mamona

Mamona was a short-lived ransomware rebrand attempted by the operator behind BlackLock RaaS in March 2025 that failed before reverting; as a standalone strain it operates entirely offline with no C2 communication, uses custom encryption, and targets Windows systems.