Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Helldown

Helldown is an aggressive ransomware group first documented in August 2024, known for exploiting Zyxel firewall vulnerabilities to gain initial access and conducting large-scale data exfiltration averaging 70 GB per victim, targeting IT services, telecommunications, manufacturing, and healthcare primarily in the US.

Victims
36
 
First Discovered
2024-08-13
victim
Last Discovered
2024-11-06
victim
Inactive Since
1yr
more than
Avg Delay
15.7
days
Infostealer
11.1%
victims with domain
Countries
17
hit
View Victims on World Map View Group Statistics
Known Locations (2)
Favicon Title Type Available Last Visit Server Info FQDN
favicon Helldown Leaks No 2026-04-28T07:24:04 onyxcgfg4pjevvp5h34zvhaj45kbft3dg5r33j5vu3nyp7xic3vrzvad.onion
favicon Helldown Leaks No 2026-04-28T07:26:40 onyxcym4mjilrsptk5uo2dhesbwntuban55mvww2olk5ygqafhu3i3yd.onion
Target
Top 5 Activity Sectors
  • Business Services 9
  • Healthcare 6
  • Manufacturing 4
  • Energy 3
  • Consumer Services 3
Top 5 Countries
  • US flag United States 9
  • DE flag Germany 4
  • IT flag Italy 3
  • CH flag Switzerland 2
  • FR flag France 2
Heatmap
Ransom Notes (1)
Tools Used
This information is provided by Ransomware-Tool-Matrix
Discovery RMM Tools Defense Evasion Credential Theft OffSec Networking LOLBAS Exfiltration
Advanced Port Scanner
TeamViewer
HRSword
Mimikatz
PsExec
YARA Rules (1)
Indicators of Compromise (IoCs) (2)
Email 1 tox 1
Type IOC
Email helldown@onionmail.org
tox 19A549A57160F384CF4E36EE1A24747ED99C623C48EA545F343296FB7092795D00875C94151E
Victims (36)
Logo
klinkamkurpark DE
Helldown
Discovered: 2024-11-06 (1y ago)
klinik-am-kurpark.de…
Logo
hausdesstiftens.org DE
Helldown
Discovered: 2024-11-06 (1y ago)  ·  Attack est.: 2024-10-08
hausdesstiftens.org…
Logo
nightnurse.ch CH
Helldown
Discovered: 2024-11-06 (1y ago)  ·  Attack est.: 2024-09-13
www.nightnurse.ch…
Logo
fuelco
Helldown
Discovered: 2024-11-06 (1y ago)  ·  Attack est.: 2024-10-01
fuelco-us.com…
Logo
VALLEYFIRM HK
Helldown
Discovered: 2024-11-06 (1y ago)  ·  Attack est.: 2024-10-11
valleyfirm.com…
Logo
children IN
Helldown
Discovered: 2024-11-06 (1y ago)  ·  Attack est.: 2024-10-12
generaldentistryforchildren.com…
Logo
knoxlawcenter US
Helldown
Discovered: 2024-11-06 (1y ago)  ·  Attack est.: 2024-10-10
www.knoxlawcenter.com…
Logo
AMERICANVENTURE US
Helldown
Discovered: 2024-11-06 (1y ago)
americanventures.com…
Logo
CSIKBS JP
Helldown
Discovered: 2024-11-06 (1y ago)
www.csikitchenandbath.com…
Logo
SANJACINTOCOUNY US
Helldown
Discovered: 2024-11-06 (1y ago)  ·  Attack est.: 2024-10-11
www.co.san-jacinto.tx.us…
Logo
compassfs US
Helldown
Discovered: 2024-11-06 (1y ago)  ·  Attack est.: 2024-10-11
www.compassfs.net…
Logo
lacliniqueducoureur CA
Helldown
Discovered: 2024-11-06 (1y ago)  ·  Attack est.: 2024-10-25
lacliniqueducoureur.com…
Logo
TIVOLI-33 FR
Helldown
Discovered: 2024-11-06 (1y ago)  ·  Attack est.: 2024-10-23
tivoli-33.org…
Logo
qualiform.cz CZ
Helldown
Discovered: 2024-11-06 (1y ago)  ·  Attack est.: 2024-10-22
www.qualiform.cz…
Logo
SMARTS-ENGINEER RU
Helldown
Discovered: 2024-11-06 (1y ago)  ·  Attack est.: 2024-10-28
www.smarts-engineering.de…
Logo
HBGJEWISHCOMMUN US
Helldown
Discovered: 2024-08-24 (1y ago)
www.jewishharrisburg.org…
Logo
barryavenueplating US
Helldown
Discovered: 2024-08-23 (1y ago)
www.barryavenueplating.com…
Logo
cincinnatipainphysicians US
Helldown
Discovered: 2024-08-22 (1y ago)  ·  Attack est.: 2024-08-21
www.cincinnatipainphysicians.com…
Logo
kbosecurity.co.uk GB
Helldown
Discovered: 2024-08-22 (1y ago)
kbosecurity.co.uk…
Logo
khonaysser.com LB
Helldown
Discovered: 2024-08-22 (1y ago)
khonaysser.com…
Logo
BARRYAVEPLATING US
Helldown
Discovered: 2024-08-21 (1y ago)
BARRYAVEPLATING…
Logo
RSK-IMMOBILIEN DE
Helldown
Discovered: 2024-08-21 (1y ago)
RSK-IMMOBILIEN…
Logo
ATP IT
Helldown
Discovered: 2024-08-20 (1y ago)
atpsassari.it…
Logo
Khonaysser LB
Helldown
Discovered: 2024-08-19 (1y ago)
Khonaysser…
Logo
kbo GB
Helldown
Discovered: 2024-08-18 (1y ago)
Here's something encrypted, password is required to continue reading.…
Logo
zyxel NL
Helldown
Discovered: 2024-08-17 (1y ago)
Zyxel.eu is a European branch of Zyxel Communications Corporation, a global leader in networking sol…
Logo
hugwi CH
Helldown
Discovered: 2024-08-14 (1y ago)  ·  Attack est.: 2024-08-13
Hugwi.ch is a Swiss-based company specializing in providing cutting-edge digital solutions, with a f…
Logo
SCHLATTNER DE
Helldown
Discovered: 2024-08-13 (1y ago)
No description available
Logo
deganis FR
Helldown
Discovered: 2024-08-13 (1y ago)
No description available
Logo
XPERT Business Solutions GmbH AT
Helldown
Discovered: 2024-08-13 (1y ago)  ·  Attack est.: 2024-08-05
No description available
Logo
MyFreightWorld US
Helldown
Discovered: 2024-08-13 (1y ago)  ·  Attack est.: 2024-08-05
No description available
Logo
cbmm BR
Helldown
Discovered: 2024-08-13 (1y ago)  ·  Attack est.: 2024-08-09
No description available
Logo
AZIENDA TRASPORTI PUBBLICI S.P.A. IT
Helldown
Discovered: 2024-08-13 (1y ago)  ·  Attack est.: 2024-08-10
No description available
Logo
briju PL
Helldown
Discovered: 2024-08-13 (1y ago)  ·  Attack est.: 2024-08-11
No description available
Logo
vindix PL
Helldown
Discovered: 2024-08-13 (1y ago)  ·  Attack est.: 2024-08-11
No description available
Logo
Albatros IT
Helldown
Discovered: 2024-08-13 (1y ago)  ·  Attack est.: 2024-08-11
No description available