New BlackFile extortion group linked to surge of vishing attacks
Summary
A new financially motivated hacking group named BlackFile has been identified as being behind a recent surge in data theft and extortion attacks targeting the retail and hospitality sectors. These attacks, which began in February 2026, utilize vishing (voice phishing) tactics to compromise victims and steal their data.
IFF Assessment
The emergence of a new, active extortion group like BlackFile, utilizing sophisticated social engineering tactics, represents a direct threat to organizations.
Defender Context
Defenders should be aware of the emerging BlackFile group and their reliance on vishing. Organizations in the retail and hospitality sectors are at increased risk. Training employees to recognize and report vishing attempts is crucial, alongside implementing strong authentication and data exfiltration detection measures.