J is a ransomware/extortion threat actor referenced in 2025 reporting as part of the broader fragmentation of the ransomware ecosystem into smaller, rapidly emerging groups. The actor is described as being better understood through victimology rather than technical writeups, and in some cases functioning primarily as a leak-site identity rather than a stable, consistently identifiable malware family. In 2025, J is specifically cited among “new ransomware groups” that relied on data theft and leak-based extortion without deploying ransomware lockers (i.e., extortion-only operations). Separately, a related/associated strain referred to as “J-Ransom” is described as using the file extension “.LoveYou,” with one publicly indexed sample associated with MD5 4924B945CFDC5BFECE03F5140A546384.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Poorly-defined ransomware actor/label; may function more as a leak-site identity/brand or reused label rather than a stable, well-documented single group.
'J' is a ransomware actor or group that, in 2025, focused on data theft and extortion via public leaks, without using ransomware encryption.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.