The ransomware collective known as GLOBAL GROUP has claimed responsibility for a significant security breach at Albavisión, a prominent Spanish-language media conglomerate headquartered in Miami, Florida. According to the group, they have successfully extracted 400 GB of sensitive data from the company.
Having emerged in early June 2025, GLOBAL GROUP operates as a Ransomware-as-a-Service (RaaS) model, targeting various sectors worldwide, including media and healthcare. The breach of Albavisión marks the group’s 29th reported victim since its inception.
A notable feature of the GLOBAL GROUP operation is its deployment of an AI-based negotiation tool that utilizes chatbots to facilitate discussions with victims. This is particularly aimed at those who may have language barriers, such as non-English speakers.
The group announced on its dark web site that Albavisión has a 15-day window to initiate negotiations before the stolen data is publicly exposed. While the specific ransom amount remains undisclosed, a previous case involved a demand of 9.5 BTC, roughly equivalent to $1 million at the time of the incident.
Upon examining prior disclosures from the ransomware group, it has already leaked complete datasets from 18 separate victims, including one hospital, which raises concerns about the healthcare sector’s vulnerability.
Targeting Media Giants: A Focus on Institutions
Although GLOBAL GROUP has cast a wide net with its targets, recent activities indicate a particular emphasis on media organizations. Among its victims, it has listed “RTE,” the national broadcaster in Ireland, although it has yet to present further details. It is important to clarify that there is no implication that RTE has been breached at this time.
In addition to RTE, the group has targeted Rete Toscana Classica (RTC), an Italian station specializing in classical music broadcasts. Both RTE and RTC have been allotted a 7-day period to engage with the GLOBAL GROUP regarding possible negotiations.
Targeting Albavisión: An Intentional Strategy
The decision to target Albavisión seems calculated, given the conglomerate’s extensive operations across Latin America. It owns approximately 45 television channels, 68 radio stations, a print publication, and around 65 movie theatres in 14 to 15 Spanish-speaking countries.
Founded in 1987 by Remigio Ángel González, a businessman noted for rejuvenating struggling media outlets, the company has not publicly disclosed its valuation, although González’s personal wealth is estimated at around $2 billion.
As the GLOBAL GROUP rises as a cybersecurity threat, organizations must re-evaluate their defenses, particularly in sectors like healthcare that are increasingly targeted. Implementing robust cybersecurity measures and conducting comprehensive training for staff, regardless of their access level to sensitive data, is vital in combating these threats. Awareness of phishing attempts, social engineering tactics, and the dangers of using corporate devices for personal tasks should be integral parts of any training program.
GLOBAL GROUP’s activities illustrate the evolving challenge of ransomware attacks, emphasizing the need for organizations to evolve alongside these threats. Hackread.com has reached out to Albavisión for comment, and updates will be provided as available.
