The Spanish-language media conglomerate Albavisión is the latest declared victim of a new ransomware operation known as GLOBAL GROUP. The cybercriminal gang announced on its dark web leak site that it had breached the Miami-based company and exfiltrated 400 gigabytes of data. Following a common extortion model, GLOBAL GROUP has given Albavisión a 15-day ultimatum to initiate negotiations before the allegedly stolen information is published online, creating significant pressure on the media giant.
Active only since June 2025, GLOBAL GROUP has quickly established itself as a prolific threat in the cybersecurity landscape.
Operating on a Ransomware-as-a-Service (RaaS) model, the group has already listed 29 victims from various sectors worldwide, including media and healthcare. The gang has demonstrated its willingness to follow through on its threats, having already leaked the complete datasets of 18 victims who presumably failed to meet their demands. A previous incident revealed a ransom demand of 9.5 BTC, equivalent to approximately $1 million at the time.
A distinguishing feature of GLOBAL GROUP’s operation is its innovative use of technology in the extortion process. The gang employs an AI-driven negotiation tool that utilizes chatbots to communicate with its victims. This advanced system is particularly designed to overcome language barriers, facilitating negotiations with victims who are not fluent in English, which broadens the scope of their potential targets and streamlines their extortion efforts.
The selection of Albavisión as a target appears to be a strategic decision by the ransomware group.
As a multinational media powerhouse, Albavisión has an extensive presence across 14 to 15 countries in Latin America, controlling 45 television channels, 68 radio stations, and numerous other media assets.
This attack underscores the escalating and evolving nature of cyber threats faced by organizations globally. GLOBAL GROUP represents a new wave of ransomware gangs using sophisticated tactics, while other established threat actors are also shifting towards ransomware. This incident serves as a stark reminder for all businesses to continually reassess and enhance their security strategies to defend against increasingly advanced and persistent cybercriminal operations.
Reference:
