Obscura

Obscura is a ransomware group/ransomware variant first identified in reporting as an emerging group in September 2025 and later described as one of a proliferation of smaller, short-lived ransomware crews operating under the radar. Reporting cited in the content places Obscura among new ransomware groups alongside Yurei, The Gentlemen, and Radar, and also lists it among ransomware variants that emerged in September 2024. Public victim claims mentioned in the content include MeamarGroup, WZV Warndt, Plazadental, HeavenlyDental, The Fixing Company, Rulmaksan Makina, and RelationsMedia A/S. The content associates Obscura with ransomware operations and extortion activity, including public victim posting on leak sites. It is specifically noted as having a serious encryption implementation flaw: files larger than 1 GB can become permanently unrecoverable regardless of payment because, according to Coveware reporting cited in the content, the malware fails to write the encrypted temporary key to the file footer for large files. The content also notes that proof-of-life decryption tests may miss this defect because they rarely include large files. Tradecraft referenced in the content includes use of Bring Your Own Vulnerable Driver (BYOVD) methodology; Obscura is explicitly named as one of the ransomware groups observed using this approach. Sector reporting in the content states that Obscura showed one of the highest levels of focus on the energy and utilities industry among ransomware groups with meaningful victim counts, accounting for 27% in the cited comparison. No nation-state attribution is provided in the content. Known alias provided in the content: obscura.