The BlackNevas ransomware group, first appearing in November 2024, has been targeting various industries and critical infrastructure globally, with a focus on the Asia-Pacific region. The group uses AES and RSA encryption, adding the '.-encrypted' extension to affected files. BlackNevas operates independently, threatening to leak data on their own site and through partners. The ransomware supports multiple arguments, excludes certain system paths and file types from encryption, and uses a unique method to check for previous infection. It also creates ransom notes in all accessible folders, demanding negotiation within seven days to prevent data leaks.