Ransomware Stats

[ { “activity”: “Healthcare”, “attackdate”: “2025-09-18 16:44:37.171000”, “claim_url”: “http:\/\/sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion\/leaks\/68cc36f588b6823fa2157720”, “country”: “”, “description”: “United Pharma LLC is a softgel contract manufacturer based in Southern California, specializing in high-quality nutraceuticals and supplements. Founded in 2006, the company boasts a state-of-the-art 55,000 square foot facility and adheres to strict quality standards in its production processes. Their services include gelatin mixing, encapsulation, bottling, and custom labeling, catering to clients seeking innovative softgel solutions. With a highly experienced management team, United Pharma aims to be a progressive partner for both its customers and the community.”, “discovered”: “2025-09-18 16:51:28.617190”, “domain”: “www.unitedpharma.com”, “duplicates”: [], “extrainfos”: [], “group”: “sinobi”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/890d83636651b46063f2a71b79b3722e.png”, “url”: “https:\/\/www.ransomware.live\/id\/VW5pdGVkIFBoYXJtYUBzaW5vYmk=”, “victim”: “United Pharma” }, { “activity”: “Not Found”, “attackdate”: “2025-09-18 16:41:32.000000”, “claim_url”: “https:\/\/worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion\/companies\/6724516557”, “country”: “US”, “description”: “[AI generated] City Wide is a leading management company in the building maintenance industry. They offer comprehensive solutions spanning over 20 interior and exterior services for commercial properties. City Wide simplifies the maintenance process by providing a single point of contact and a personalized approach to manage every detail. It’s based in the US and has over 60 years of experience.”, “discovered”: “2025-09-18 17:58:32.356228”, “domain”: “www.gocitywide.com”, “duplicates”: [], “extrainfos”: [], “group”: “worldleaks”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Q2l0eSBXaWRlQHdvcmxkbGVha3M=”, “victim”: “City Wide” }, { “activity”: “Technology”, “attackdate”: “2025-09-18 16:41:32.000000”, “claim_url”: “https:\/\/worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion\/companies\/5334189463”, “country”: “US”, “description”: “[AI generated] ACRO Automation Systems is a company that designs and creates unique automation processes to help businesses improve their operational efficiencies. They specialize in providing state-of-the-art automated solutions to a wide range of industries – from automotives to consumer goods, using robotic, assembly, and control systems. Based in Milwaukee, Wisconsin, they also offer professional project management and technical support services.”, “discovered”: “2025-09-18 17:59:37.945048”, “domain”: “www.acro.com”, “duplicates”: [], “extrainfos”: [], “group”: “worldleaks”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/QUNSTyBBdXRvbWF0aW9uIFN5c3RlbXNAd29ybGRsZWFrcw==”, “victim”: “ACRO Automation Systems” }, { “activity”: “Consumer Services”, “attackdate”: “2025-09-18 16:41:32.000000”, “claim_url”: “https:\/\/worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion\/companies\/0047417878”, “country”: “US”, “description”: “[AI generated] Legend Senior Living is an American-based, family-owned and operated company that provides quality elderly care across its facilities. They offer a variety of services from independent living, assisted living to memory care. Its mission is to serve seniors and their families by creating high-quality choices for senior living and foster an atmosphere of respect, dignity and personal engagement.”, “discovered”: “2025-09-18 18:00:42.366482”, “domain”: “www.legendseniorliving.com”, “duplicates”: [], “extrainfos”: [], “group”: “worldleaks”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TGVnZW5kIFNlbmlvciBMaXZpbmdAd29ybGRsZWFrcw==”, “victim”: “Legend Senior Living” }, { “activity”: “Financial Services”, “attackdate”: “2025-09-18 08:19:14.268411”, “claim_url”: “”, “country”: “IT”, “description”: “***”, “discovered”: “2025-09-18 08:19:15.649035”, “domain”: “www.generali.com”, “duplicates”: [], “extrainfos”: { “size”: “” }, “group”: “crypto24”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/R2VuZXJhbGkgR3JvdXBAY3J5cHRvMjQ=”, “victim”: “Generali Group” }, { “activity”: “Not Found”, “attackdate”: “2025-09-18 01:40:44.701842”, “claim_url”: “http:\/\/b2ykcy2gcug4gnccm6hnrb5xapnresmyjjqgvhafaypppwgo4feixwyd.onion\/books\/3”, “country”: “IN”, “description”: “DATA SIZE : 2TB”, “discovered”: “2025-09-18 01:41:00.251594”, “domain”: “klingLnberg.in”, “duplicates”: [], “extrainfos”: { “data_size”: “2 TB” }, “group”: “blackshrantac”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/dced8bdc9bc5a267d2fee4eb280f17f7.png”, “url”: “https:\/\/www.ransomware.live\/id\/a2xpbmdMbmJlcmcuaW5AYmxhY2tzaHJhbnRhYw==”, “victim”: “klingLnberg.in” }, { “activity”: “Technology”, “attackdate”: “2025-09-18 01:40:09.012618”, “claim_url”: “http:\/\/b2ykcy2gcug4gnccm6hnrb5xapnresmyjjqgvhafaypppwgo4feixwyd.onion\/books\/2”, “country”: “TR”, “description”: “DATA SIZE : 600GB”, “discovered”: “2025-09-18 01:40:22.726808”, “domain”: “altas.com.tr”, “duplicates”: [], “extrainfos”: { “data_size”: “600 GB” }, “group”: “blackshrantac”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-18 01:39:51”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/3eaa3360858118b831e13c1ce7b4ce38.png”, “url”: “https:\/\/www.ransomware.live\/id\/YWx0YXMuY29tLnRyQGJsYWNrc2hyYW50YWM=”, “victim”: “altas.com.tr” }, { “activity”: “Financial Services”, “attackdate”: “2025-09-18 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=bf4ab98b-5fdf-3e22-a36c-4048b47b9d07”, “country”: “KR”, “description”: “Dblock Asset Management Co, Korean Leak2. They have blocked the development of their own future. Dblock Asset Management Co., Ltd is an investment company specializing in the acquisition and management of real estate and funds, part of the D- …”, “discovered”: “2025-09-18 11:48:56.136032”, “domain”: “dblocasset.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-18 11:48:04”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/RGJsb2NrIEFzc2V0IE1hbmFnZW1lbnQgQ29AcWlsaW4=”, “victim”: “Dblock Asset Management Co” }, { “activity”: “Financial Services”, “attackdate”: “2025-09-18 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=ad659a23-af8d-39ea-9a98-41aeaf2d26d3”, “country”: “KR”, “description”: “Orum Asset management Co, Korean Leak2. The company has been operating on the Korean stock market since 2021. Its total capital is 5.4 bil won ($3.8 mil). The company’s main priority is the real estate market. The company has a public offerin …”, “discovered”: “2025-09-18 12:46:19.235966”, “domain”: “orumam.com\/kor\/main”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/4cda54d3195ab342f214f60e8411fa32.png”, “url”: “https:\/\/www.ransomware.live\/id\/T3J1bSBBc3NldCBtYW5hZ2VtZW50QHFpbGlu”, “victim”: “Orum Asset management” }, { “activity”: “Financial Services”, “attackdate”: “2025-09-18 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=dd4a27f5-dd61-3747-a2d2-65fd15a6c2dc”, “country”: “SG”, “description”: “ST Asset Management Co, Korean Leak2. You can change your name and declare a new mission, but you still won’t be able to hide your deceitful nature. Meet ST Asset Management Co., Ltd., Seoul, Korea. They position themselves as specialists in …”, “discovered”: “2025-09-18 14:49:06.939443”, “domain”: “stasset.co.kr”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-18 14:48:29”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/966f648adec4b85dd498f14a696cc4c5.png”, “url”: “https:\/\/www.ransomware.live\/id\/U1QgQXNzZXQgTWFuYWdlbWVudCBDb0BxaWxpbg==”, “victim”: “ST Asset Management Co” }, { “activity”: “Financial Services”, “attackdate”: “2025-09-18 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=ccd6d275-b6f2-3377-86bb-7143d70f3460”, “country”: “GB”, “description”: “EOS Asset management CO., Korean Leak2. The company has been operating on the Korean stock market since 2021. Its total investment portfolio is 22 bil won ($15.8 mil). An asset management company specializing in brokerage services for lendin …”, “discovered”: “2025-09-18 14:49:48.871621”, “domain”: “www.eosam.co.kr”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f0dfcde97311c97c6a41796b3404fa2e.png”, “url”: “https:\/\/www.ransomware.live\/id\/RU9TIEFzc2V0IG1hbmFnZW1lbnRAcWlsaW4=”, “victim”: “EOS Asset management” }, { “activity”: “Financial Services”, “attackdate”: “2025-09-18 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=5fa7d407-231e-3400-b7d8-bf42de329fc3”, “country”: “CN”, “description”: “Broad High Asset Management Co., Korean Leak2. A private investment fund management company registered with the Financial Services Commission in April 2022. The company’s total investment portfolio is 2.65 billion won ($1.8 million). Key prod …”, “discovered”: “2025-09-18 15:41:11.861308”, “domain”: “www.bhasset.co.kr”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/QnJvYWQgSGlnaCBBc3NldCBNYW5hZ2VtZW50QHFpbGlu”, “victim”: “Broad High Asset Management” }, { “activity”: “Not Found”, “attackdate”: “2025-09-18 00:00:00.000000”, “claim_url”: “”, “country”: “US”, “description”: “Wargo French Singer is a full-service law firm with offices in At\nlanta, Los Angeles and Miami. \n\nWe are going to upload 11gb corporate data. Lots of client inform\nation (DOB, address, emails, phone and so on), lots of confidenti\nal files, contracts and agreements with Coca-cola and other big n\names, financial information, projects and other files.\n”, “discovered”: “2025-09-18 18:14:22.199476”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/V2FyZ28gRnJlbmNoQGFraXJh”, “victim”: “Wargo French” }, { “activity”: “Not Found”, “attackdate”: “2025-09-17 23:59:00.000000”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/68c34311115cdd92913d390a”, “country”: “US”, “description”: “Cardinal Services is a full-service staffing company founded in 1984 and headquartered in Coos Bay, Oregon.\r Employees: 50\r Revenue: $48.7 Million\r Industry: Business Services\r Phone Number:(541) 888-9799”, “discovered”: “2025-09-18 00:50:51.007162”, “domain”: “cardinal-services.com”, “duplicates”: [], “extrainfos”: [], “group”: “incransom”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Azorult”: 8, “Lumma”: 8, “Raccoon”: 2, “RedLine”: 16, “Vidar”: 4 }, “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-18 00:50:22”, “users”: 20, “users_url”: 12 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/2c1908dfa58bff3d3912ac4ed31085fd.png”, “url”: “https:\/\/www.ransomware.live\/id\/Y2FyZGluYWwtc2VydmljZXMuY29tQGluY3JhbnNvbQ==”, “victim”: “cardinal-services.com” }, { “activity”: “Not Found”, “attackdate”: “2025-09-17 22:28:00.000000”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/68cb3543115cdd9291b147a3”, “country”: “US”, “description”: “The company\u00b4s objectives were aimed to provide a high-quality service to allow customers to dedicate their main efforts towards achieving their specific goals. \”The company installed a high-quality customer service philosophy\”\r Employees: 63\r Revenue: $11 Million\r Industry: Architecture\r Phone Number:+52 5512533200”, “discovered”: “2025-09-17 22:43:29.779528”, “domain”: “grupogid.com”, “duplicates”: [], “extrainfos”: [], “group”: “incransom”, “infostealer”: { “employees”: 1, “employees_url”: 1, “infostealer_stats”: { “Raccoon”: 2 }, “thirdparties”: 1, “thirdparties_domain”: 3, “update”: “2025-09-17 22:43:02”, “users”: 0, “users_url”: 1 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/aa7c65ac20f643a7e3bc993a502aba81.png”, “url”: “https:\/\/www.ransomware.live\/id\/Z3J1cG9naWQuY29tQGluY3JhbnNvbQ==”, “victim”: “grupogid.com” }, { “activity”: “Not Found”, “attackdate”: “2025-09-17 22:18:14.799630”, “claim_url”: “http:\/\/mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion\/index.php?page=1\/topic.php?id=pky3LrkLkUWt5G”, “country”: “US”, “description”: “United States”, “discovered”: “2025-09-17 22:18:55.806410”, “domain”: “www.tsahousing.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/78a264c02ebaabcc3b6fbe50752c46ea.png”, “url”: “https:\/\/www.ransomware.live\/id\/VGhvbWFzIFNhZnJhbiAmIEFzc29jaWF0ZXNAcGxheQ==”, “victim”: “Thomas Safran & Associates” }, { “activity”: “Manufacturing”, “attackdate”: “2025-09-17 20:13:50.674401”, “claim_url”: “http:\/\/safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion\/blog\/post\/brownecocom\/”, “country”: “US”, “description”: “Browne (Browne Group Inc.) is a legacy kitchenware and foodservice products designer and distributor with a multi-decade history (70+ years) \u2026”, “discovered”: “2025-09-17 20:14:13.239659”, “domain”: “browneco.com”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-17 20:13:33”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/0696a7fd9385bc530f3a0f4bcc2b9252.png”, “url”: “https:\/\/www.ransomware.live\/id\/YnJvd25lY28uY29tQHNhZmVwYXk=”, “victim”: “browneco.com” }, { “activity”: “Manufacturing”, “attackdate”: “2025-09-17 20:13:13.118032”, “claim_url”: “http:\/\/safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion\/blog\/post\/alliancesteelcocom\/”, “country”: “US”, “description”: “\u201cAlliance Steel\u201d is a generic trade name used by multiple flat-rolled steel service centers in North America; relevant examples include \u2026”, “discovered”: “2025-09-17 20:13:28.679063”, “domain”: “alliancesteelco.com”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-17 20:12:54”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/63555565844794efab50fb5d42736bdf.png”, “url”: “https:\/\/www.ransomware.live\/id\/YWxsaWFuY2VzdGVlbGNvLmNvbUBzYWZlcGF5”, “victim”: “alliancesteelco.com” }, { “activity”: “Not Found”, “attackdate”: “2025-09-17 20:12:37.779544”, “claim_url”: “http:\/\/safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion\/blog\/post\/slusarskicom\/”, “country”: “US”, “description”: “Slusarski is a Michigan-based sitework, earthmoving and paving contractor founded in 1982 that provides excavation, asphalt paving, sealcoating, striping, materials \u2026”, “discovered”: “2025-09-17 20:12:50.806952”, “domain”: “slusarski.com”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-17 20:12:20”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/94f38dfe8e766a3651bbe46d1e04a9fb.png”, “url”: “https:\/\/www.ransomware.live\/id\/c2x1c2Fyc2tpLmNvbUBzYWZlcGF5”, “victim”: “slusarski.com” }, { “activity”: “Healthcare”, “attackdate”: “2025-09-17 20:12:02.400583”, “claim_url”: “http:\/\/safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion\/blog\/post\/drcloudemrcom\/”, “country”: “US”, “description”: “DrCloudEHR (often referenced as DrCloud\/DrCloudEMR) provides cloud-hosted electronic health record (EHR) \/ practice management software targeted at ambulatory clinics and \u2026”, “discovered”: “2025-09-17 20:12:15.237508”, “domain”: “drcloudemr.com”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Azorult”: 2, “Lumma”: 2, “RedLine”: 12 }, “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-17 20:11:46”, “users”: 11, “users_url”: 11 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/e3dd2cb7a57f2c67503a90e6e1c585aa.png”, “url”: “https:\/\/www.ransomware.live\/id\/ZHJjbG91ZGVtci5jb21Ac2FmZXBheQ==”, “victim”: “drcloudemr.com” }, { “activity”: “Not Found”, “attackdate”: “2025-09-17 20:11:27.373299”, “claim_url”: “http:\/\/safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion\/blog\/post\/venetianassociatescom\/”, “country”: “US”, “description”: “Venetian Associates is a private family-office style investment vehicle and lower-middle-market acquirer based in Michigan that focuses on buying consumer \u2026”, “discovered”: “2025-09-17 20:11:40.022972”, “domain”: “venetianassociates.com”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-17 20:11:08”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/b88687f0948c39cf92ed66a1167a12a1.png”, “url”: “https:\/\/www.ransomware.live\/id\/dmVuZXRpYW5hc3NvY2lhdGVzLmNvbUBzYWZlcGF5”, “victim”: “venetianassociates.com” }, { “activity”: “Technology”, “attackdate”: “2025-09-17 20:10:44.675301”, “claim_url”: “http:\/\/safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion\/blog\/post\/armourhomecouk\/”, “country”: “GB”, “description”: “Armour Home is a UK-based designer, manufacturer and distributor of hi-fi, home-cinema and multi-room audio furniture and electronic solutions. The \u2026”, “discovered”: “2025-09-17 20:11:04.188621”, “domain”: “armourhome.co.uk”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Raccoon”: 4 }, “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-17 20:10:28”, “users”: 2, “users_url”: 2 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/0a61bba115d790ca7e182481c49e9e41.png”, “url”: “https:\/\/www.ransomware.live\/id\/YXJtb3VyaG9tZS5jby51a0BzYWZlcGF5”, “victim”: “armourhome.co.uk” }, { “activity”: “Not Found”, “attackdate”: “2025-09-17 19:29:00.000000”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/68cb285f115cdd9291b0933f”, “country”: “US”, “description”: “Howard T. Linden, P.C. is a Michigan-based law firm specializing exclusively in probate law, offering services such as wills, trusts, guardianships, and wrongful death settlements. With nearly 50 years of experience, the firm is known for its efficient and cost-effective probate services for attorneys, insurance companies, creditors, and families. The firm caters to both local and out-of-state clients needing assistance with probate matters in Michigan. Attorney Howard Linden’s extensive knowledge and compassionate approach ensure that clients receive thorough and timely support throughout the probate process.\r Employees: 25\r Revenue: $5 Million\r Industry: Law Firms\r Phone Number:(248) 358-4545”, “discovered”: “2025-09-17 21:52:40.540463”, “domain”: “lindenlaw.com”, “duplicates”: [], “extrainfos”: [], “group”: “incransom”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-17 21:52:11”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/ec9108a5ce9bf253be61ee71b5f3f77c.png”, “url”: “https:\/\/www.ransomware.live\/id\/bGluZGVubGF3LmNvbUBpbmNyYW5zb20=”, “victim”: “lindenlaw.com” }, { “activity”: “Healthcare”, “attackdate”: “2025-09-17 18:42:15.182182”, “claim_url”: “http:\/\/safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion\/blog\/post\/biosorthopedicscom\/”, “country”: “US”, “description”: “Broward Institute of Orthopaedic Specialties (BIOS) is a multi-physician orthopaedic practice headquartered in Hollywood and Pembroke Pines, Florida. The practice \u2026”, “discovered”: “2025-09-17 18:42:27.048325”, “domain”: “biosorthopedics.com”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-17 18:41:56”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/cde1b6b87cf8a12f679cf1fa54e3ea2d.png”, “url”: “https:\/\/www.ransomware.live\/id\/Ymlvc29ydGhvcGVkaWNzLmNvbUBzYWZlcGF5”, “victim”: “biosorthopedics.com” }, { “activity”: “Construction”, “attackdate”: “2025-09-17 18:41:37.370257”, “claim_url”: “http:\/\/safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion\/blog\/post\/gosheatingcouk\/”, “country”: “GB”, “description”: “GOS Heating is a long-standing, family-run heating, plumbing and electrical contractor based in Preston, Lancashire. The company markets domestic and \u2026”, “discovered”: “2025-09-17 18:41:52.037642”, “domain”: “gosheating.co.uk”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-17 18:41:20”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a299aa771ae0ecdbe89b0e4da5a64726.png”, “url”: “https:\/\/www.ransomware.live\/id\/Z29zaGVhdGluZy5jby51a0BzYWZlcGF5”, “victim”: “gosheating.co.uk” }, { “activity”: “Healthcare”, “attackdate”: “2025-09-17 16:27:31.000000”, “claim_url”: “http:\/\/tezwsse5czllksjb7cwp65rvnk4oobmzti2znn42i43bjdfd2prqqkad.onion”, “country”: “CO”, “description”: “Armonia Medical S.A.S es una empresa en Colombia, con sede principal en Santa Marta. Opera en Servicios de Salud M\u00f3viles sector. La empresa fue fundada en 24 de febrero de 2012. Actividades de la pr\u00e1ctica m\u00e9dica sin internaci\u00f3n, Peluquer\u00eda y otros tratamientos de belleza, Comercio al por menor de productos farmac\u00e9uticos y medicinales cosm\u00e9ticos y art\u00edculos de tocador en establecimientos especializados https:\/\/armoniaips.com”, “discovered”: “2025-09-17 16:52:23.446790”, “domain”: “armoniaips.com”, “duplicates”: [], “extrainfos”: [], “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-17 16:51:38”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/8c47959c80ef37fb0095eb6ecb94c7a8.png”, “url”: “https:\/\/www.ransomware.live\/id\/QVJNT05JQSBNRURJQ0FMIFMuQS5TLkB0aGVnZW50bGVtZW4=”, “victim”: “ARMONIA MEDICAL S.A.S.” }, { “activity”: “Not Found”, “attackdate”: “2025-09-17 08:21:20.565110”, “claim_url”: “”, “country”: “DE”, “description”: “IAD GmbH\nIn addition to our traditional training and certification services, you can also take advantage of other services: from our in-house Pearson VUE test centers in Erfurt, Jena, Leipzig, Marburg, and Nordhausen, to room and hardware rental, to booking our experienced consultants and recruiting skilled workers.Geo: Germany – Leak size: 43 GB Archive – Contains: Files, SQL, Exchange”, “discovered”: “2025-09-17 08:21:22.302522”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “sarcoma”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/SUFEIEdtYkhAc2FyY29tYQ==”, “victim”: “IAD GmbH” }, { “activity”: “Not Found”, “attackdate”: “2025-09-17 08:21:15.527089”, “claim_url”: “”, “country”: “DE”, “description”: “Kwg\nKWG mbH im Lausitzer Seenland is a modern and progressive housing service company that rents and manages residential and commercial properties in the Senftenberg region and surrounding areas. They offer a variety of housing options tailored to different needs, including affordable apartments for families, students, and seniors, as well as higher-end accommodations. The company aims to provide suitable living spaces for singles, young people, families, and seniors, with the possibility of customizing floor plans. Their services are designed to meet the diverse demands of their clients in Senftenberg, Gro\u00dfr\u00e4schen, Schipkau, Schwarzheide, and Ortrand.Geo: Germany – Leak size: 989 GB Archive – Contains: Files, SQL, Exchange”, “discovered”: “2025-09-17 08:21:18.147206”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “sarcoma”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/S3dnQHNhcmNvbWE=”, “victim”: “Kwg” }, { “activity”: “Manufacturing”, “attackdate”: “2025-09-17 08:21:10.529722”, “claim_url”: “”, “country”: “DE”, “description”: “Pfullendorfer Tor-Systeme\nPfullendorfer Tor-Systeme was a German company that manufactured high-quality, long-lasting Kipptore (tilt doors) for garages, starting in 1949. They specialized in durable, value-preserving products and offered features like varied filling options and integrated wicket doors. With over 400,000 customers, the company was known for the stability of its tilt door design and its commitment to providing customers with customized and durable solutions, though the snippet provided does not give its current status. \nPfullendorfer Tor-Systeme has been based in the region for over 70 years and has established itself as an attractive employer. In addition to direct entry-level commercial and industrial positions, we have been offering apprenticeships at our company for several years, thus giving young people the opportunity to shape their professional futures.Geo: Germany – Leak size: 643 GB Archive – Contains: Files,Exchange”, “discovered”: “2025-09-17 08:21:12.692201”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “sarcoma”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/UGZ1bGxlbmRvcmZlciBUb3ItU3lzdGVtZUBzYXJjb21h”, “victim”: “Pfullendorfer Tor-Systeme” }, { “activity”: “Not Found”, “attackdate”: “2025-09-17 06:05:57.461787”, “claim_url”: “http:\/\/b2ykcy2gcug4gnccm6hnrb5xapnresmyjjqgvhafaypppwgo4feixwyd.onion\/books\/3”, “country”: “IN”, “description”: “DATA SIZE : 2TB”, “discovered”: “2025-09-17 06:06:49.259330”, “domain”: “”, “duplicates”: [], “extrainfos”: { “data_size”: “2 TB” }, “group”: “blackshrantac”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/dced8bdc9bc5a267d2fee4eb280f17f7.png”, “url”: “https:\/\/www.ransomware.live\/id\/a2xpKioqKioqZXJnLmluQGJsYWNrc2hyYW50YWM=”, “victim”: “kli******erg.in” }, { “activity”: “Not Found”, “attackdate”: “2025-09-17 06:05:40.528660”, “claim_url”: “http:\/\/b2ykcy2gcug4gnccm6hnrb5xapnresmyjjqgvhafaypppwgo4feixwyd.onion\/books\/2”, “country”: “TR”, “description”: “DATA SIZE : 600GB”, “discovered”: “2025-09-17 06:05:54.947693”, “domain”: “”, “duplicates”: [], “extrainfos”: { “data_size”: “600 GB” }, “group”: “blackshrantac”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/3eaa3360858118b831e13c1ce7b4ce38.png”, “url”: “https:\/\/www.ransomware.live\/id\/YWx0KioqKioqLnRyQGJsYWNrc2hyYW50YWM=”, “victim”: “alt******.tr” }, { “activity”: “Not Found”, “attackdate”: “2025-09-17 03:44:10.000000”, “claim_url”: “http:\/\/tezwsse5czllksjb7cwp65rvnk4oobmzti2znn42i43bjdfd2prqqkad.onion”, “country”: “NP”, “description”: “INSEC offer integrated services, educational tools, and multi-sector partnerships through programs focused on economic development, community development, employment training, and integrated support services. Their mission is to transform lives and strengthen communities by providing workshops, grants, and direct assistance to those in need. INSEC aims to be a leading organization in community services, developing innovative programs that make a tangible impact. https:\/\/insec.org\/”, “discovered”: “2025-09-17 04:26:17.244431”, “domain”: “insec.org”, “duplicates”: [], “extrainfos”: [], “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-17 04:25:32”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/8c47959c80ef37fb0095eb6ecb94c7a8.png”, “url”: “https:\/\/www.ransomware.live\/id\/SW5zdGl0dXRvIFNvY2lvLUVjb27Ds21pY28gQ29tdW5pdGFyaW8gKElOU0VDKUB0aGVnZW50bGVtZW4=”, “victim”: “Instituto Socio-Econ\u00f3mico Comunitario (INSEC)” }, { “activity”: “Financial Services”, “attackdate”: “2025-09-17 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=9320ec9a-80c2-36b1-b3d4-65e89fea03ec”, “country”: “”, “description”: “Prime Asset Fund, USA is a highly questionable player in the US financial market. It is a company that operates in the investment banking industry. It employs 20 to 49 people and has revenues of $10 million to $25 million. Prime Asset also in …”, “discovered”: “2025-09-17 15:40:43.115614”, “domain”: “www.primeassetfund.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/b3d14f7de491270e00aefc39062b063b.png”, “url”: “https:\/\/www.ransomware.live\/id\/UHJpbWUgQXNzZXQgRnVuZEBxaWxpbg==”, “victim”: “Prime Asset Fund” }, { “activity”: “Financial Services”, “attackdate”: “2025-09-17 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=5d679bd5-470b-3d79-bd74-e337efa4c770”, “country”: “US”, “description”: “Zebra Asset Management Co., Korean Leak2. The company has been operating on the Korean stock market since 2021. The company has a portfolio of 15bn won ($11m). The company continuously audits undervalued companies in order to make profits in …”, “discovered”: “2025-09-17 21:17:33.958704”, “domain”: “zebraasset.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-17 21:16:55”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/013472da60ecf6018a269f47c50d0198.png”, “url”: “https:\/\/www.ransomware.live\/id\/WmVicmEgQXNzZXQgTWFuYWdlbWVudCBDb0BxaWxpbg==”, “victim”: “Zebra Asset Management Co” }, { “activity”: “Financial Services”, “attackdate”: “2025-09-17 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=2328ea8e-7e4f-3801-ba21-4536503ad3fb”, “country”: “KR”, “description”: “Saebom Asset Management Co., Korean Leak2. The company was founded in 2022. It operates in the Korean financial market and has several funds: multi-strategy and high-yield private investment funds, a mezzanine direct investment fund, and a pu …”, “discovered”: “2025-09-17 21:18:19.884082”, “domain”: “newspringfund.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-17 21:17:38”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/4f4697bc17e35edcd47676e5d8585cfd.png”, “url”: “https:\/\/www.ransomware.live\/id\/U2FlYm9tIEFzc2V0IE1hbmFnZW1lbnRAcWlsaW4=”, “victim”: “Saebom Asset Management” }, { “activity”: “Financial Services”, “attackdate”: “2025-09-17 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=5e897974-5294-319f-bd91-5b23cea9d76b”, “country”: “HK”, “description”: “SUNIQUE Asset Management Co, Korean Leak2. General business in the field of direct investment, investment consulting, and investment agency. The company’s portfolio is 1.5 billion won ($1 million). The company claims that it works only with …”, “discovered”: “2025-09-17 23:10:24.184555”, “domain”: “suniqueam.co.kr”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-17 23:09:47”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/2ca2300634d6ea57e556d8fd3f6f25ea.png”, “url”: “https:\/\/www.ransomware.live\/id\/U1VOSVFVRSBBc3NldCBNYW5hZ2VtZW50IENvQHFpbGlu”, “victim”: “SUNIQUE Asset Management Co” }, { “activity”: “Technology”, “attackdate”: “2025-09-17 00:00:00.000000”, “claim_url”: “”, “country”: “AU”, “description”: “Intellect Systems provides solutions to the domestic and internat\nional resource, infrastructure, oil and gas, utilities and manufa\ncturing markets. \n\nWe are going to upload 10gb corporate data. Lots of employee info\nrmation (passports, DLs, medical information, death and birth cer\ntificates), confidentiality agreements, contracts, financial info\nrmation, project information and other files.\n”, “discovered”: “2025-09-18 18:14:27.011646”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/SW50ZWxsZWN0IFN5c3RlbXNAYWtpcmE=”, “victim”: “Intellect Systems” }, { “activity”: “Not Found”, “attackdate”: “2025-09-17 00:00:00.000000”, “claim_url”: “”, “country”: “US”, “description”: “MMI Direct is a leading data processor that specializes in provid\ning services like NCOA, PCOA, analytics, list fulfillment, merge \npurge, and data append to nonprofits, businesses, and government \nclients.\n\nWe are going to upload 116gb corporate data. Employee files (Pass\nports, DLs, birth and death certificates, interviews and other pe\nrsonal documents), medical information, HR data, contracts and ag\nreements, financial information, client information, NDAs, etc.\n”, “discovered”: “2025-09-18 18:14:30.963392”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TU1JIERpcmVjdEBha2lyYQ==”, “victim”: “MMI Direct” }, { “activity”: “Technology”, “attackdate”: “2025-09-16 23:49:00.000000”, “claim_url”: “http:\/\/arcuufpr5xxbbkin4mlidt7itmr6znlppk63jbtkeguuhszmc5g7qdyd.onion\/?p=560”, “country”: “AE”, “description”: “Days: 66 Hours: 22 Minutes: 66 Seconds: 99 \n\n\nwww.accflex.com\nWith the help of experienced and qualified programmers, and distinguished w\u2026”, “discovered”: “2025-09-17 00:51:35.795037”, “domain”: “www.accflex.com”, “duplicates”: [], “extrainfos”: [], “group”: “arcusmedia”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/c53703e68b16cc7f78a9969c744df52f.png”, “url”: “https:\/\/www.ransomware.live\/id\/QWNjZmxleCBFUlBAYXJjdXNtZWRpYQ==”, “victim”: “Accflex ERP” }, { “activity”: “Not Found”, “attackdate”: “2025-09-16 23:41:24.000000”, “claim_url”: “http:\/\/arcuufpr5xxbbkin4mlidt7itmr6znlppk63jbtkeguuhszmc5g7qdyd.onion\/?p=555”, “country”: “NO”, “description”: “Days: 66 Hours: 22 Minutes: 66 Seconds: 99 \n\n\nTunad.io\nTunad is a Media Intelligence Platform that enhances the results of advertising ca\u2026”, “discovered”: “2025-09-17 00:51:56.067775”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “arcusmedia”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/9cc877ba98d31a527447c7d10154af86.png”, “url”: “https:\/\/www.ransomware.live\/id\/VHVuYWRAYXJjdXNtZWRpYQ==”, “victim”: “Tunad” }, { “activity”: “Not Found”, “attackdate”: “2025-09-16 23:05:00.000000”, “claim_url”: “http:\/\/arcuufpr5xxbbkin4mlidt7itmr6znlppk63jbtkeguuhszmc5g7qdyd.onion\/?p=558”, “country”: “ES”, “description”: “Days: 66 Hours: 22 Minutes: 66 Seconds: 99 \n\n\ngrupgestio.net\nWe are a consultancy with more than 25 years of experience with the clear id\u2026”, “discovered”: “2025-09-17 00:52:15.931104”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “arcusmedia”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/606da7ad3fe861620adb2cd2cf7b2017.png”, “url”: “https:\/\/www.ransomware.live\/id\/R3J1cCBHZXN0aW9AYXJjdXNtZWRpYQ==”, “victim”: “Grup Gestio” }, { “activity”: “Not Found”, “attackdate”: “2025-09-16 22:34:34.000000”, “claim_url”: “http:\/\/arcuufpr5xxbbkin4mlidt7itmr6znlppk63jbtkeguuhszmc5g7qdyd.onion\/?p=547”, “country”: “”, “description”: “Hey , We have been offline for weeks .we taught it is time to rebrand our Project And try \u2026”, “discovered”: “2025-09-16 23:46:15.959928”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “arcusmedia”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f17fcf2fb0429a9dab82f3ab9e1e66a3.png”, “url”: “https:\/\/www.ransomware.live\/id\/QW5ub3VuY2VtZW50IDE2LTA5LTIwMjVAYXJjdXNtZWRpYQ==”, “victim”: “Announcement 16-09-2025” }, { “activity”: “Not Found”, “attackdate”: “2025-09-16 19:36:34.142207”, “claim_url”: “http:\/\/mydatae2d63il5oaxxangwnid5loq2qmtsol2ozr6vtb7yfm5ypzo6id.onion\/blog_1-21”, “country”: “MX”, “description”: “~170 GB data Ciudad Ju\u00e1rez, M\u00e9xico \u00b7 Samalayuca, Chihuahua, Mexico \u00b7 Valle de Ju\u00e1rez, Jalisco, M\u00e9xico -Contracts -Projects -Clients -Customers -Employees etc”, “discovered”: “2025-09-16 19:36:53.067569”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “alphalocker”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/3c5b79c80084ab16e1f663ba2376ce5b.png”, “url”: “https:\/\/www.ransomware.live\/id\/Z3J1cG96ZXRhLmNvbSAmIHd3dy5ncnVwb3pldGFqYWxpc2NvLmNvbUBhbHBoYWxvY2tlcg==”, “victim”: “grupozeta.com & www.grupozetajalisco.com” }, { “activity”: “Manufacturing”, “attackdate”: “2025-09-16 18:57:00.000000”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/68ca1590115cdd92919efc3c”, “country”: “GB”, “description”: “\\cnhi.tech 2tb”, “discovered”: “2025-09-17 02:27:57.986763”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “incransom”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/1688e4e6ba234c7652acee0079b5f125.png”, “url”: “https:\/\/www.ransomware.live\/id\/aHR0cHM6Ly93d3cuY25oLmNvbS9AaW5jcmFuc29t”, “victim”: “https:\/\/www.cnh.com\/” }, { “activity”: “Not Found”, “attackdate”: “2025-09-16 18:16:39.779131”, “claim_url”: “http:\/\/nerqnacjmdy3obvevyol7qhazkwkv57dwqvye5v46k5bcujtfa6sduad.onion\/detail?code=thepropertybusiness-com-australia-164gb”, “country”: “AU”, “description”: “Unknown – thepropertybusiness.com”, “discovered”: “2025-09-16 18:17:10.757306”, “domain”: “thepropertybusiness.com\/Australia\/164GB”, “duplicates”: [], “extrainfos”: [], “group”: “kairos”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a1babbec3ac626380b026c5c2d068f54.png”, “url”: “https:\/\/www.ransomware.live\/id\/dGhlcHJvcGVydHlidXNpbmVzcy5jb20vQXVzdHJhbGlhLzE2NEdCQGthaXJvcw==”, “victim”: “thepropertybusiness.com\/Australia\/164GB” }, { “activity”: “Not Found”, “attackdate”: “2025-09-16 18:15:25.971270”, “claim_url”: “http:\/\/nerqnacjmdy3obvevyol7qhazkwkv57dwqvye5v46k5bcujtfa6sduad.onion\/detail?code=ekonomipoolen-se-sweden-32-gb”, “country”: “SE”, “description”: “Unknown – ekonomipoolen.se”, “discovered”: “2025-09-16 18:16:17.394817”, “domain”: “ekonomipoolen.se\/Sweden\/32\/GB”, “duplicates”: [], “extrainfos”: [], “group”: “kairos”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/777483a3a0c3791eb1bcfaa352d1c8ed.png”, “url”: “https:\/\/www.ransomware.live\/id\/ZWtvbm9taXBvb2xlbi5zZS9Td2VkZW4vMzIvR0JAa2Fpcm9z”, “victim”: “ekonomipoolen.se\/Sweden\/32\/GB” }, { “activity”: “Not Found”, “attackdate”: “2025-09-16 17:17:08.902554”, “claim_url”: “http:\/\/vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion\/s\/PjoNQ73y8DVTRy6kaTd8NP9CMCiaxEnkjS8ydpKkPc53buBGOMmYxdwrfHn7bBOobjqFWpvN4fUZP9Dpp4733lwblJQQk1t”, “country”: “US”, “description”: “[AI generated] N\/A”, “discovered”: “2025-09-16 17:17:34.229410”, “domain”: “bmsi.org”, “duplicates”: [], “extrainfos”: [], “group”: “BrainCipher”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-16 17:16:51”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/71fd8a8115ec5a49446cc23c65ea5b89.png”, “url”: “https:\/\/www.ransomware.live\/id\/Ym1zaS5vcmdAQnJhaW5DaXBoZXI=”, “victim”: “bmsi.org” }, { “activity”: “Energy”, “attackdate”: “2025-09-16 10:14:45.112665”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=ff58a3ee-bdbc-4887-81ba-42cece7dffdc”, “country”: “CN”, “description”: “Concord New Energy Group Limited (CNE) specializes in wind and solar power operation. To date, we are the only pure vertical integrated clean energy power company listed on the Hong Kong Stock Exchange.”, “discovered”: “2025-09-16 10:16:20.807664”, “domain”: “cn.cnegroup.com”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-16 10:15:16”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a1b6a0b26d1247769f0abb200d6da209.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q29uY29yZCBOZXcgRW5lcmd5IEdyb3VwQGRyYWdvbmZvcmNl”, “victim”: “Concord New Energy Group” }, { “activity”: “Healthcare”, “attackdate”: “2025-09-16 07:21:58.310638”, “claim_url”: “http:\/\/ks5424y3wpr5zlug5c7i6svvxweinhbdcqcfnptkfcutrncfazzgz5id.onion\/posts.php?pid=5sbHe5TNldwTtVVJ7wWVhtK6”, “country”: “AU”, “description”: “N\/A”, “discovered”: “2025-09-16 07:22:18.166974”, “domain”: “allureclinics.com”, “duplicates”: [], “extrainfos”: [], “group”: “killsec”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Lumma”: 2 }, “thirdparties”: 1, “thirdparties_domain”: 2, “update”: “2025-09-16 07:21:42”, “users”: 1, “users_url”: 1 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/7d0b68d1506a8e1320a13c61dd1fa323.png”, “url”: “https:\/\/www.ransomware.live\/id\/QWxsdXJlIENsaW5pY3NAa2lsbHNlYw==”, “victim”: “Allure Clinics” }, { “activity”: “Not Found”, “attackdate”: “2025-09-16 07:08:19.908891”, “claim_url”: “”, “country”: “CH”, “description”: “F1-Generation\nF1-Generation GmbH is a distributor of internationally renowned fashion brands in the European market, managing over 10 labels. Its product portfolio includes designer lingerie, loungewear, swimwear, hosiery, shapewear, and fashion accessories. The company provides support in marketing and PR, IT improvements through in-house software development, and efficient brand management. Additionally, F1-Generation organizes and conducts trade fairs and order days for its clients.Geo: Germany – Leak size: 520 GB Archive – Contains: Files, SQL”, “discovered”: “2025-09-16 07:08:21.797186”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “sarcoma”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/RjEtR2VuZXJhdGlvbkBzYXJjb21h”, “victim”: “F1-Generation” }, { “activity”: “Consumer Services”, “attackdate”: “2025-09-16 06:37:48.845445”, “claim_url”: “http:\/\/imncrewwfkbjkhr2oylerfm5qtbzfphhmpcfag43xc2kfgvluqtlgoid.onion\/files\/data\/jansen.zip”, “country”: “CA”, “description”: “Jansen Furniture is a brand and producer of luxury furniture. It has been family owned since it was founded in 1982 by Peter Andries Jansen. Jansen Furniture sells B2B and has a worldwide network of dealers ready to serve customers at any place and time. Jansen Furniture\u2019s luxury furniture pieces and decorative accessories are inspired by history. Classic, contemporary and mid-century modern furniture and interior styles will provide you with a sophisticated living experience amidst quality furniture and decorations. Well-skilled artisans and craftsmen and \u2013women fabricate the most beautiful wooden and upholstered furniture using a wide selection of the finest high-quality materials. These materials consist of lots of exotic yet permitted materials such as veneers and woods. Simultaneously many materials originate from Europe\u2019s most excellent leather and upholstery material manufacturers to ensure a premium product quality.”, “discovered”: “2025-09-16 06:37:52.012722”, “domain”: “Jansenfurniture.com”, “duplicates”: [], “extrainfos”: [], “group”: “IMNCrew”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/SmFuc2VuZnVybml0dXJlLmNvbUBJTU5DcmV3”, “victim”: “Jansenfurniture.com” }, { “activity”: “Technology”, “attackdate”: “2025-09-16 05:29:58.743111”, “claim_url”: “”, “country”: “TW”, “description”: “all data”, “discovered”: “2025-09-16 05:30:00.055212”, “domain”: “chroma.com.tw”, “duplicates”: [], “extrainfos”: [], “group”: “warlock”, “infostealer”: { “employees”: 6, “employees_url”: 9, “infostealer_stats”: { “Generic Stealer”: 4, “Lumma”: 11, “Raccoon”: 10, “RedLine”: 12, “StealC”: 6 }, “thirdparties”: 2, “thirdparties_domain”: 16, “update”: “2025-09-16 05:29:41”, “users”: 18, “users_url”: 26 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Y2hyb21hLmNvbS50d0B3YXJsb2Nr”, “victim”: “chroma.com.tw” }, { “activity”: “Not Found”, “attackdate”: “2025-09-16 05:29:33.517323”, “claim_url”: “”, “country”: “”, “description”: “all data”, “discovered”: “2025-09-16 05:29:36.114766”, “domain”: “ferus-smit.home”, “duplicates”: [], “extrainfos”: [], “group”: “warlock”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-16 05:29:14”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/ZmVydXMtc21pdC5ob21lQHdhcmxvY2s=”, “victim”: “ferus-smit.home” }, { “activity”: “Financial Services”, “attackdate”: “2025-09-16 05:29:09.700087”, “claim_url”: “”, “country”: “PK”, “description”: “all data”, “discovered”: “2025-09-16 05:29:11.186812”, “domain”: “jubileelife.com”, “duplicates”: [], “extrainfos”: [], “group”: “warlock”, “infostealer”: { “employees”: 23, “employees_url”: 17, “infostealer_stats”: { “Azorult”: 14, “Lumma”: 250, “Mystic”: 4, “Raccoon”: 60, “RedLine”: 308, “StealC”: 50, “UNKNOWN”: 12, “Vidar”: 24 }, “thirdparties”: 35, “thirdparties_domain”: 23, “update”: “2025-09-16 05:28:55”, “users”: 414, “users_url”: 64 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/anViaWxlZWxpZmUuY29tQHdhcmxvY2s=”, “victim”: “jubileelife.com” }, { “activity”: “Not Found”, “attackdate”: “2025-09-16 05:28:45.803187”, “claim_url”: “”, “country”: “SA”, “description”: “all data”, “discovered”: “2025-09-16 05:28:47.449817”, “domain”: “kmssa.net”, “duplicates”: [], “extrainfos”: [], “group”: “warlock”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-16 05:28:27”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/a21zc2EubmV0QHdhcmxvY2s=”, “victim”: “kmssa.net” }, { “activity”: “Technology”, “attackdate”: “2025-09-16 05:28:19.888150”, “claim_url”: “”, “country”: “”, “description”: “all data”, “discovered”: “2025-09-16 05:28:23.769134”, “domain”: “webville.net”, “duplicates”: [], “extrainfos”: [], “group”: “warlock”, “infostealer”: { “employees”: 1, “employees_url”: 1, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-16 05:28:04”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/d2VidmlsbGUubmV0QHdhcmxvY2s=”, “victim”: “webville.net” }, { “activity”: “Not Found”, “attackdate”: “2025-09-16 05:27:55.268529”, “claim_url”: “”, “country”: “US”, “description”: “all data”, “discovered”: “2025-09-16 05:27:57.120925”, “domain”: “elssurveying.com”, “duplicates”: [], “extrainfos”: [], “group”: “warlock”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-16 05:27:37”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/ZWxzc3VydmV5aW5nLmNvbUB3YXJsb2Nr”, “victim”: “elssurveying.com” }, { “activity”: “Healthcare”, “attackdate”: “2025-09-16 05:27:31.028319”, “claim_url”: “”, “country”: “TR”, “description”: “all data”, “discovered”: “2025-09-16 05:27:33.254237”, “domain”: “medkar.com”, “duplicates”: [], “extrainfos”: [], “group”: “warlock”, “infostealer”: { “employees”: 15, “employees_url”: 2, “infostealer_stats”: { “Ficker”: 2, “Raccoon”: 2, “RedLine”: 22, “Vidar”: 2 }, “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-09-16 05:27:15”, “users”: 1, “users_url”: 3 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/bWVka2FyLmNvbUB3YXJsb2Nr”, “victim”: “medkar.com” }, { “activity”: “Not Found”, “attackdate”: “2025-09-16 01:04:49.000000”, “claim_url”: “http:\/\/tezwsse5czllksjb7cwp65rvnk4oobmzti2znn42i43bjdfd2prqqkad.onion”, “country”: “DE”, “description”: “Seit vielen Jahren befassen wir uns als erfolgreiches Unternehmen mit der Gutachtenerstellung in den Bereichen KFZ, LKW, Zweirad, Oldtimer, Sondermaschinen, Transportsch\u00e4den, Havarie, Verpackungsbeurteilung, Wasserfahrzeugen sowie Sch\u00e4den an Verkehrsleiteinrichtungen. Ebenfalls ist unser Unternehmen spezialisiert auf Gro\u00dfsch\u00e4den im KFZ-Bereich (Hagelschlag, Hochwasser), Schadenregulierung, Regressabwicklung sowie Seminare zum Thema Ladungssicherung nach VDI 2700a. Weiters garantiert unser firmeneigenes Qualit\u00e4tsmanagement, zertifiziert nach EN ISO 9001:2008, dass die Qualit\u00e4tsstandards unserer Auftraggeber strikt eingehalten werden.”, “discovered”: “2025-09-16 01:49:36.346315”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “thegentlemen”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/8c47959c80ef37fb0095eb6ecb94c7a8.png”, “url”: “https:\/\/www.ransomware.live\/id\/U1YtQsO8cm8gSW5nLiBTY2h1bHogR21iSEB0aGVnZW50bGVtZW4=”, “victim”: “SV-B\u00fcro Ing. Schulz GmbH” }, { “activity”: “Technology”, “attackdate”: “2025-09-16 01:00:00.000000”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/68c3b48c115cdd929142e936”, “country”: “KR”, “description”: “We hacked Humax Holdings. https:\/\/holdings.humaxdigital.com\/\r \r Founded in 1989 as Humax Co., Ltd., the company changed its name to its current name in 2009 when it transitioned to a non-financial holding company. \r Its subsidiaries include Humax Co., Ltd., a global manufacturer of broadcasting\/telecommunications gateways; Alticast Co., Ltd., a digital broadcasting software specialist; and Humax Mobility Co., Ltd., a total mobility solutions provider.\r \r We have at our disposal fiscal data, internal mail, data of all employees of the company, as well as strategic development plans.”, “discovered”: “2025-09-17 02:28:11.834583”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “incransom”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/0fdcba774397a52cdc9e075a27fe2b6b.png”, “url”: “https:\/\/www.ransomware.live\/id\/SHVtYXggSG9sZGluZ3NAaW5jcmFuc29t”, “victim”: “Humax Holdings” }, { “activity”: “Telecommunication”, “attackdate”: “2025-09-16 00:03:01.000000”, “claim_url”: “http:\/\/termiteuslbumdge2zmfmfcsrvmvsfe4gvyudc5j6cdnisnhtftvokid.onion\/post\/68c8abe73238e6543856fad0”, “country”: “US”, “description”: “News-Press & Gazette Company publishes daily newspapers and weekly publications. \n”, “discovered”: “2025-09-16 00:47:02.397662”, “domain”: “www.npgco.com”, “duplicates”: [], “extrainfos”: [], “group”: “termite”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/88cfa9329e36845ab6757457275a9fc1.png”, “url”: “https:\/\/www.ransomware.live\/id\/TmV3cy1QcmVzcyAmIEdhemV0dGUgQ28uQHRlcm1pdGU=”, “victim”: “News-Press & Gazette Co.” }, { “activity”: “Technology”, “attackdate”: “2025-09-16 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=fd5f98d0-94b1-3cdb-89f2-0e57e140f87a”, “country”: “US”, “description”: “VDyne, USA is a clinical-stage medical device company dedicated to developing transcatheter valve solutions for the treatment of debilitating and life-threatening Tricuspid Regurgitation (TR). They are developing medical micro-prostheses that …”, “discovered”: “2025-09-17 12:23:14.028275”, “domain”: “www.vdyne.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a8275128fd5ca36b985bbd6ab4e1a27b.png”, “url”: “https:\/\/www.ransomware.live\/id\/d3d3LnZkeW5lLmNvbUBxaWxpbg==”, “victim”: “www.vdyne.com” }, { “activity”: “Not Found”, “attackdate”: “2025-09-16 00:00:00.000000”, “claim_url”: “”, “country”: “”, “description”: “Cook Brown LLP specializes in labor and employment law, providing\ncomprehensive legal representation to employers in areas such as\nlitigation, claims settlement, and labor relations.\n\nWe are going to upload 160gb corporate data. Lots of client data \nwhere you can find at least 100 SSNs and other personal informati\non, employee files (Passports and other personal documents), poli\nce reports, court documents, medical information, HR data, contra\ncts and agreements, payment details and other financial informati\non, NDAs, etc.\n”, “discovered”: “2025-09-18 18:14:37.384090”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Q29vayBCcm93bkBha2lyYQ==”, “victim”: “Cook Brown” }, { “activity”: “Not Found”, “attackdate”: “2025-09-16 00:00:00.000000”, “claim_url”: “”, “country”: “DK”, “description”: “Ronald A\/S is an import company with 100 years of experience spec\nializing in unique FMCG solutions within the nonfood sector. Thei\nr product offerings include fashion items, textiles, licensed mer\nchandise, personal care products, and protective equipment. \n\nWe are going to upload 320gb corporate data. Detailed employee in\nformation (Passport scans and other personal documents), lots of \nHR data, contracts and agreements, payment details, customer info\nrmation, NDAs, etc.\n”, “discovered”: “2025-09-18 18:14:41.200158”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Um9uYWxkIEEvU0Bha2lyYQ==”, “victim”: “Ronald A\/S” }, { “activity”: “Technology”, “attackdate”: “2025-09-16 00:00:00.000000”, “claim_url”: “”, “country”: “US”, “description”: “Hood Technology Corp is an engineering-oriented company based in \nHood River, Oregon, specializing in the development of stabilized\ngimbals for both manned and unmanned vehicles. \n\nWe are going to upload corporate data. Lots of project files with\ndrawings and specifications, contracts with sound names like Fer\nrari, Toshiba, MAN, Siemens, Apex and other companies. Customer i\nnformation, lots of NDAs, etc.\n”, “discovered”: “2025-09-18 18:14:46.043285”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/SG9vZCBUZWNobm9sb2d5QGFraXJh”, “victim”: “Hood Technology” }, { “activity”: “Not Found”, “attackdate”: “2025-09-15 21:52:06.234228”, “claim_url”: “http:\/\/wugurgyscp5rxpihef5vl6b6m5ont3b6sezhl7boboso2enib2k3q6qd.onion#promisedlandcomtwh21-million-usdtime-remaining—buy-files”, “country”: “TW”, “description”: “1000000 USD”, “discovered”: “2025-09-15 21:52:24.627078”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “devman”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/2398f64c86d2289d3e72605a9adeccd2.png”, “url”: “https:\/\/www.ransomware.live\/id\/cHJvbWlzZWRsYW5kLmNvbS50dy9oMjEgbWlsbGlvbiBVU0QuLi5UaW1lIFJlbWFpbmluZzotLS1CVVkgRmlsZXNAZGV2bWFu”, “victim”: “promisedland.com.tw\/h21 million USD…Time Remaining:—BUY Files” }, { “activity”: “Construction”, “attackdate”: “2025-09-15 21:51:44.148213”, “claim_url”: “http:\/\/wugurgyscp5rxpihef5vl6b6m5ont3b6sezhl7boboso2enib2k3q6qd.onion#wwwshimaogroupcom”, “country”: “CN”, “description”: “91000000 USD”, “discovered”: “2025-09-15 21:52:02.366369”, “domain”: “www.shimaogroup.com”, “duplicates”: [], “extrainfos”: [], “group”: “devman”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/2a6c7c450b9cd953e7094ed6072a425d.png”, “url”: “https:\/\/www.ransomware.live\/id\/d3d3LnNoaW1hb2dyb3VwLmNvbUBkZXZtYW4=”, “victim”: “www.shimaogroup.com” }, { “activity”: “Not Found”, “attackdate”: “2025-09-15 21:51:02.935542”, “claim_url”: “http:\/\/wugurgyscp5rxpihef5vl6b6m5ont3b6sezhl7boboso2enib2k3q6qd.onion#wwwpeuhus”, “country”: “US”, “description”: “1700000 USD”, “discovered”: “2025-09-15 21:51:21.484858”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “devman”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/82f7101e224528a0266d8fca4358adda.png”, “url”: “https:\/\/www.ransomware.live\/id\/d3d3LnAqKiplKnUqKmgqKioudXNAZGV2bWFu”, “victim”: “www.p***e*u**h***.us” }, { “activity”: “Financial Services”, “attackdate”: “2025-09-15 20:49:12.590360”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/desjardins”, “country”: “CA”, “description”: “Desjardins founded the Caisses Populaires Desjardins (Desjardins Group). First headquartered in Levis, the group grew to become the largest associa…”, “discovered”: “2025-09-15 20:49:25.118468”, “domain”: “desjardins.com”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: { “employees”: 25, “employees_url”: 13, “infostealer_stats”: { “Atomic”: 36, “Azorult”: 1192, “CRYPTBOT”: 42, “DarkCrystal”: 12, “Ficker”: 2, “Generic Stealer”: 1467, “Lumma”: 3899, “Mystic”: 6, “Predator”: 8, “Raccoon”: 2464, “RedLine”: 5814, “StealC”: 322, “Taurus”: 12, “UNKNOWN”: 256, “Vidar”: 605 }, “thirdparties”: 39, “thirdparties_domain”: 32, “update”: “2025-09-15 20:49:02”, “users”: 9301, “users_url”: 100 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/520994254b7a5db33c12efeca415ae08.png”, “url”: “https:\/\/www.ransomware.live\/id\/RGVzamFyZGlucyBCYW5raW5nL0dyb3VwQGNvaW5iYXNlY2FydGVs”, “victim”: “Desjardins Banking\/Group” }, { “activity”: “Technology”, “attackdate”: “2025-09-15 20:48:37.520259”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/adscale”, “country”: “DE”, “description”: “AdScale is an AI-driven advertising platform tailored for e\u2011commerce and digital marketers, offering unified campaign management across Google Se…”, “discovered”: “2025-09-15 20:48:50.459269”, “domain”: “www.adscale.com”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/7e0583e9a09b797099ccad848d145e5c.png”, “url”: “https:\/\/www.ransomware.live\/id\/QWRTY2FsZUBjb2luYmFzZWNhcnRlbA==”, “victim”: “AdScale” }, { “activity”: “Technology”, “attackdate”: “2025-09-15 20:47:21.654999”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/focus-r-technologies-pvt”, “country”: “IN”, “description”: “Focus R Technologies is a leading technology consulting firm that specializes in delivering tailored software solutions and IT services to help bus…”, “discovered”: “2025-09-15 20:47:34.294183”, “domain”: “www.focusrtech.com”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/8ca45796c2dea17806a2f71fcac9c7eb.png”, “url”: “https:\/\/www.ransomware.live\/id\/Rm9jdXMgUiBUZWNobm9sb2dpZXMgUHZ0QGNvaW5iYXNlY2FydGVs”, “victim”: “Focus R Technologies Pvt” }, { “activity”: “Technology”, “attackdate”: “2025-09-15 20:46:46.975924”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/ntt-data”, “country”: “US”, “description”: “NTT Data is a global IT services provider based in Japan, delivering innovative solutions across a variety of industries including finance, healthc…”, “discovered”: “2025-09-15 20:46:59.228242”, “domain”: “www.nttdata.com”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/455e63f4e0d4eccec64d884fef47e889.png”, “url”: “https:\/\/www.ransomware.live\/id\/TlRUIERhdGEvVmVjdG9yZm9ybUBjb2luYmFzZWNhcnRlbA==”, “victim”: “NTT Data\/Vectorform” }, { “activity”: “Energy”, “attackdate”: “2025-09-15 20:46:11.540047”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/plugpower”, “country”: “US”, “description”: “Plug Power is a premier provider of innovative hydrogen fuel cell solutions, specializing in clean energy technologies that enable the transition t…”, “discovered”: “2025-09-15 20:46:24.662928”, “domain”: “www.plugpower.com”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f79be6c71fca5f3b31229de0dbcad575.png”, “url”: “https:\/\/www.ransomware.live\/id\/UGx1ZyBQb3dlckBjb2luYmFzZWNhcnRlbA==”, “victim”: “Plug Power” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2025-09-15 20:44:16.492280”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/cevalogistics”, “country”: “GB”, “description”: “CEVA Logistics is a global asset-light supply chain management company. It designs and implements freight forwarding, contract logistics, transport…”, “discovered”: “2025-09-15 20:44:32.683269”, “domain”: “cevalogistics.com”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: { “employees”: 287, “employees_url”: 56, “infostealer_stats”: { “Atomic”: 3, “Azorult”: 18, “CRYPTBOT”: 2, “DarkCrystal”: 4, “Generic Stealer”: 172, “Lumma”: 644, “Mystic”: 8, “Predator”: 4, “Raccoon”: 302, “RedLine”: 814, “StealC”: 140, “UNKNOWN”: 16, “Vidar”: 93 }, “thirdparties”: 304, “thirdparties_domain”: 199, “update”: “2025-09-15 20:44:01”, “users”: 1071, “users_url”: 100 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/34729f83abe2214a2786c6b84c7232a8.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q2V2YSBMb2dpc3RpY3NAY29pbmJhc2VjYXJ0ZWw=”, “victim”: “Ceva Logistics” }, { “activity”: “Consumer Services”, “attackdate”: “2025-09-15 19:47:40.172319”, “claim_url”: “http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=vHMKmokTFMVXJR”, “country”: “CA”, “description”: “Canada”, “discovered”: “2025-09-15 19:48:17.190182”, “domain”: “www.rgrgroupe.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/82a1c233cfe8a97275fb1da9366f7da6.png”, “url”: “https:\/\/www.ransomware.live\/id\/UkdSIFNwb3J0c3dlYXJAcGxheQ==”, “victim”: “RGR Sportswear” }, { “activity”: “Hospitality and Tourism”, “attackdate”: “2025-09-15 19:46:45.181238”, “claim_url”: “http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=c7RsVFeRBqfihH”, “country”: “US”, “description”: “United States”, “discovered”: “2025-09-15 19:47:20.813709”, “domain”: “www.eaupalmbeach.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/ee8a496197533b2ffb32570c314c82ac.png”, “url”: “https:\/\/www.ransomware.live\/id\/RWF1IFBhbG0gQmVhY2ggUmVzb3J0ICYgU3BhQHBsYXk=”, “victim”: “Eau Palm Beach Resort & Spa” }, { “activity”: “Energy”, “attackdate”: “2025-09-15 19:46:06.344052”, “claim_url”: “http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=KPrVQcTc6VQHS6”, “country”: “US”, “description”: “United States”, “discovered”: “2025-09-15 19:46:43.742813”, “domain”: “www.energenecs.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f4b370a5dcb8570105aca1a97301c71c.png”, “url”: “https:\/\/www.ransomware.live\/id\/RW5lcmdlbmVjc0BwbGF5”, “victim”: “Energenecs” }, { “activity”: “Construction”, “attackdate”: “2025-09-15 19:45:29.024242”, “claim_url”: “http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=8XpKPAfQOpA6ch”, “country”: “US”, “description”: “United States”, “discovered”: “2025-09-15 19:46:04.885070”, “domain”: “www.garrisonarch.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/578dc4bf30a39f6599dfe4705188f054.png”, “url”: “https:\/\/www.ransomware.live\/id\/R2Fycmlzb24gQXJjaGl0ZWN0c0BwbGF5”, “victim”: “Garrison Architects” }, { “activity”: “Construction”, “attackdate”: “2025-09-15 19:44:47.835877”, “claim_url”: “http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=J9wUU4JeBzEcMB”, “country”: “US”, “description”: “United States”, “discovered”: “2025-09-15 19:45:27.181213”, “domain”: “www.mccarterelectric.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/85945d260cd7b451099fb5f6a7b5e6c3.png”, “url”: “https:\/\/www.ransomware.live\/id\/TWNDYXJ0ZXIgRWxlY3RyaWNhbEBwbGF5”, “victim”: “McCarter Electrical” }, { “activity”: “Not Found”, “attackdate”: “2025-09-15 19:44:05.537287”, “claim_url”: “http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=kWJqGzFWDraCVJ”, “country”: “US”, “description”: “United States”, “discovered”: “2025-09-15 19:44:46.196371”, “domain”: “www.pathfinderlld.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/db05caaf793b7fef359d11282deb2cad.png”, “url”: “https:\/\/www.ransomware.live\/id\/UGF0aGZpbmRlckBwbGF5”, “victim”: “Pathfinder” }, { “activity”: “Technology”, “attackdate”: “2025-09-15 19:43:26.853443”, “claim_url”: “http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=J7s7OJcVfiuoCq”, “country”: “US”, “description”: “United States”, “discovered”: “2025-09-15 19:44:02.765238”, “domain”: “www.generalcontrolsystems.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/6f52ce2683106ca19f4e23782ee38c3f.png”, “url”: “https:\/\/www.ransomware.live\/id\/R2VuZXJhbCBDb250cm9sIFN5c3RlbXNAcGxheQ==”, “victim”: “General Control Systems” }, { “activity”: “Food and Agriculture”, “attackdate”: “2025-09-15 19:42:46.381530”, “claim_url”: “http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=chC7XBYeakV8rM”, “country”: “US”, “description”: “United States”, “discovered”: “2025-09-15 19:43:24.530152”, “domain”: “www.rfiingredients.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/5b920fea063fe1d76032c6480943e005.png”, “url”: “https:\/\/www.ransomware.live\/id\/UkZJQHBsYXk=”, “victim”: “RFI” }, { “activity”: “Not Found”, “attackdate”: “2025-09-15 19:42:08.109276”, “claim_url”: “http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=Mjvt9V6Um0UEt1”, “country”: “US”, “description”: “United States”, “discovered”: “2025-09-15 19:42:44.467000”, “domain”: “www.crestone-group.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/5b2129bd13b44de05d7a6f6f0f963e4a.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q3Jlc3RvbmUgR3JvdXBAcGxheQ==”, “victim”: “Crestone Group” }, { “activity”: “Not Found”, “attackdate”: “2025-09-15 19:41:49.679472”, “claim_url”: “http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=hQKvUarfPMvpe2”, “country”: “US”, “description”: “United States”, “discovered”: “2025-09-15 19:42:06.338859”, “domain”: “www.rochesteroptical.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/8c6be43e32018cd3649930179e11ff91.png”, “url”: “https:\/\/www.ransomware.live\/id\/VGVycmFuZWFyUE1DQHBsYXk=”, “victim”: “TerranearPMC” }, { “activity”: “Not Found”, “attackdate”: “2025-09-15 00:00:00.000000”, “claim_url”: “http:\/\/pearsmob5sn44ismokiusuld34pnfwi6ctgin3qbvonpoob4lh3rmtqd.onion\/Companies\/dubrofflaw”, “country”: “US”, “description”: “Attorney service in family law”, “discovered”: “2025-09-18 17:51:52.805085”, “domain”: “dubrofflaw.com”, “duplicates”: [], “extrainfos”: { “Activity”: “Law Firms & Legal Services”, “Revenue”: “<$5M", "Status": "announced" }, "group": "pear", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": [], "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-09-18 17:51:20", "users": 0, "users_url": 0 }, "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/eaabe65189bb3572d79554e81055e50a.png", "url": "https:\/\/www.ransomware.live\/id\/RHVicm9mZiwgRWFzbGV5ICYgTG92ZWxsLCBMTFBAcGVhcg==", "victim": "Dubroff, Easley & Lovell, LLP" }, { "activity": "Hospitality and Tourism", "attackdate": "2025-09-15 00:00:00.000000", "claim_url": "", "country": "MY", "description": "Gurneys Montauk Resort & Seawater Spa is a luxury beach hotel loc\nated in Montauk, NY, offering 158 rooms, suites, and beachfront c\nottages with stunning ocean views. \n\nWe are going to upload 20GB of corporate data. Employees' persona\nl information (passports, addresses, SSNs, phones, emails, medica\nl information and so on), client information (DOB, full name, pho\nne, emails, room numbers, addresses and so on), finance and accou\nnting files, NDAs, etc.\n", "discovered": "2025-09-18 18:14:49.927727", "domain": "", "duplicates": [], "extrainfos": [], "group": "akira", "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/R3VybmV5J3MgUmVzb3J0c0Bha2lyYQ==", "victim": "Gurney's Resorts" }, { "activity": "Manufacturing", "attackdate": "2025-09-14 00:00:00.000000", "claim_url": "http:\/\/ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion\/news\/BMW", "country": "DE", "description": "[AI generated] BMW, officially known as Bayerische Motoren Werke AG, is a German multinational corporation renowned for manufacturing high-quality automobiles and motorcycles. Established in 1916, the company's headquarters is in Munich, Germany. The brand represents luxury and performance, offering diverse models under various segments like sports cars, EVs, luxury sedans, and SAVs. BMW also owns and produces Mini cars and is the parent company of Rolls-Royce Motor Cars.", "discovered": "2025-09-17 15:12:21.392449", "domain": "", "duplicates": [], "extrainfos": [], "group": "everest", "screenshot": "https:\/\/images.ransomware.live\/victims\/f56af42ff0a385d0a80a409ad60a9ac1.png", "url": "https:\/\/www.ransomware.live\/id\/Qk1XQGV2ZXJlc3Q=", "victim": "BMW" }, { "activity": "Telecommunication", "attackdate": "2025-09-13 00:00:00.000000", "claim_url": "http:\/\/lunalockcccxzkpfovwzifwxcytqkiuak6wzybnniqwxcmpsetpbetid.onion\/victim\/jafica\/", "country": "MX", "description": "JAFICA Telecomunicaciones is a Mexican internet service provider.", "discovered": "2025-09-16 15:48:42.353659", "domain": "jafica.com", "duplicates": [], "extrainfos": [], "group": "lunalock", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": { "Lumma": 2, "RedLine": 2 }, "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-09-16 15:55:46", "users": 3, "users_url": 2 }, "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/c572e52df5c11fdd3de92ac83d4f6035.png", "url": "https:\/\/www.ransomware.live\/id\/SkFGSUNBIFRlbGVjb211bmljYWNpb25lc0BsdW5hbG9jaw==", "victim": "JAFICA Telecomunicaciones" }, { "activity": "Not Found", "attackdate": "2025-09-13 00:00:00.000000", "claim_url": "http:\/\/5butbkrljkaorg5maepuca25oma7eiwo6a2rlhvkblb4v6mf3ki2ovid.onion\/companies\/85\/rac-consultoria", "country": "BR", "description": "Rac Consulting began operations in June 2008, driven by its founder, Rinna Acosta, in offering solutions for companies' human and intellectual capital needs that enable them to improve their internal processes and effectively achieve their strategic objectives.Initially, it entered the market providing labor consulting and human resources management services. Today, it offers high-impact project administration and management services for companies, including improvement management, technological innovations, and organizational restructuring, among others.- SQL- Financial documents- Personal information of employees and clients https:\/\/www.racconsultoria.net\/", "discovered": "2025-09-17 13:27:20.800281", "domain": "www.racconsultoria.net", "duplicates": [], "extrainfos": [], "group": "spacebears", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/6a0316b4e073634d0e554a767c098b8c.png", "url": "https:\/\/www.ransomware.live\/id\/UkFDIENvbnN1bHRvcmlhQHNwYWNlYmVhcnM=", "victim": "RAC Consultoria" }, { "activity": "Not Found", "attackdate": "2025-09-11 00:00:00.000000", "claim_url": "http:\/\/pearsmob5sn44ismokiusuld34pnfwi6ctgin3qbvonpoob4lh3rmtqd.onion\/Companies\/virmedice", "country": "US", "description": "VirMedice offers the NextGen Ambulatory EHR (Electronic Health Records) and NextGen Ambulatory PM software (Practice Management) in two Models", "discovered": "2025-09-15 20:52:46.828182", "domain": "virmedice.com", "duplicates": [], "extrainfos": { "Activity": "Healthcare Software", "Revenue": "$3M", "Status": "announced" }, "group": "pear", "infostealer": { "employees": 1, "employees_url": 1, "infostealer_stats": [], "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-09-15 20:52:13", "users": 0, "users_url": 0 }, "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/f18f0c1ca24a02744a03a88113b9254a.png", "url": "https:\/\/www.ransomware.live\/id\/VmlyTWVkaWNlQHBlYXI=", "victim": "VirMedice" }, { "activity": "Not Found", "attackdate": "2025-09-11 00:00:00.000000", "claim_url": "http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=c7dd47e5-89cd-31ba-b587-2e45e310ffa5", "country": "IT", "description": "Pieffe Auto Group is a leading multi-brand automotive dealership network based in the Abruzzo region of Italy. \nThe group represents a wide portfolio of car brands, including Peugeot, Citro\u00ebn, DS Automobiles, Opel, Fiat, Jeep, Alfa Romeo, H ...", "discovered": "2025-09-17 11:16:46.020974", "domain": "www.pieffeautogroup.it", "duplicates": [], "extrainfos": [], "group": "qilin", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/4b4805b06ce3c163334731f2e9813d3e.png", "url": "https:\/\/www.ransomware.live\/id\/UGllZmZlIEF1dG8gR3JvdXBAcWlsaW4=", "victim": "Pieffe Auto Group" }, { "activity": "Manufacturing", "attackdate": "2025-09-04 07:46:03.457000", "claim_url": "http:\/\/lynxchatly4zludmhmi75jrwhycnoqvkxb4prohxmyzf4euf5gjxroad.onion\/leaks\/68b943bbcc2d2d4e68f5015f", "country": "US", "description": "Independent Paperboard Marketing, LLC is a problem-solving paperboard brokerage company that has built a reputation over more than twenty years as the supplier of choice for demanding paperboard converters in the U.S. They focus on key business principles such as honoring commitments, providing quality products, and building long-term relationships while constantly innovating. Established in 1994, IPM aims to extend the reach of partner mills through local representation and strong supplier relationships. Their deep expertise ensures they can meet customers' board needs amidst supply chain challenges", "discovered": "2025-09-18 12:37:47.057878", "domain": "www.independentpaperboard.com", "duplicates": [], "extrainfos": [], "group": "lynx", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/9cfd83cbc73f5eb6e6d999eef5a977b9.png", "url": "https:\/\/www.ransomware.live\/id\/d3d3LmluZGVwZW5kZW50cGFwZXJib2FyZC5jb21AbHlueA==", "victim": "www.independentpaperboard.com" }, { "activity": "Healthcare", "attackdate": "2025-09-03 00:00:00.000000", "claim_url": "http:\/\/pearsmob5sn44ismokiusuld34pnfwi6ctgin3qbvonpoob4lh3rmtqd.onion\/Companies\/tricenturyeye", "country": "US", "description": "Ophthalmologists and optometrists provide comprehensive and sub-specialty eye care across patients of all ages", "discovered": "2025-09-18 17:51:16.417540", "domain": "tricenturyeye.com", "duplicates": [], "extrainfos": { "Activity": "Hospitals & Physicians Clinics", "Revenue": "$21M", "Status": "announced" }, "group": "pear", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": [], "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-09-18 17:50:40", "users": 0, "users_url": 0 }, "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/1c63a8af70cb650f229b4272ccc8d587.png", "url": "https:\/\/www.ransomware.live\/id\/VHJpLUNlbnR1cnkgRXllIENhcmVAcGVhcg==", "victim": "Tri-Century Eye Care" }, { "activity": "Healthcare", "attackdate": "2025-09-01 00:00:00.000000", "claim_url": "http:\/\/beast6azu4f7fxjakiayhnssybibsgjnmy77a6duufqw5afjzfjhzuqd.onion\/card\/medpeds", "country": "US", "description": "MedPeds Associates, located in Sarasota, Florida, specializes in Internal Medicine and Pediatrics with a strong emphasis on preventive care for adults, seniors, and children. The practice is recognized as a Level 3 Patient Centered Medical Home by the National Committee for Quality Assurance, showcasing its commitment to high-quality healthcare practices. They offer a full spectrum of medical services including same day lab services, chronic care management, and telehealth options. Their goal is to promote good health through proper nutrition, regular professional care, and the establishment of good habits.", "discovered": "2025-09-16 11:11:53.475810", "domain": "www.medpedsdocs.com", "duplicates": [], "extrainfos": { "data_size": "400Gb" }, "group": "beast", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/ac13d38147bf5ec6f3149c6b83ba5aff.png", "url": "https:\/\/www.ransomware.live\/id\/TWVkcGVkc0BiZWFzdA==", "victim": "Medpeds" }, { "activity": "Public Sector", "attackdate": "2025-08-08 00:00:00.000000", "claim_url": "http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=f70b668a-28b9-3757-9747-b76dd41af80a", "country": "", "description": "SPARTANBURG, USA - Failure before the election. 08\/08\/25 FOX Carolina issued an urgent announcement: \u201cSpartanburg County officials have stated that a \u2018cybersecurity incident\u2019 has occurred on their network.\u201d As always, local authoritie ...", "discovered": "2025-09-17 16:45:21.622895", "domain": "www.spartanburgcounty.org", "duplicates": [], "extrainfos": [], "group": "qilin", "infostealer": "", "press": { "link": "https:\/\/www.ransomware.live\/id\/c3BhcnRhbmJ1cmdjb3VudHkub3JnQDIwMjUtMDgtMDg=", "source": "https:\/\/www.wyff4.com\/article\/spartanburg-county-cyberattack-services-disrupted\/65637950", "summary": "Le comt\u00e9 de Spartanburg a \u00e9t\u00e9 victime d'une cyberattaque, ce qui a entra\u00een\u00e9 la perturbation de certains services en ligne. Les responsables du comt\u00e9 ont d\u00e9clar\u00e9 que l'attaque avait \u00e9t\u00e9 contenue et que les services essentiels continuaient de fonctionner normalement. Le comt\u00e9 travaille actuellement \u00e0 la restauration de ses syst\u00e8mes et \u00e0 la r\u00e9tablisation de l'acc\u00e8s public." }, "screenshot": "https:\/\/images.ransomware.live\/victims\/18a49d766a072576e79f13dcc7705e40.png", "url": "https:\/\/www.ransomware.live\/id\/c3BhcnRhbmJ1cmdjb3VudHlAcWlsaW4=", "victim": "spartanburgcounty" }, { "activity": "Manufacturing", "attackdate": "2025-06-12 00:00:00.000000", "claim_url": "http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=YjSN5bPOrRkn0d", "country": "US", "description": "United States", "discovered": "2025-09-15 19:47:38.020573", "domain": "www.lakebook.com", "duplicates": [ { "attackdate": "2025-06-12 00:00:00.000000", "date": "2025-09-15 19:47:38.100661", "group": "qilin", "link": "https:\/\/www.ransomware.live\/id\/bGFrZWJvb2suY29tQHFpbGlu" } ], "extrainfos": [], "group": "play", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/30309de14f455bb684a10d94f9364462.png", "url": "https:\/\/www.ransomware.live\/id\/TGFrZSBCb29rIE1hbnVmYWN0dXJpbmdAcGxheQ==", "victim": "Lake Book Manufacturing" }, { "activity": "Telecommunication", "attackdate": "2025-04-19 00:00:00.000000", "claim_url": "http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/sk-telecom", "country": "KR", "description": "South Koreas largest wireless carrier offering mobile services broadband IPTV and cutting-edge AI and IoT solutions", "discovered": "2025-09-15 20:49:41.580884", "domain": "sktelecom.com", "duplicates": [], "extrainfos": [], "group": "coinbasecartel", "infostealer": { "employees": 50, "employees_url": 18, "infostealer_stats": { "Atomic": 2, "Azorult": 20, "CRYPTBOT": 14, "Ficker": 8, "Generic Stealer": 110, "Lumma": 177, "Mystic": 6, "Raccoon": 90, "RedLine": 456, "StealC": 66, "Taurus": 2, "UNKNOWN": 18, "Vidar": 63, "racoon": 22 }, "thirdparties": 11, "thirdparties_domain": 7, "update": "2025-04-23 13:35:20", "users": 609, "users_url": 100 }, "press": { "link": "https:\/\/www.ransomware.live\/id\/c2t0ZWxlY29tLmNvbUAyMDI1LTA0LTE5", "source": "https:\/\/news.sktelecom.com\/211423", "summary": "SK\ud154\ub808\ucf64 a d\u00e9couvert une fuite de donn\u00e9es li\u00e9e \u00e0 des informations sur les cartes SIM de ses clients en raison d'un code malveillant, mais n'a pas encore d\u00e9tect\u00e9 d'utilisation abusive de ces informations. L'entreprise a pris des mesures pour renforcer la s\u00e9curit\u00e9 et propose un service de protection des cartes SIM gratuite \u00e0 ses clients. SK Telecom s'excuse pour les inconv\u00e9nients caus\u00e9s et s'engage \u00e0 renforcer ses mesures de s\u00e9curit\u00e9 pour pr\u00e9venir de telles incidents \u00e0 l'avenir." }, "screenshot": "https:\/\/images.ransomware.live\/victims\/74ec8576634f89b26cc2b02a98dc7c5c.png", "url": "https:\/\/www.ransomware.live\/id\/U0sgVGVsZWNvbUBjb2luYmFzZWNhcnRlbA==", "victim": "SK Telecom" }, { "activity": "Not Found", "attackdate": "2023-11-30 13:34:55.542519", "claim_url": "http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/wakefield", "country": "US", "description": "Wakefield & Associates is a financial services company specializing in debt collection and billing services. Wakefield & Associates helps clients i...", "discovered": "2025-09-15 20:45:09.043133", "domain": "www.wakeassoc.com", "duplicates": [ { "attackdate": "2023-11-30 13:34:55.542519", "date": "2025-09-15 20:45:09.083468", "group": "knight", "link": "https:\/\/www.ransomware.live\/id\/V2FrZWZpZWxkICYgQXNzb2NpYXRlc0BrbmlnaHQ=" } ], "extrainfos": [], "group": "coinbasecartel", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/5f2aa6ee0a65ea857fa299f051ea75f1.png", "url": "https:\/\/www.ransomware.live\/id\/V2FrZWZpZWxkICYgQXNzb2NpYXRlc0Bjb2luYmFzZWNhcnRlbA==", "victim": "Wakefield & Associates" }, { "activity": "Not Found", "attackdate": "2023-11-20 20:38:10.933428", "claim_url": "http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/dreyfuss", "country": "US", "description": "Dreyfuss Williams Attorneys & Counselors at Law is a law firm specializing in Health Care Law, offering legal representation to hospitals and medic...", "discovered": "2025-09-15 20:48:10.130493", "domain": "www.dreyfuss.com", "duplicates": [ { "attackdate": "2023-11-20 20:38:10.933428", "date": "2025-09-15 20:48:10.151026", "group": "knight", "link": "https:\/\/www.ransomware.live\/id\/RHJleWZ1c3MgV2lsbGlhbXMgJiBBc3NvY2lhdGVzIENvLiwgTFBBQGtuaWdodA==" } ], "extrainfos": [], "group": "coinbasecartel", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/418b05c99d73bfd2c37691b2d617afb7.png", "url": "https:\/\/www.ransomware.live\/id\/RHJleWZ1c3MgV2lsbGlhbXMgJiBBc3NvY2lhdGVzIENvICwgTFBBQGNvaW5iYXNlY2FydGVs", "victim": "Dreyfuss Williams & Associates Co , LPA" }, { "activity": "Technology", "attackdate": "2023-05-26 01:02:03.456789", "claim_url": "http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/volt", "country": "", "description": "Volt is a global talent solutions provider, specializing in workforce management, recruitment, and staffing across industries such as technology, e...", "discovered": "2025-09-15 20:45:48.949191", "domain": "www.volt.com", "duplicates": [ { "attackdate": "2023-05-26 01:02:03.456789", "date": "2025-09-15 20:45:48.961502", "group": "royal", "link": "https:\/\/www.ransomware.live\/id\/Vm9sdEByb3lhbA==" } ], "extrainfos": [], "group": "coinbasecartel", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/a3bd5475e6f905ff5ab066cefe1fc8e5.png", "url": "https:\/\/www.ransomware.live\/id\/Vm9sdEBjb2luYmFzZWNhcnRlbA==", "victim": "Volt" } ]