina | Professional Services | Claimed | 8 days ago | |
| hbexperts-conseils.ca | hbexperts-conseils.ca | CA Canada | Professional Services | Claimed | 8 days ago | |
| werkstoff-service.de | werkstoff-service.de | DE Germany | Manufacturing | Claimed | 8 days ago | |
| fasadeconsult.no | fasadeconsult.no | NO Norway | Professional Services | Claimed | 8 days ago | |
| ktwhs.com | ktwhs.com | TW Taiwan | Transportation | Claimed | 8 days ago | |
| jichasa.com | jichasa.com | MX Mexico | Transportation | Claimed | 23 days ago | |
| dosocho.es | dosocho.es | ES Spain | Retail & E-Commerce | Claimed | about 1 month ago | |
| soft-inc.com | soft-inc.com | JP Japan | Technology | Claimed | about 1 month ago | |
| psbsementi.it | psbsementi.it | IT Italy | Other | Unknown | about 1 month ago | |
| grupo55.com | grupo55.com | ES Spain | Financial Services | Claimed | about 1 month ago | |
| pvdd.ca | pvdd.ca | CA Canada | Government & Defense | Claimed | about 1 month ago | |
| datasavior.com | datasavior.com | US United States | Technology | Claimed | about 1 month ago | |
| kbtoys.com.au | kbtoys.com.au | AU Australia | Retail & E-Commerce | Claimed | about 1 month ago | |
| alge-stop.dk | alge-stop.dk | DK Denmark | Retail & E-Commerce | Claimed | about 1 month ago | |
| emtco.com | emtco.com | US United States | Manufacturing | Claimed | about 2 months ago | |
| it-freitag.de | it-freitag.de | DE Germany | Technology | Claimed | about 2 months ago | |
| manateeair.com | manateeair.com | US United States | Transportation | Claimed | about 2 months ago | |
| dmschweiz.ch | dmschweiz.ch | CH Switzerland | Technology | Claimed | about 2 months ago | |
| anvilarts.org.uk | anvilarts.org.uk | GB United Kingdom | Hospitality | Claimed | about 2 months ago |
Page 1 of 2
Affected countries(18)
Countries where this group has been reported to target or leak victims.