Helldown is a new and highly active ransomware group that has claimed 31 victims in three months. It employs custom ransomware for Windows and Linux systems, engages in double extortion, and exploits vulnerabilities in Zyxel firewalls for initial access. The group exfiltrates large volumes of data, averaging 70GB per victim. Its Windows ransomware shares similarities with Darkrace and Donex variants. The Linux variant targets VMware ESX servers. While connections to other groups like Hellcat are unconfirmed, Helldown's success seems to rely on exploiting undocumented vulnerabilities rather than sophisticated malware. The group's rapid evolution and targeting of virtualized infrastructures make it a significant emerging threat.