Skip to content

💥 Attack Tracker

Newest attacks on top · scroll inside the panel for the full history. Every row is auto-attributed (actor origin · rank · volume), confidence-flagged (claim vs corroborated) and dated; colour bands mark each month; each actor links to its battle card.

June 2026

Jun 25 ISOPLUS Qilin Ransomware · unknown · Greece 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed today · Sources: ransomware.live
Jun 25 JMS Southeast Akira Ransomware · unknown · N/A 🟥 Claimed (leak-site) · 🇷🇺 Possible Conti lineage (links to Storm-1567 / Howling Scorpius) · #5 active · 1531 total · disclosed today · Sources: ransomware.live
Jun 25 Padget Technologies Akira Ransomware · unknown · N/A 🟥 Claimed (leak-site) · 🇷🇺 Possible Conti lineage (links to Storm-1567 / Howling Scorpius) · #5 active · 1531 total · disclosed today · Sources: ransomware.live
Jun 25 sansilvestre.edu.pe Krybit Ransomware · unknown · Peru 🟥 Claimed (leak-site) · disclosed today · Sources: ransomware.live
Jun 25 roofdepot.com Chaos Ransomware · unknown · United States 🟥 Claimed (leak-site) · disclosed today · Sources: ransomware.live
Jun 24 Cash Canada Qilin Ransomware · unknown · Canada 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 1d ago · Sources: ransomware.live
Jun 24 Jit Ex Akira Ransomware · unknown · N/A 🟥 Claimed (leak-site) · 🇷🇺 Possible Conti lineage (links to Storm-1567 / Howling Scorpius) · #5 active · 1531 total · disclosed 1d ago · Sources: ransomware.live
Jun 24 Miami Machine Akira Ransomware · unknown · United States 🟥 Claimed (leak-site) · 🇷🇺 Possible Conti lineage (links to Storm-1567 / Howling Scorpius) · #5 active · 1531 total · disclosed 1d ago · Sources: ransomware.live
Jun 24 lpgroup Nova Ransomware · unknown · N/A 🟥 Claimed (leak-site) · — Unknown (CIS/DPRK/China exclusion suggests Russian-speaking ecosystem; unconfirmed) · #3 active · 155 total · disclosed 1d ago · Sources: ransomware.live
Jun 24 alejandria Nova Ransomware · unknown · N/A 🟥 Claimed (leak-site) · — Unknown (CIS/DPRK/China exclusion suggests Russian-speaking ecosystem; unconfirmed) · #3 active · 155 total · disclosed 1d ago · Sources: ransomware.live
Jun 24 transvill Nova Ransomware · unknown · N/A 🟥 Claimed (leak-site) · — Unknown (CIS/DPRK/China exclusion suggests Russian-speaking ecosystem; unconfirmed) · #3 active · 155 total · disclosed 1d ago · Sources: ransomware.live
Jun 24 horizoneye.com INC Ransom Ransomware · unknown · United States 🟥 Claimed (leak-site) · 🇷🇺 Russian-speaking (suspected); tracked as GOLD IONIC by Sophos/Secureworks; MITRE ATT&CK Group G1032 · #7 active · 836 total · disclosed 1d ago · Sources: ransomware.live DLS
Jun 24 maglificioliliana.com Stormous Ransomware · unknown · N/A 🟥 Claimed (leak-site) · disclosed 1d ago · Sources: ransomware.live
Jun 24 lorenzoni-store.com Stormous Ransomware · unknown · Italy 🟥 Claimed (leak-site) · disclosed 1d ago · Sources: ransomware.live
Jun 24 montechiaro-store.com Stormous Ransomware · unknown · Italy 🟥 Claimed (leak-site) · disclosed 1d ago · Sources: ransomware.live
Jun 24 impulso-store.com Stormous Ransomware · unknown · Mexico 🟥 Claimed (leak-site) · disclosed 1d ago · Sources: ransomware.live
Jun 24 LastPass Icarus Extortion · password management · US 🟩 Corroborated · 🏴‍☠️ Financially motivated cybercrime; immature/casual leak-site branding; infrastructure spans NL/FR/UA VPS hosting (origin unattributed) · #6 active · 12 total · disclosed 1d ago · go-to-market team CRM/contact data in Salesforce exposed via Klue OAuth tokens (customer names, phone, email, postal address, support-case and sales records); LastPass notified June 12, revoked Klue access, rotated API tokens, notified law enforcement; vault/credential data not affected · Sources: BleepingComputer · CyberInsider
Jun 24 Quest Health Solutions Anubis Ransomware · unknown · N/A 🟥 Claimed (leak-site) · disclosed 1d ago · Sources: ransomware.live
Jun 23 Lee International Qilin Ransomware · unknown · South Korea 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 2d ago · Sources: ransomware.live DLS
Jun 23 Leo International Akira Ransomware · unknown · — 🟥 Claimed (leak-site) · 🇷🇺 Possible Conti lineage (links to Storm-1567 / Howling Scorpius) · #5 active · 1531 total · disclosed 2d ago · Sources: ransomware.live DLS
Jun 23 IH Engineers Akira Ransomware · unknown · — 🟥 Claimed (leak-site) · 🇷🇺 Possible Conti lineage (links to Storm-1567 / Howling Scorpius) · #5 active · 1531 total · disclosed 2d ago · Sources: ransomware.live DLS
Jun 23 cloudquantum Nova Ransomware · unknown · — 🟥 Claimed (leak-site) · — Unknown (CIS/DPRK/China exclusion suggests Russian-speaking ecosystem; unconfirmed) · #3 active · 155 total · disclosed 2d ago · Sources: ransomware.live DLS
Jun 23 FTL-Fast Transit Line Nova Ransomware · unknown · — 🟥 Claimed (leak-site) · — Unknown (CIS/DPRK/China exclusion suggests Russian-speaking ecosystem; unconfirmed) · #3 active · 155 total · disclosed 2d ago · Sources: ransomware.live DLS
Jun 23 Aerospace & Advanced Composites GmbH Aur0ra Ransomware · aerospace materials manufacturing · Austria 🟥 Claimed (leak-site) · disclosed 2d ago · Sources: ransomware.live DLS / breachsense
Jun 23 randa.net Chaos Ransomware · unknown · — 🟥 Claimed (leak-site) · disclosed 2d ago · Sources: ransomware.live DLS
Jun 23 (Jun 22-23 DLS batch: 15 new victims claimed past 24h incl. healthcare×3, hospitality, manufacturing, transportation The Gentlemen Ransomware · individual org names not yet enumerated in public feeds; to be split as sources firm up) · — 🟩 Corroborated · 🇷🇺 Qilin splinter (founded by ex-affiliate "hastalamuerte" / "zeta88"; Krebs Jun 2026 identifies admin as Alexander Andreevich Yapaev, 36, Izhevsk, Russia — corroborated by Check Point backend-leak analysis) · #4 active · 517 total · disclosed 2d ago · Sources: PurpleOps
Jun 23 Canada Wide Media The Gentlemen Ransomware · media · publishing/Canada 🟥 Claimed (leak-site) · 🇷🇺 Qilin splinter (founded by ex-affiliate "hastalamuerte" / "zeta88"; Krebs Jun 2026 identifies admin as Alexander Andreevich Yapaev, 36, Izhevsk, Russia — corroborated by Check Point backend-leak analysis) · #4 active · 517 total · disclosed 2d ago · Sources: ransomware.live DLS / breachsense
Jun 23 GIA Partners LLC The Gentlemen Ransomware · IT services · US 🟥 Claimed (leak-site) · 🇷🇺 Qilin splinter (founded by ex-affiliate "hastalamuerte" / "zeta88"; Krebs Jun 2026 identifies admin as Alexander Andreevich Yapaev, 36, Izhevsk, Russia — corroborated by Check Point backend-leak analysis) · #4 active · 517 total · disclosed 2d ago · Sources: ransomware.live DLS / breachsense
Jun 23 OneTrust Icarus Extortion · governance risk and compliance software · US 🟩 Corroborated · 🏴‍☠️ Financially motivated cybercrime; immature/casual leak-site branding; infrastructure spans NL/FR/UA VPS hosting (origin unattributed) · #6 active · 12 total · disclosed 2d ago · Salesforce CRM data · Sources: SecurityWeek
Jun 23 KDDI Unattributed Breach · telecom · Japan 🟩 Corroborated · disclosed 2d ago · up to 14,220,000 email addresses and passwords (some hashed/encrypted) potentially leaked from a managed-email system serving six ISPs; attacker exploited a vulnerability in third-party software; detected and contained June 17, disclosed June 23; reported to Japan PPC and MIC; no actor named, not confirmed ransomware · Sources: The Register · Infosecurity Magazine
Jun 22 Schumacher Homes Qilin Ransomware · unknown · United States 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 3d ago · Sources: ransomware.live DLS
Jun 22 Central Bank of Libya Qilin Ransomware · unknown · Libya 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 3d ago · Sources: ransomware.live DLS
Jun 22 ehg.bayern SafePay Ransomware · unknown · Germany 🟥 Claimed (leak-site) · — Unknown; suspected Eastern European (CIS-exclusion kill-switch; Conti-lineage TTPs) · #10 active · 503 total · disclosed 3d ago · Sources: ransomware.live DLS
Jun 22 bits-pilani.ac.in DragonForce Ransomware · unknown · India 🟥 Claimed (leak-site) · 🇲🇾 Origins in a former Malaysian hacktivist collective · #22 active · 582 total · disclosed 3d ago · Sources: ransomware.live DLS
Jun 22 mihana-v.com DragonForce Ransomware · unknown · Russia 🟥 Claimed (leak-site) · 🇲🇾 Origins in a former Malaysian hacktivist collective · #22 active · 582 total · disclosed 3d ago · Sources: ransomware.live DLS
Jun 22 Ntd Apparel Akira Ransomware · unknown · — 🟥 Claimed (leak-site) · 🇷🇺 Possible Conti lineage (links to Storm-1567 / Howling Scorpius) · #5 active · 1531 total · disclosed 3d ago · Sources: ransomware.live DLS
Jun 22 belpointeasset.com \ belpointe.com INC Ransom Ransomware · unknown · United States 🟥 Claimed (leak-site) · 🇷🇺 Russian-speaking (suspected); tracked as GOLD IONIC by Sophos/Secureworks; MITRE ATT&CK Group G1032 · #7 active · 836 total · disclosed 3d ago · Sources: ransomware.live DLS
Jun 22 graymont.com Chaos Ransomware · unknown · Canada 🟥 Claimed (leak-site) · disclosed 3d ago · Sources: ransomware.live DLS
Jun 22 eggetttax.ca Brain Cipher Ransomware · unknown · Canada 🟥 Claimed (leak-site) · disclosed 3d ago · Sources: ransomware.live DLS
Jun 22 sterlinggloballtd.com Brain Cipher Ransomware · unknown · United Kingdom 🟥 Claimed (leak-site) · disclosed 3d ago · Sources: ransomware.live DLS
Jun 22 Klue Icarus Extortion · market intelligence · Canada 🟩 Corroborated · 🏴‍☠️ Financially motivated cybercrime; immature/casual leak-site branding; infrastructure spans NL/FR/UA VPS hosting (origin unattributed) · #6 active · 12 total · disclosed 3d ago · OAuth integration credential compromised June 11-12; malicious code pushed to harvest customer OAuth tokens; Salesforce integrations revoked June 12; CrowdStrike engaged for IR · Sources: SecurityWeek · BleepingComputer
Jun 22 Huntress Icarus Extortion · cybersecurity · US 🟩 Corroborated · 🏴‍☠️ Financially motivated cybercrime; immature/casual leak-site branding; infrastructure spans NL/FR/UA VPS hosting (origin unattributed) · #6 active · 12 total · disclosed 3d ago · Salesforce CRM data exfiltrated (business contacts, pricing, sales comms, opportunity notes); no threat data/passwords/engineering data affected · Sources: Huntress · SecurityWeek
Jun 22 Recorded Future Icarus Extortion · cybersecurity · US 🟩 Corroborated · 🏴‍☠️ Financially motivated cybercrime; immature/casual leak-site branding; infrastructure spans NL/FR/UA VPS hosting (origin unattributed) · #6 active · 12 total · disclosed 3d ago · client contact names, email addresses, potential contract info · Sources: SecurityWeek
Jun 22 Tanium Icarus Extortion · cybersecurity · US 🟩 Corroborated · 🏴‍☠️ Financially motivated cybercrime; immature/casual leak-site branding; infrastructure spans NL/FR/UA VPS hosting (origin unattributed) · #6 active · 12 total · disclosed 3d ago · Salesforce CRM data · Sources: BleepingComputer
Jun 22 Jamf Icarus Extortion · IT management · US 🟩 Corroborated · 🏴‍☠️ Financially motivated cybercrime; immature/casual leak-site branding; infrastructure spans NL/FR/UA VPS hosting (origin unattributed) · #6 active · 12 total · disclosed 3d ago · Salesforce CRM data · Sources: BleepingComputer
Jun 22 HackerOne Icarus Extortion · cybersecurity · US 🟩 Corroborated · 🏴‍☠️ Financially motivated cybercrime; immature/casual leak-site branding; infrastructure spans NL/FR/UA VPS hosting (origin unattributed) · #6 active · 12 total · disclosed 3d ago · Salesforce CRM data · Sources: BleepingComputer
Jun 22 Snyk Icarus Extortion · cybersecurity · US 🟩 Corroborated · 🏴‍☠️ Financially motivated cybercrime; immature/casual leak-site branding; infrastructure spans NL/FR/UA VPS hosting (origin unattributed) · #6 active · 12 total · disclosed 3d ago · Salesforce CRM data · Sources: BleepingComputer
Jun 22 Kudelski Security Icarus Extortion · cybersecurity · Switzerland 🟩 Corroborated · 🏴‍☠️ Financially motivated cybercrime; immature/casual leak-site branding; infrastructure spans NL/FR/UA VPS hosting (origin unattributed) · #6 active · 12 total · disclosed 3d ago · Salesforce CRM data · Sources: BleepingComputer
Jun 22 Insurity Icarus Extortion · insurance software · US 🟩 Corroborated · 🏴‍☠️ Financially motivated cybercrime; immature/casual leak-site branding; infrastructure spans NL/FR/UA VPS hosting (origin unattributed) · #6 active · 12 total · disclosed 3d ago · Salesforce CRM data · Sources: BleepingComputer
Jun 22 Gong Icarus Extortion · sales intelligence · US 🟩 Corroborated · 🏴‍☠️ Financially motivated cybercrime; immature/casual leak-site branding; infrastructure spans NL/FR/UA VPS hosting (origin unattributed) · #6 active · 12 total · disclosed 3d ago · Salesforce CRM data · Sources: BleepingComputer
Jun 22 Sprout Social Icarus Extortion · social media management software · US 🟩 Corroborated · 🏴‍☠️ Financially motivated cybercrime; immature/casual leak-site branding; infrastructure spans NL/FR/UA VPS hosting (origin unattributed) · #6 active · 12 total · disclosed 3d ago · Salesforce CRM data accessed through Klue OAuth integration · Sources: BleepingComputer
Jun 22 HDS Icarus Extortion · unknown · — 🟥 Claimed (leak-site) · 🏴‍☠️ Financially motivated cybercrime; immature/casual leak-site branding; infrastructure spans NL/FR/UA VPS hosting (origin unattributed) · #6 active · 12 total · disclosed 3d ago · Sources: ransomware.live DLS
Jun 22 Gms-net Icarus Extortion · unknown · — 🟥 Claimed (leak-site) · 🏴‍☠️ Financially motivated cybercrime; immature/casual leak-site branding; infrastructure spans NL/FR/UA VPS hosting (origin unattributed) · #6 active · 12 total · disclosed 3d ago · Sources: ransomware.live DLS
Jun 22 Cqcrm Icarus Extortion · unknown · — 🟥 Claimed (leak-site) · 🏴‍☠️ Financially motivated cybercrime; immature/casual leak-site branding; infrastructure spans NL/FR/UA VPS hosting (origin unattributed) · #6 active · 12 total · disclosed 3d ago · Sources: ransomware.live DLS
Jun 22 Cbassociations Icarus Extortion · unknown · — 🟥 Claimed (leak-site) · 🏴‍☠️ Financially motivated cybercrime; immature/casual leak-site branding; infrastructure spans NL/FR/UA VPS hosting (origin unattributed) · #6 active · 12 total · disclosed 3d ago · Sources: ransomware.live DLS
Jun 22 KTR Real Estate Advisors Anubis Ransomware · financial services · real estate advisory/US 🟩 Corroborated · disclosed 3d ago · undisclosed 3d · client database claimed; attack est. 2026-06-19 · Sources: DeXpose · RedPacket Security
Jun 22 Xsolis, Inc. Unattributed Breach · healthcare technology (utilization management · revenue cycle)/US 🟩 Corroborated · disclosed 3d ago · 1,396,519 individuals; names, DOB, addresses, SSNs, health insurance info, medical treatment data; phishing attack January 20, 2026, detected January 22; actor unattributed · Sources: SecurityWeek · HIPAA Journal · DataBreaches.net
Jun 21 Taiwan Sintong Machinery Co., Ltd Qilin Ransomware · unknown · Taiwan 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 4d ago · Sources: ransomware.live DLS
Jun 21 Sivatel Bangkok Qilin Ransomware · unknown · Thailand 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 4d ago · Sources: ransomware.live DLS
Jun 21 Tri-tec Qilin Ransomware · unknown · United States 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 4d ago · Sources: ransomware.live DLS
Jun 21 Florida Engineering Services Qilin Ransomware · unknown · United States 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 4d ago · Sources: ransomware.live DLS
Jun 21 Lockers IT Nova Ransomware · IT services · Bangladesh 🟥 Claimed (leak-site) · — Unknown (CIS/DPRK/China exclusion suggests Russian-speaking ecosystem; unconfirmed) · #3 active · 155 total · disclosed 4d ago · Sources: ransomware.live DLS
Jun 21 Nhà Thành Phố Nova Ransomware · unknown · Vietnam 🟥 Claimed (leak-site) · — Unknown (CIS/DPRK/China exclusion suggests Russian-speaking ecosystem; unconfirmed) · #3 active · 155 total · disclosed 4d ago · Sources: ransomware.live DLS
Jun 21 jktornel INC Ransom Ransomware · sector unknown · — 🟥 Claimed (leak-site) · 🇷🇺 Russian-speaking (suspected); tracked as GOLD IONIC by Sophos/Secureworks; MITRE ATT&CK Group G1032 · #7 active · 836 total · disclosed 4d ago · client data, proprietary information claimed · Sources: ransomware.live DLS
Jun 21 Artistic Smiles NightSpire Ransomware · consumer services · US 🟩 Corroborated · — Unknown · #18 active · 296 total · disclosed 4d ago · Sources: ransomware.live DLS / RedPacket Security
Jun 21 Texas Parks and Wildlife Dept. Unattributed Breach · government · US 🟩 Corroborated · disclosed 4d ago · 3,087,721 individuals exposed: driver's license numbers, passport numbers, email, phone, residential address; no SSNs/DOB/financial data; actor unattributed · Sources: TechTimes
Jun 20 Central Florida Cosmetic & Family Dentistry Qilin Ransomware · healthcare · US 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 Pacific Lamp & Supply Qilin Ransomware · unknown · United States 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 sierravistahospital.com LockBit Ransomware · healthcare · US 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-language system avoidance) · #1 active · 311 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 Access Dental WorldLeaks Extortion · healthcare · US 🟥 Claimed (leak-site) · 🏴‍☠️ Successor brand to Hunters International (active Oct 2023); Russian-speaking financially motivated crew; affiliate-based · #24 active · 169 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 L'Archevque & Rivest Ltée WorldLeaks Extortion · unknown · Canada 🟥 Claimed (leak-site) · 🏴‍☠️ Successor brand to Hunters International (active Oct 2023); Russian-speaking financially motivated crew; affiliate-based · #24 active · 169 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 Super Finishing WorldLeaks Extortion · unknown · Brazil 🟥 Claimed (leak-site) · 🏴‍☠️ Successor brand to Hunters International (active Oct 2023); Russian-speaking financially motivated crew; affiliate-based · #24 active · 169 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 Dosab Nova Ransomware · unknown · Saudi Arabia 🟥 Claimed (leak-site) · — Unknown (CIS/DPRK/China exclusion suggests Russian-speaking ecosystem; unconfirmed) · #3 active · 155 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 Hosab Nova Ransomware · unknown · — 🟥 Claimed (leak-site) · — Unknown (CIS/DPRK/China exclusion suggests Russian-speaking ecosystem; unconfirmed) · #3 active · 155 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 MIT HJERTE Nova Ransomware · unknown · Denmark 🟥 Claimed (leak-site) · — Unknown (CIS/DPRK/China exclusion suggests Russian-speaking ecosystem; unconfirmed) · #3 active · 155 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 One Believing Interiors Nova Ransomware · unknown · — 🟥 Claimed (leak-site) · — Unknown (CIS/DPRK/China exclusion suggests Russian-speaking ecosystem; unconfirmed) · #3 active · 155 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 Newspaper Media Group INC Ransom Ransomware · unknown · United States 🟥 Claimed (leak-site) · 🇷🇺 Russian-speaking (suspected); tracked as GOLD IONIC by Sophos/Secureworks; MITRE ATT&CK Group G1032 · #7 active · 836 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 ENB Versicherungen myenb.ch Payload Ransomware · unknown · Switzerland 🟥 Claimed (leak-site) · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 Editora Irmãos Vitale Payload Ransomware · unknown · Brazil 🟥 Claimed (leak-site) · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 Qualiflex Solutions qualiflex.solutions Payload Ransomware · unknown · — 🟥 Claimed (leak-site) · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 Preferred Properties Payload Ransomware · unknown · — 🟥 Claimed (leak-site) · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 hiddenn The Gentlemen Ransomware · unknown · — 🟥 Claimed (leak-site) · 🇷🇺 Qilin splinter (founded by ex-affiliate "hastalamuerte" / "zeta88"; Krebs Jun 2026 identifies admin as Alexander Andreevich Yapaev, 36, Izhevsk, Russia — corroborated by Check Point backend-leak analysis) · #4 active · 517 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 Vera Chimie Management The Gentlemen Ransomware · unknown · France 🟥 Claimed (leak-site) · 🇷🇺 Qilin splinter (founded by ex-affiliate "hastalamuerte" / "zeta88"; Krebs Jun 2026 identifies admin as Alexander Andreevich Yapaev, 36, Izhevsk, Russia — corroborated by Check Point backend-leak analysis) · #4 active · 517 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 Alexander Buch Bilanzbuchhalter The Gentlemen Ransomware · unknown · Germany 🟥 Claimed (leak-site) · 🇷🇺 Qilin splinter (founded by ex-affiliate "hastalamuerte" / "zeta88"; Krebs Jun 2026 identifies admin as Alexander Andreevich Yapaev, 36, Izhevsk, Russia — corroborated by Check Point backend-leak analysis) · #4 active · 517 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 SGS Malaysia The Gentlemen Ransomware · unknown · Malaysia 🟥 Claimed (leak-site) · 🇷🇺 Qilin splinter (founded by ex-affiliate "hastalamuerte" / "zeta88"; Krebs Jun 2026 identifies admin as Alexander Andreevich Yapaev, 36, Izhevsk, Russia — corroborated by Check Point backend-leak analysis) · #4 active · 517 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 TERRIO Therapy Fitness The Gentlemen Ransomware · unknown · Mexico 🟥 Claimed (leak-site) · 🇷🇺 Qilin splinter (founded by ex-affiliate "hastalamuerte" / "zeta88"; Krebs Jun 2026 identifies admin as Alexander Andreevich Yapaev, 36, Izhevsk, Russia — corroborated by Check Point backend-leak analysis) · #4 active · 517 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 Ty Thac Co The Gentlemen Ransomware · unknown · Vietnam 🟥 Claimed (leak-site) · 🇷🇺 Qilin splinter (founded by ex-affiliate "hastalamuerte" / "zeta88"; Krebs Jun 2026 identifies admin as Alexander Andreevich Yapaev, 36, Izhevsk, Russia — corroborated by Check Point backend-leak analysis) · #4 active · 517 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 Amigest The Gentlemen Ransomware · unknown · France 🟥 Claimed (leak-site) · 🇷🇺 Qilin splinter (founded by ex-affiliate "hastalamuerte" / "zeta88"; Krebs Jun 2026 identifies admin as Alexander Andreevich Yapaev, 36, Izhevsk, Russia — corroborated by Check Point backend-leak analysis) · #4 active · 517 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 Yudu Technology The Gentlemen Ransomware · unknown · Singapore 🟥 Claimed (leak-site) · 🇷🇺 Qilin splinter (founded by ex-affiliate "hastalamuerte" / "zeta88"; Krebs Jun 2026 identifies admin as Alexander Andreevich Yapaev, 36, Izhevsk, Russia — corroborated by Check Point backend-leak analysis) · #4 active · 517 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 Burris MacOmber The Gentlemen Ransomware · unknown · United States 🟥 Claimed (leak-site) · 🇷🇺 Qilin splinter (founded by ex-affiliate "hastalamuerte" / "zeta88"; Krebs Jun 2026 identifies admin as Alexander Andreevich Yapaev, 36, Izhevsk, Russia — corroborated by Check Point backend-leak analysis) · #4 active · 517 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 Sertrans The Gentlemen Ransomware · unknown · Spain 🟥 Claimed (leak-site) · 🇷🇺 Qilin splinter (founded by ex-affiliate "hastalamuerte" / "zeta88"; Krebs Jun 2026 identifies admin as Alexander Andreevich Yapaev, 36, Izhevsk, Russia — corroborated by Check Point backend-leak analysis) · #4 active · 517 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 Cofaq The Gentlemen Ransomware · unknown · France 🟥 Claimed (leak-site) · 🇷🇺 Qilin splinter (founded by ex-affiliate "hastalamuerte" / "zeta88"; Krebs Jun 2026 identifies admin as Alexander Andreevich Yapaev, 36, Izhevsk, Russia — corroborated by Check Point backend-leak analysis) · #4 active · 517 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 Al Khaja Holding The Gentlemen Ransomware · unknown · United Arab Emirates 🟥 Claimed (leak-site) · 🇷🇺 Qilin splinter (founded by ex-affiliate "hastalamuerte" / "zeta88"; Krebs Jun 2026 identifies admin as Alexander Andreevich Yapaev, 36, Izhevsk, Russia — corroborated by Check Point backend-leak analysis) · #4 active · 517 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 20 Athens Orthopedic Clinic The Gentlemen Ransomware · unknown · United States 🟥 Claimed (leak-site) · 🇷🇺 Qilin splinter (founded by ex-affiliate "hastalamuerte" / "zeta88"; Krebs Jun 2026 identifies admin as Alexander Andreevich Yapaev, 36, Izhevsk, Russia — corroborated by Check Point backend-leak analysis) · #4 active · 517 total · disclosed 5d ago · Sources: ransomware.live DLS
Jun 19 Roth Industries Qilin Ransomware · unknown · Germany 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 6d ago · Sources: ransomware.live DLS
Jun 19 Sparkle Pools Qilin Ransomware · unknown · United States 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 6d ago · Sources: ransomware.live DLS
Jun 19 PJ Daly Contracting Qilin Ransomware · unknown · Ireland 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 6d ago · Sources: ransomware.live DLS
Jun 19 Commune d'Eyguires Qilin Ransomware · unknown · France 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 6d ago · Sources: ransomware.live DLS
Jun 19 DaikyoNishikawa Corporation LockBit Ransomware · automotive parts · Japan 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-language system avoidance) · #1 active · 311 total · disclosed 6d ago · Sources: ransomware.live DLS
Jun 19 Como Furniture Enterprises Co., Ltd. LockBit Ransomware · manufacturing · Taiwan 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-language system avoidance) · #1 active · 311 total · disclosed 6d ago · Sources: ransomware.live DLS
Jun 19 aasa.ae Krybit Ransomware · unknown · United Arab Emirates 🟥 Claimed (leak-site) · disclosed 6d ago · Sources: ransomware.live DLS
Jun 19 www.mupras.com Krybit Ransomware · unknown · Brazil 🟥 Claimed (leak-site) · disclosed 6d ago · Sources: ransomware.live DLS
Jun 19 coemi.com.br Krybit Ransomware · unknown · Brazil 🟥 Claimed (leak-site) · disclosed 6d ago · Sources: ransomware.live DLS
Jun 19 Desert Micro Nova Ransomware · unknown · — 🟥 Claimed (leak-site) · — Unknown (CIS/DPRK/China exclusion suggests Russian-speaking ecosystem; unconfirmed) · #3 active · 155 total · disclosed 6d ago · Sources: ransomware.live DLS
Jun 19 themintgaming.com Brain Cipher Ransomware · unknown · — 🟥 Claimed (leak-site) · disclosed 6d ago · Sources: ransomware.live DLS
Jun 19 Aflac Scattered Spider Extortion · insurance · US 🟩 Corroborated · 🇺🇸🇬🇧 Native English-speaking, loosely organised (The Com ecosystem) · disclosed 6d ago · June 2025 social-engineering intrusion; 22.6M people notified (≥13.9M with PHI) · Sources: The Record / HIPAA Journal
Jun 19 Al Khaja Holding Unattributed Breach · conglomerate · UAE 🟥 Claimed (leak-site) · disclosed 6d ago · Sources: breachsense/ransomware.live DLS
Jun 19 Alexander Buch Bilanzbuchhalter Unattributed Breach · accounting · Germany 🟥 Claimed (leak-site) · disclosed 6d ago · Sources: breachsense/ransomware.live DLS
Jun 19 AmiGest Unattributed Breach · services · France 🟥 Claimed (leak-site) · disclosed 6d ago · Sources: breachsense/ransomware.live DLS
Jun 19 Apptricity Corporation Unattributed Breach · supply-chain software · US 🟥 Claimed (leak-site) · disclosed 6d ago · Sources: breachsense/ransomware.live DLS
Jun 19 ATCOM Unattributed Breach · telecom · IT services/Chile 🟥 Claimed (leak-site) · disclosed 6d ago · Sources: breachsense/ransomware.live DLS
Jun 18 THL PROJECT MANAGEMENT SDN. BHD. Qilin Ransomware · unknown · Malaysia 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 7d ago · Sources: ransomware.live DLS
Jun 18 Homes By J Anthony Qilin Ransomware · unknown · United States 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 7d ago · Sources: ransomware.live DLS
Jun 18 ATCOM Outsourcing Qilin Ransomware · unknown · Chile 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 7d ago · Sources: ransomware.live DLS
Jun 18 Skupina Don Don - GRUPO BIMBO Qilin Ransomware · unknown · Slovenia 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 7d ago · Sources: ransomware.live DLS
Jun 18 Makel Companies Group Qilin Ransomware · unknown · Turkey 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 7d ago · Sources: ransomware.live DLS
Jun 18 Berg Lilly Akira Ransomware · unknown · — 🟥 Claimed (leak-site) · 🇷🇺 Possible Conti lineage (links to Storm-1567 / Howling Scorpius) · #5 active · 1531 total · disclosed 7d ago · Sources: ransomware.live DLS
Jun 18 Apptricity Akira Ransomware · unknown · United States 🟥 Claimed (leak-site) · 🇷🇺 Possible Conti lineage (links to Storm-1567 / Howling Scorpius) · #5 active · 1531 total · disclosed 7d ago · Sources: ransomware.live DLS
Jun 18 icsecurity.com ShinyHunters Extortion · unknown · United States 🟥 Claimed (leak-site) · 🏴‍☠️ Financially motivated cybercrime; English-speaking, overlaps/collaborates with the wider Scattered Spider / Lapsus$ ("The Com") ecosystem · #13 active · 129 total · disclosed 7d ago · Sources: ransomware.live DLS
Jun 18 One Medical ShinyHunters Extortion · healthcare · US 🟩 Corroborated · 🏴‍☠️ Financially motivated cybercrime; English-speaking, overlaps/collaborates with the wider Scattered Spider / Lapsus$ ("The Com") ecosystem · #13 active · 129 total · disclosed 7d ago · unauthorized access to a third-party legacy file-storage system holding archived senior-patient data (demographic + clinical records across Atlanta, Cape Cod, Charlotte, Piedmont Triad, Denver, Houston, Phoenix, Tucson, Seattle); access June 8-11, discovered June 13, disclosed June 17; ShinyHunters claims 8.8 TB exfiltrated (🟥 unverified, no proof samples) with a June 22 extortion deadline; affected-individual count not yet disclosed · Sources: HIPAA Journal · BankInfoSecurity
Jun 18 NAIC.org ShinyHunters Extortion · unknown · United States 🟥 Claimed (leak-site) · 🏴‍☠️ Financially motivated cybercrime; English-speaking, overlaps/collaborates with the wider Scattered Spider / Lapsus$ ("The Com") ecosystem · #13 active · 129 total · disclosed 7d ago · Sources: ransomware.live DLS
Jun 18 Horizon Family Medical Group INC Ransom Ransomware · unknown · United States 🟥 Claimed (leak-site) · 🇷🇺 Russian-speaking (suspected); tracked as GOLD IONIC by Sophos/Secureworks; MITRE ATT&CK Group G1032 · #7 active · 836 total · disclosed 7d ago · Sources: ransomware.live DLS
Jun 18 neuwoges.de INC Ransom Ransomware · unknown · Germany 🟥 Claimed (leak-site) · 🇷🇺 Russian-speaking (suspected); tracked as GOLD IONIC by Sophos/Secureworks; MITRE ATT&CK Group G1032 · #7 active · 836 total · disclosed 7d ago · Sources: ransomware.live DLS
Jun 18 Dean Cosmetic Dentistry NightSpire Ransomware · healthcare · US 🟥 Claimed (leak-site) · — Unknown · #18 active · 296 total · disclosed 7d ago · Sources: ransomware.live DLS
Jun 18 legendsmn NightSpire Ransomware · unknown · United States 🟥 Claimed (leak-site) · — Unknown · #18 active · 296 total · disclosed 7d ago · Sources: ransomware.live DLS
Jun 17 Greg Crosslin Play Ransomware · unknown · United States 🟥 Claimed (leak-site) · — Unknown (financially motivated; no state nexus identified) · #16 active · 1268 total · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 Integrated Technologies Play Ransomware · unknown · — 🟥 Claimed (leak-site) · — Unknown (financially motivated; no state nexus identified) · #16 active · 1268 total · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 eurOptimum Play Ransomware · unknown · Germany 🟥 Claimed (leak-site) · — Unknown (financially motivated; no state nexus identified) · #16 active · 1268 total · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 seinordovest.it SafePay Ransomware · unknown · Italy 🟥 Claimed (leak-site) · — Unknown; suspected Eastern European (CIS-exclusion kill-switch; Conti-lineage TTPs) · #10 active · 503 total · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 harcourts.net SafePay Ransomware · unknown · Australia 🟥 Claimed (leak-site) · — Unknown; suspected Eastern European (CIS-exclusion kill-switch; Conti-lineage TTPs) · #10 active · 503 total · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 zaunsysteme.de SafePay Ransomware · unknown · Germany 🟥 Claimed (leak-site) · — Unknown; suspected Eastern European (CIS-exclusion kill-switch; Conti-lineage TTPs) · #10 active · 503 total · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 brscappuccio.it SafePay Ransomware · unknown · Italy 🟥 Claimed (leak-site) · — Unknown; suspected Eastern European (CIS-exclusion kill-switch; Conti-lineage TTPs) · #10 active · 503 total · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 gut-heckenhof.de SafePay Ransomware · unknown · Germany 🟥 Claimed (leak-site) · — Unknown; suspected Eastern European (CIS-exclusion kill-switch; Conti-lineage TTPs) · #10 active · 503 total · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 Smith Filter Akira Ransomware · unknown · — 🟥 Claimed (leak-site) · 🇷🇺 Possible Conti lineage (links to Storm-1567 / Howling Scorpius) · #5 active · 1531 total · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 Promepla RansomHouse Ransomware · manufacturing · — 🟥 Claimed (leak-site) · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 Prince George County RansomHouse Ransomware · unknown · United States 🟥 Claimed (leak-site) · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 www.courdescomptes.sn Krybit Ransomware · unknown · Senegal 🟥 Claimed (leak-site) · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 ersa.com.py Krybit Ransomware · unknown · Paraguay 🟥 Claimed (leak-site) · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 SUNASS Nova Ransomware · government · water regulator/Peru 🟥 Claimed (leak-site) · — Unknown (CIS/DPRK/China exclusion suggests Russian-speaking ecosystem; unconfirmed) · #3 active · 155 total · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 Sumitomo Electric Bordnetze Aur0ra Ransomware · automotive wiring manufacturing · — 🟥 Claimed (leak-site) · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 Allan Brothers, Inc. Aur0ra Ransomware · agriculture · US 🟥 Claimed (leak-site) · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 Diamond Truck Centres Aur0ra Ransomware · vehicle dealership · Canada 🟥 Claimed (leak-site) · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 Framesi INC Ransom Ransomware · professional beauty · cosmetics manufacturing/Italy 🟥 Claimed (leak-site) · 🇷🇺 Russian-speaking (suspected); tracked as GOLD IONIC by Sophos/Secureworks; MITRE ATT&CK Group G1032 · #7 active · 836 total · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 Jasper Plastics Solutions INC Ransom Ransomware · manufacturing · US 🟥 Claimed (leak-site) · 🇷🇺 Russian-speaking (suspected); tracked as GOLD IONIC by Sophos/Secureworks; MITRE ATT&CK Group G1032 · #7 active · 836 total · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 Ecovacs Robotics SpaceBears Ransomware · consumer robotics · China 🟥 Claimed (leak-site) · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 Chebib Control SpaceBears Ransomware · unknown · Brazil 🟥 Claimed (leak-site) · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 Gerencial SpaceBears Ransomware · unknown · Brazil 🟥 Claimed (leak-site) · disclosed 8d ago · Sources: ransomware.live DLS
Jun 17 Novo Nordisk FulcrumSec Ransomware · pharmaceuticals · Denmark 🟥 Claimed (leak-site) · disclosed 8d ago · 🟥 unverified group claim; confirm before treating as a breach · Sources: ransomware.live DLS
Jun 17 iRhythm Technologies Unattributed Breach · healthcare (cardiac monitoring) · US 🟩 Corroborated · disclosed 8d ago · proprietary data + patient PHI stolen from third-party-hosted apps, ransom demanded · actor not yet attributed · Sources: Dark Reading / DataBreachToday
Jun 16 Golfview Developmental Center Qilin Ransomware · unknown · United States 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 9d ago · Sources: ransomware.live DLS
Jun 16 Misericórdia de Santo Tirso Qilin Ransomware · unknown · Portugal 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 9d ago · Sources: ransomware.live DLS
Jun 16 Q Link Wireless Qilin Ransomware · unknown · United States 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 9d ago · Sources: ransomware.live DLS
Jun 16 Tecfi SpA DragonForce Ransomware · unknown · Italy 🟥 Claimed (leak-site) · 🇲🇾 Origins in a former Malaysian hacktivist collective · #22 active · 582 total · disclosed 9d ago · Sources: ransomware.live DLS
Jun 16 InSite Architects Akira Ransomware · architecture · US 🟥 Claimed (leak-site) · 🇷🇺 Possible Conti lineage (links to Storm-1567 / Howling Scorpius) · #5 active · 1531 total · disclosed 9d ago · Sources: ransomware.live DLS
Jun 16 Golfview Developmental Center Akira Ransomware · healthcare · disability services/US 🟥 Claimed (leak-site) · 🇷🇺 Possible Conti lineage (links to Storm-1567 / Howling Scorpius) · #5 active · 1531 total · disclosed 9d ago · Sources: ransomware.live DLS
Jun 16 Ralph Lauren ShinyHunters Extortion · unknown · United States 🟥 Claimed (leak-site) · 🏴‍☠️ Financially motivated cybercrime; English-speaking, overlaps/collaborates with the wider Scattered Spider / Lapsus$ ("The Com") ecosystem · #13 active · 129 total · disclosed 9d ago · Sources: ransomware.live DLS
Jun 16 Kedah Nova Ransomware · unknown · Malaysia 🟥 Claimed (leak-site) · — Unknown (CIS/DPRK/China exclusion suggests Russian-speaking ecosystem; unconfirmed) · #3 active · 155 total · disclosed 9d ago · Sources: ransomware.live DLS
Jun 16 ECOVACS SpaceBears Ransomware · unknown · China 🟥 Claimed (leak-site) · disclosed 9d ago · Sources: ransomware.live DLS
Jun 16 SPORTON International Inc. Payload Ransomware · unknown · Taiwan 🟥 Claimed (leak-site) · disclosed 9d ago · Sources: ransomware.live DLS
Jun 16 thecreditpros.com Icarus Extortion · unknown · United States 🟥 Claimed (leak-site) · 🏴‍☠️ Financially motivated cybercrime; immature/casual leak-site branding; infrastructure spans NL/FR/UA VPS hosting (origin unattributed) · #6 active · 12 total · disclosed 9d ago · Sources: ransomware.live DLS
Jun 15 distinetmurcia.es Qilin Ransomware · services · Spain 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 10d ago · Sources: ransomware.live DLS
Jun 15 hughstirling.co.uk SafePay Ransomware · unknown · United Kingdom 🟥 Claimed (leak-site) · — Unknown; suspected Eastern European (CIS-exclusion kill-switch; Conti-lineage TTPs) · #10 active · 503 total · disclosed 10d ago · Sources: ransomware.live DLS
Jun 15 tokyocivil.co.jp SafePay Ransomware · unknown · Japan 🟥 Claimed (leak-site) · — Unknown; suspected Eastern European (CIS-exclusion kill-switch; Conti-lineage TTPs) · #10 active · 503 total · disclosed 10d ago · Sources: ransomware.live DLS
Jun 15 ddcnyc.com Akira Ransomware · services · US 🟥 Claimed (leak-site) · 🇷🇺 Possible Conti lineage (links to Storm-1567 / Howling Scorpius) · #5 active · 1531 total · disclosed 10d ago · Sources: ransomware.live DLS
Jun 15 icc.edu ShinyHunters Extortion · unknown · United States 🟥 Claimed (leak-site) · 🏴‍☠️ Financially motivated cybercrime; English-speaking, overlaps/collaborates with the wider Scattered Spider / Lapsus$ ("The Com") ecosystem · #13 active · 129 total · disclosed 10d ago · Sources: ransomware.live DLS
Jun 15 moody.edu ShinyHunters Extortion · unknown · United States 🟥 Claimed (leak-site) · 🏴‍☠️ Financially motivated cybercrime; English-speaking, overlaps/collaborates with the wider Scattered Spider / Lapsus$ ("The Com") ecosystem · #13 active · 129 total · disclosed 10d ago · Sources: ransomware.live DLS
Jun 15 glendale.edu ShinyHunters Extortion · unknown · United States 🟥 Claimed (leak-site) · 🏴‍☠️ Financially motivated cybercrime; English-speaking, overlaps/collaborates with the wider Scattered Spider / Lapsus$ ("The Com") ecosystem · #13 active · 129 total · disclosed 10d ago · Sources: ransomware.live DLS
Jun 15 smithassociatescpa.com INC Ransom Ransomware · unknown · United States 🟥 Claimed (leak-site) · 🇷🇺 Russian-speaking (suspected); tracked as GOLD IONIC by Sophos/Secureworks; MITRE ATT&CK Group G1032 · #7 active · 836 total · disclosed 10d ago · Sources: ransomware.live DLS
Jun 11 Central Romana Corporation LockBit Ransomware · agribusiness · Dominican Republic 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-language system avoidance) · #1 active · 311 total · disclosed 14d ago · Sources: ransomware.live DLS / FalconFeeds
Jun 11 Shougang Hierro Perú S.A.A. LockBit Ransomware · mining · Peru 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-language system avoidance) · #1 active · 311 total · disclosed 14d ago · Sources: ransomware.live DLS / FalconFeeds
Jun 11 Stahlwille B.V. LockBit Ransomware · tool manufacturing · Netherlands 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-language system avoidance) · #1 active · 311 total · disclosed 14d ago · Sources: ransomware.live DLS / FalconFeeds
Jun 11 JEC Eye Hospitals and Clinics LockBit Ransomware · healthcare · Indonesia 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-language system avoidance) · #1 active · 311 total · disclosed 14d ago · Sources: FalconFeeds
Jun 11 Colégio Santo Inácio LockBit Ransomware · education · Brazil 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-language system avoidance) · #1 active · 311 total · disclosed 14d ago · Sources: FalconFeeds
Jun 11 LBR Engineering and Consulting LockBit Ransomware · engineering · Brazil 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-language system avoidance) · #1 active · 311 total · disclosed 14d ago · Sources: FalconFeeds
Jun 10 Port Air Express Akira Ransomware · logistics · — 🟥 Claimed (leak-site) · 🇷🇺 Possible Conti lineage (links to Storm-1567 / Howling Scorpius) · #5 active · 1531 total · disclosed 15d ago · Sources: ransomware.live DLS
Jun 10 Tata Electronics WorldLeaks Extortion · electronics manufacturing (iPhone assembly) · India 🟩 Corroborated · 🏴‍☠️ Successor brand to Hunters International (active Oct 2023); Russian-speaking financially motivated crew; affiliate-based · #24 active · 169 total · disclosed 15d ago · 200,000+ files (630+ GB) exfiltrated: Apple iPhone manufacturing records, technical drawings, component specifications, Tesla engineering documents, employee passport scans; attack date est. early June 2026; Tata confirmed breach June 23; operations reported unaffected; Apple investigating; ransom demand confirmed but payment status unknown · Sources: Cybernews · CNBC
Jun 10 Liberty Insurance Corporation Krybit Ransomware · insurance · Philippines 🟥 Claimed (leak-site) · disclosed 15d ago · Sources: ransomware.live DLS
Jun 10 PROBE S.A. Krybit Ransomware · services · El Salvador 🟥 Claimed (leak-site) · disclosed 15d ago · Sources: ransomware.live DLS
Jun 10 Lösing Filtertechnik SpaceBears Ransomware · manufacturing · Germany 🟥 Claimed (leak-site) · disclosed 15d ago · Sources: ransomware.live DLS
Jun 10 Global Schools Foundation FulcrumSec Ransomware · education · Singapore 🟥 Claimed (leak-site) · disclosed 15d ago · Sources: ransomware.live DLS
Jun 10 Mackay Sugar The Gentlemen Ransomware · agri-industrial · Australia 🟩 Corroborated · 🇷🇺 Qilin splinter (founded by ex-affiliate "hastalamuerte" / "zeta88"; Krebs Jun 2026 identifies admin as Alexander Andreevich Yapaev, 36, Izhevsk, Russia — corroborated by Check Point backend-leak analysis) · #4 active · 517 total · disclosed 15d ago · mills shut, harvest disrupted; ransomware confirmed (The Gentlemen attribution) · Sources: SecurityWeek / The Record
Jun 09 Spray Equipment & Service Center Akira Ransomware · industrial equipment · US 🟥 Claimed (leak-site) · 🇷🇺 Possible Conti lineage (links to Storm-1567 / Howling Scorpius) · #5 active · 1531 total · disclosed 16d ago · Sources: ransomware.live DLS
Jun 09 Rockaway River Country Club Akira Ransomware · hospitality · US 🟥 Claimed (leak-site) · 🇷🇺 Possible Conti lineage (links to Storm-1567 / Howling Scorpius) · #5 active · 1531 total · disclosed 16d ago · Sources: ransomware.live DLS
Jun 09 SMPC Architects Akira Ransomware · architecture · US 🟥 Claimed (leak-site) · 🇷🇺 Possible Conti lineage (links to Storm-1567 / Howling Scorpius) · #5 active · 1531 total · disclosed 16d ago · Sources: ransomware.live DLS
Jun 09 Centre Ellipse Akira Ransomware · services · — 🟥 Claimed (leak-site) · 🇷🇺 Possible Conti lineage (links to Storm-1567 / Howling Scorpius) · #5 active · 1531 total · disclosed 16d ago · Sources: ransomware.live DLS
Jun 09 Cal Fresh Termite Ransomware · government benefits · US 🟥 Claimed (leak-site) · disclosed 16d ago · Sources: ransomware.live DLS
Jun 09 Apollo Pipes WorldLeaks Extortion · manufacturing · India 🟥 Claimed (leak-site) · 🏴‍☠️ Successor brand to Hunters International (active Oct 2023); Russian-speaking financially motivated crew; affiliate-based · #24 active · 169 total · disclosed 16d ago · Sources: ransomware.live DLS
Jun 09 GDL Transport WorldLeaks Extortion · logistics · Sweden 🟥 Claimed (leak-site) · 🏴‍☠️ Successor brand to Hunters International (active Oct 2023); Russian-speaking financially motivated crew; affiliate-based · #24 active · 169 total · disclosed 16d ago · Sources: ransomware.live DLS
Jun 09 M1xchange WorldLeaks Extortion · fintech · India 🟥 Claimed (leak-site) · 🏴‍☠️ Successor brand to Hunters International (active Oct 2023); Russian-speaking financially motivated crew; affiliate-based · #24 active · 169 total · disclosed 16d ago · Sources: ransomware.live DLS
Jun 09 University of Nottingham ShinyHunters Extortion · education · UK 🟥 Claimed (leak-site) · 🏴‍☠️ Financially motivated cybercrime; English-speaking, overlaps/collaborates with the wider Scattered Spider / Lapsus$ ("The Com") ecosystem · #13 active · 129 total · disclosed 16d ago · The Record · Sources: ransomware.live DLS; university confirmed incident 2026-06-11; claim: 40GB+ billing/payment-card/student-finance data
Jun 09 Auburn Electrical Construction Embargo Ransomware · construction · US 🟥 Claimed (leak-site) · disclosed 16d ago · Sources: ransomware.live DLS
Jun 09 Mid-Cumberland Human Resource Agency Insomnia Ransomware · public services · US 🟥 Claimed (leak-site) · disclosed 16d ago · Sources: ransomware.live DLS
Jun 09 Trevi Nova Ransomware · construction-engineering · Italy 🟥 Claimed (leak-site) · — Unknown (CIS/DPRK/China exclusion suggests Russian-speaking ecosystem; unconfirmed) · #3 active · 155 total · disclosed 16d ago · Sources: ransomware.live DLS
Jun 09 AireSpring Chaos Ransomware · managed telecom services · US 🟥 Claimed (leak-site) · disclosed 16d ago · Sources: ransomware.live DLS
Jun 09 Spratley's of Mortimer PrinzEugen Ransomware · retail-consumer services · UK 🟥 Claimed (leak-site) · disclosed 16d ago · posted twice on DLS; de-duped · Sources: ransomware.live DLS
Jun 09 Cambridge Law Chambers Gunra Ransomware · legal · Bahamas 🟥 Claimed (leak-site) · disclosed 16d ago · Sources: ransomware.live DLS
Jun 09 Katholiek Amersfoort Stormous Ransomware · religious org · Netherlands 🟥 Claimed (leak-site) · disclosed 16d ago · re-post "FOR SALE" · Sources: ransomware.live DLS
Jun 09 sa2000.com Stormous Ransomware · services (French-language records, 150GB claimed) · — 🟥 Claimed (leak-site) · disclosed 16d ago · Sources: ransomware.live DLS
Jun 08 Covenant Health Qilin Ransomware · healthcare · US 🟩 Corroborated · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 17d ago · Qilin attack May 2025; ~850GB leaked, 478,188 individuals affected (notifications confirmed) · Sources: The Record / SecurityWeek
Jun 08 The Banyans Health and Wellness Qilin Ransomware · healthcare · Australia 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 17d ago · Sources: ransomware.live DLS
Jun 08 Kinetic Education Qilin Ransomware · education · Australia 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 17d ago · Sources: ransomware.live DLS
Jun 08 SatCom CX Qilin Ransomware · marketing services · US 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 17d ago · Sources: ransomware.live DLS
Jun 08 Isuzu Motors Qilin Ransomware · automotive manufacturing · Thailand 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 17d ago · Sources: ransomware.live DLS
Jun 08 Opéra Comique Qilin Ransomware · arts-culture · France 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 17d ago · Sources: ransomware.live DLS
Jun 08 Shipping Association of NY and NJ Qilin Ransomware · maritime-logistics · US 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 17d ago · Sources: ransomware.live DLS
Jun 08 Wiese USA Termite Ransomware · material handling · US 🟥 Claimed (leak-site) · disclosed 17d ago · Sources: ransomware.live DLS
Jun 08 Roland Machinery Termite Ransomware · machinery dealer · — 🟥 Claimed (leak-site) · disclosed 17d ago · Sources: ransomware.live DLS
Jun 08 Aegle Aviation RansomHouse Ransomware · aviation · India 🟥 Claimed (leak-site) · disclosed 17d ago · Sources: ransomware.live DLS
Jun 08 Ma Pak Leung Company RansomHouse Ransomware · pharma-retail · Hong Kong 🟥 Claimed (leak-site) · disclosed 17d ago · Sources: ransomware.live DLS
Jun 08 Plaza Lama Payload Ransomware · retail · Dominican Republic 🟥 Claimed (leak-site) · disclosed 17d ago · Sources: ransomware.live DLS
Jun 08 Hansoll Textile Payload Ransomware · manufacturing · Vietnam 🟥 Claimed (leak-site) · disclosed 17d ago · Sources: ransomware.live DLS
Jun 08 Villea Hotels Payload Ransomware · hospitality · — 🟥 Claimed (leak-site) · disclosed 17d ago · Sources: ransomware.live DLS
Jun 06 Pearson Ford Play Ransomware · auto dealership · US 🟥 Claimed (leak-site) · — Unknown (financially motivated; no state nexus identified) · #16 active · 1268 total · disclosed 19d ago · Sources: ransomware.live DLS
Jun 05 Avcon Jet Qilin Ransomware · aviation · Austria 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 20d ago · Sources: ransomware.live DLS
Jun 05 Trican Well Service Qilin Ransomware · oilfield services · Canada 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 20d ago · Sources: ransomware.live DLS
Jun 05 Don Don Qilin Ransomware · retail · food 🟥 Claimed (leak-site) · 🇷🇺 Russia-affiliated (Russian-speaking operators) · #2 active · 1947 total · disclosed 20d ago · Sources: ransomware.live DLS
Jun 05 Corley Manufacturing Play Ransomware · manufacturing · US 🟥 Claimed (leak-site) · — Unknown (financially motivated; no state nexus identified) · #16 active · 1268 total · disclosed 20d ago · Sources: ransomware.live DLS
Jun 05 Dallis Law Firm Play Ransomware · legal · US 🟥 Claimed (leak-site) · — Unknown (financially motivated; no state nexus identified) · #16 active · 1268 total · disclosed 20d ago · Sources: ransomware.live DLS
Jun 01 MyPillow Play Ransomware · manufacturing · retail/US 🟥 Claimed (leak-site) · — Unknown (financially motivated; no state nexus identified) · #16 active · 1268 total · disclosed 24d ago · payroll, tax, employee-ID data claimed · Sources: Play DLS
Jun 01 Energy Action SafePay Ransomware · energy management · Australia 🟥 Claimed (leak-site) · — Unknown; suspected Eastern European (CIS-exclusion kill-switch; Conti-lineage TTPs) · #10 active · 503 total · disclosed 24d ago · ~470GB claimed; under investigation · Sources: SafePay DLS
Jun 01 The Adviser Brain Cipher Ransomware · media · AU 🟥 Claimed (leak-site) · disclosed 24d ago · 350GB claimed; ransom deadline 2026-06-02 · Sources: Brain Cipher DLS
Jun 01 Expert MRI Unattributed Breach · healthcare · radiology/US 🟥 Claimed (leak-site) · disclosed 24d ago · PEAR DLS claim seen 2026-06, attack est. Aug 2025 — ransomware.live DLS — 🟥 attack predates PEAR posting; 617GB alleged, 209,560 individuals' PHI (names, addresses, DOB, diagnosis/treatment, SSNs); verify PEAR attribution independently
Jun 01 RRCA Accounts Management Unattributed Breach · collections · US 🟥 Claimed (leak-site) · disclosed 24d ago · 115,837 individuals affected
Jun 01 Dairy Farmers of America Unattributed Breach · agriculture co-op · US 🟩 Corroborated · disclosed 24d ago · employee + member data leaked · actor not yet attributed · Sources: The Record
Jun 01 Dresden State Art Collections Unattributed Breach · arts-culture · Germany 🟩 Corroborated · disclosed 24d ago · digital systems disrupted · actor not yet attributed · Sources: The Record

May 2026

May 27 Carnival Corporation ShinyHunters Extortion · travel · hospitality/US 🟩 Corroborated · 🏴‍☠️ Financially motivated cybercrime; English-speaking, overlaps/collaborates with the wider Scattered Spider / Lapsus$ ("The Com") ecosystem · #13 active · 129 total · disclosed 29d ago · 5,995,277 individuals affected; names, dates of birth, addresses, email, phone, passport and driver's license numbers; social-engineering attack on Carnival employee led to account compromise April 14, 2026; data exfiltrated before access blocked; breach notification letters dated May 27, 2026 · Sources: BleepingComputer · The Register · Malwarebytes

April 2026

Apr 16 Standard Bank Group PrinzEugen Ransomware · banking · financial services/South Africa 🟩 Corroborated · disclosed 70d ago · 1.2 TB exfiltrated; 1 BTC ransom demanded and refused; Group is South Africa's largest bank by assets; DLS claim April 16; first widely documented Prinz Eugen victim (new Go-based strain analyzed June 20 by ThreatDown) · Sources: BleepingComputer · ThreatDown

February 2026

Feb 24 Strategic Education Unattributed Breach · education · US 🟥 Claimed (leak-site) · disclosed 121d ago · incident 23–25 Feb 2026

May 2025

May 01 Harrods DragonForce Ransomware · retail · UK 🟩 Corroborated · 🇲🇾 Origins in a former Malaysian hacktivist collective · #22 active · 582 total · disclosed 420d ago · third UK retailer hit; attack confirmed 1 May 2025, access restricted to contain it · Sources: Acronis · Picus

April 2025

Apr 30 Co-op DragonForce Ransomware · retail · UK 🟩 Corroborated · 🇲🇾 Origins in a former Malaysian hacktivist collective · #22 active · 582 total · disclosed 421d ago · back-office & call-centre disruption; 10,000+ members' personal data exposed · Sources: Infosecurity
Apr 22 Marks & Spencer DragonForce Ransomware · retail · UK 🟩 Corroborated · 🇲🇾 Origins in a former Malaysian hacktivist collective · #22 active · 582 total · disclosed 429d ago · ~£300M profit hit; online orders & payments disrupted for weeks; customer + employee data threatened (Scattered Spider service-desk initial access) · Sources: BlackFog · Infosecurity