Ransomware Stats

[ { “activity”: “Not Found”, “attackdate”: “2025-04-17 16:26:58.000000”, “claim_url”: “https:\/\/hunters55rdxciehoqzwv7vgyv6nt37tbwax2reroyzxhou7my5ejyid.onion\/companies\/6064619477”, “country”: “CZ”, “description”: “Exfiltraded data : yes – Encrypted data : no”, “discovered”: “2025-04-17 17:04:40.850516”, “domain”: “www.hopi.cz”, “duplicates”: [], “extrainfos”: [], “group”: “hunters”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a22765e5602c2d4026f6373f1195bffa.png”, “url”: “https:\/\/www.ransomware.live\/id\/SE9QSUBodW50ZXJz”, “victim”: “HOPI” }, { “activity”: “Technology”, “attackdate”: “2025-04-17 14:16:37.643827”, “claim_url”: “http:\/\/ks5424y3wpr5zlug5c7i6svvxweinhbdcqcfnptkfcutrncfazzgz5id.onion\/posts.php\/posts.php?pid=UVwF3zldNHTr4ingIxGblczy”, “country”: “CN”, “description”: “N\/A”, “discovered”: “2025-04-17 14:18:18.032700”, “domain”: “enflame”, “duplicates”: [], “extrainfos”: [], “group”: “killsec”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-17 14:16:18”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/74aee1c34e5b2786b9e3ed3b70386b23.png”, “url”: “https:\/\/www.ransomware.live\/id\/RW5mbGFtZSBUZWNobm9sb2d5QGtpbGxzZWM=”, “victim”: “Enflame Technology” }, { “activity”: “Construction”, “attackdate”: “2025-04-17 08:32:33.620877”, “claim_url”: “”, “country”: “US”, “description”: “Kaye Lifestyle Homes\nSince its establishment in 1985, Kaye Lifestyle Homes has built a vast number of homes for families, bringing happiness and satisfaction to thousands of homeowners. With more than 4,000 unique homes under our belt, we take pride in being the leading family-owned home builder in Southwest Florida. Our homes are tailored to fit the lifestyle of each family, and we are delighted to hear how our clients\u2019 homes have exceeded their expectations.Geo: USA – Leak size: 521 GB Archive – Contains: Files, SQL, Exchange”, “discovered”: “2025-04-17 08:32:34.737144”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “sarcoma”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/S2F5ZSBMaWZlc3R5bGUgSG9tZXNAc2FyY29tYQ==”, “victim”: “Kaye Lifestyle Homes” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2025-04-17 08:32:29.570990”, “claim_url”: “”, “country”: “IT”, “description”: “TRALFO Srl Trasporti e Spedizioni\nThe company was founded in Abruzzo in 1970 thanks to the dedication of the Fonzi family .\nIn 1992 the Fonzi brothers created TRALFO , an acronym for TRA sporti & L ogistica FO nzi \nThanks to a deep knowledge of the sector, as well as the passion and entrepreneurial foresight of the owners, after thirty years, Tralfo has established itself as a solid reality in the world of logistics and road transport, guaranteeing professionalism, experience and cutting-edge services offered. \nToday Tralfo can count on a collective of approximately 250 employees (coming from different nations such as: Albania, Ukraine, Pakistan, Morocco, Colombia, France, Germany, Switzerland, Cape Verde, Sri Lanka, Canada, Bulgaria, Poland, Belgium, Turkey ), divided between administrative managers, logistics operators and drivers, as well as a total of 40,000 m2 of warehouses.Geo: Italy – Leak size: 34 GB Archive – Contains: Files”, “discovered”: “2025-04-17 08:32:31.178504”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “sarcoma”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/VFJBTEZPIFNybCBUcmFzcG9ydGkgZSBTcGVkaXppb25pQHNhcmNvbWE=”, “victim”: “TRALFO Srl Trasporti e Spedizioni” }, { “activity”: “Not Found”, “attackdate”: “2025-04-17 08:32:25.001902”, “claim_url”: “”, “country”: “”, “description”: “Schultz Industries Inc.\nSchultz Industries, Inc. is lacally owned and operated complete landscape maintenance and installation company. Our focus is commercial properties such as retail centers, apartment complexes, office parks, municipalities and homeowner associations.\nOur employees are professionally certified in arboriculture, chamical application, irrigation audits, and many other specialties. They are also trained on new topics every week, and of coarse they are reminded every day of our company’s mission statement:\n\”Every employee committed to exceeding the client expecations\”Geo: USA – Leak size: 61 GB Archive – Contains: Files”, “discovered”: “2025-04-17 08:32:27.284581”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “sarcoma”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/U2NodWx0eiBJbmR1c3RyaWVzIEluYy5Ac2FyY29tYQ==”, “victim”: “Schultz Industries Inc.” }, { “activity”: “Financial Services”, “attackdate”: “2025-04-17 08:32:20.935741”, “claim_url”: “”, “country”: “GB”, “description”: “Manchester Credit Union\nManchester Credit Union offers ethical and affordable financial services, including personal loans and savings opportunities, catering primarily to local residents. The organization emphasizes community involvement, providing members with a share in ownership and earning dividends on their savings. They also offer a mobile app for convenient money management, and various educational initiatives aimed at promoting financial literacy. With over 30,000 members, the credit union is committed to supporting individuals and communities while keeping financial services accessible.Geo: United Kingdom – Leak size: 6 GB Archive – Contains: Files,SQL”, “discovered”: “2025-04-17 08:32:22.328139”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “sarcoma”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TWFuY2hlc3RlciBDcmVkaXQgVW5pb25Ac2FyY29tYQ==”, “victim”: “Manchester Credit Union” }, { “activity”: “Not Found”, “attackdate”: “2025-04-17 08:32:17.049017”, “claim_url”: “”, “country”: “TW”, “description”: “Ju Percussion Group\nTo date, the group has played in 33 different countries around the world, and cultivated more than 130,000 percussion learners by means of its instruction system. The growth of the Ju Percussion Group is a reflection of the development of contemporary percussion on the island of Taiwan. In 1986, the Ju Percussion Group met at a hot pot restaurant in Taipei and announced to the world that Taiwan’s very first professional percussion band had been born. When the Ju Percussion Group was first established, most people in Taiwan were unfamiliar with its percussion music genre. Thanks to the group’s activities, however, the Ju Percussion Group soon became a household name throughout the island. In 1991, the Ju Percussion Group introduced its instruction system, which swept the country with its absorbing and authentic teaching format. At present, there are 30 existing percussion music schools around the worldGeo: Taiwan – Leak size: 1.6 TB Archive – Contains: Files”, “discovered”: “2025-04-17 08:32:18.236236”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “sarcoma”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/SnUgUGVyY3Vzc2lvbiBHcm91cEBzYXJjb21h”, “victim”: “Ju Percussion Group” }, { “activity”: “Manufacturing”, “attackdate”: “2025-04-17 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=fd08719c-202e-3d69-9606-f05fae8ba478”, “country”: “US”, “description”: “Universal Window and Door, LLC engages in the design, manufacture, and supply of custom window solutions for historic restoration and new commercial construction projects. The company offers steel replica, historic, projected\/casement, double …”, “discovered”: “2025-04-17 10:47:57.686164”, “domain”: “www.universalwindow.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/e5ca1b8edc2977cbbaa741087bddebda.png”, “url”: “https:\/\/www.ransomware.live\/id\/dW5pdmVyc2Fsd2luZG93LmNvbUBxaWxpbg==”, “victim”: “universalwindow.com” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2025-04-17 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=81b360b5-1927-3938-89e6-1b7ff0c6c5a3”, “country”: “US”, “description”: “In 1957, Yankee Trails opened its doors with the goal of providing safe, affordable motor coach transportation to patrons in and around Upstate New York. Shuttle service between Albany and Vermont put the company on the map and continues to o …”, “discovered”: “2025-04-17 10:49:35.001886”, “domain”: “www.yankeetrails.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f0f758c83f63a9745d883858f51138f1.png”, “url”: “https:\/\/www.ransomware.live\/id\/eWFua2VldHJhaWxzLmNvbUBxaWxpbg==”, “victim”: “yankeetrails.com” }, { “activity”: “Technology”, “attackdate”: “2025-04-17 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=6e75ab16-8ff3-3a9e-9626-1654e8339900”, “country”: “US”, “description”: “Founded in 1964, AccessSMT Holdings is a leading supplier, installer, and project management company that offers hardware, doors, frames, and building materials for the commercial, residential sectors. AccessSMT Holdings is located in Canada. …”, “discovered”: “2025-04-17 18:12:57.048079”, “domain”: “www.accesssmt.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a190423ca1168437a7220511d71c6db0.png”, “url”: “https:\/\/www.ransomware.live\/id\/YWNjZXNzc210LmNvbUBxaWxpbg==”, “victim”: “accesssmt.com” }, { “activity”: “Technology”, “attackdate”: “2025-04-16 23:30:28.621113”, “claim_url”: “http:\/\/nz4z6ruzcekriti5cjjiiylzvrmysyqwibxztk6voem4trtx7gstpjid.onion#itec”, “country”: “DE”, “description”: “[AI generated] ITEC GmbH is a German-based company specializing in civil engineering and construction. They offer expertise in project management, planning, supervision and construction services for both private and public sectors. Their scope of service includes roads, bridges, infrastructure and environmental development. The team\u2019s professionals ensure compliance with safety, budgetary, and performance standards.”, “discovered”: “2025-04-16 23:32:21.756692”, “domain”: “itec-gmbh.com”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 23:30:10”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/65018a2d682f0631d8605c5153e87029.png”, “url”: “https:\/\/www.ransomware.live\/id\/aXRlYy1nbWJoLmNvbUBzYWZlcGF5”, “victim”: “itec-gmbh.com” }, { “activity”: “Not Found”, “attackdate”: “2025-04-16 23:28:43.151607”, “claim_url”: “http:\/\/nz4z6ruzcekriti5cjjiiylzvrmysyqwibxztk6voem4trtx7gstpjid.onion#heinrich”, “country”: “DE”, “description”: “[AI generated] N\/A”, “discovered”: “2025-04-16 23:30:03.389339”, “domain”: “heinrich-steinhardt.de”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 23:28:24”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/5cbdd561b2bab350bebb0f098778b3be.png”, “url”: “https:\/\/www.ransomware.live\/id\/aGVpbnJpY2gtc3RlaW5oYXJkdC5kZUBzYWZlcGF5”, “victim”: “heinrich-steinhardt.de” }, { “activity”: “Not Found”, “attackdate”: “2025-04-16 23:28:13.714201”, “claim_url”: “http:\/\/nz4z6ruzcekriti5cjjiiylzvrmysyqwibxztk6voem4trtx7gstpjid.onion#hurst-schroeder”, “country”: “DE”, “description”: “[AI generated] N\/A”, “discovered”: “2025-04-16 23:28:20.264586”, “domain”: “hurst-schroeder.de”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 23:27:56”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/aHVyc3Qtc2Nocm9lZGVyLmRlQHNhZmVwYXk=”, “victim”: “hurst-schroeder.de” }, { “activity”: “Manufacturing”, “attackdate”: “2025-04-16 23:27:46.077930”, “claim_url”: “http:\/\/nz4z6ruzcekriti5cjjiiylzvrmysyqwibxztk6voem4trtx7gstpjid.onion#helixtools”, “country”: “UK”, “description”: “[AI generated] Helix Tools provides high-quality tooling solutions for the engineering industry. Located in the UK, the company specializes in offering a wide range of tools including, but not limited to, drill bits, end mills, threading tools, and milling tools. They pride themselves on their comprehensive selection, exceptional customer service, and competitive pricing.”, “discovered”: “2025-04-16 23:27:51.077065”, “domain”: “helixtools.co.uk”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 23:27:28”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/aGVsaXh0b29scy5jby51a0BzYWZlcGF5”, “victim”: “helixtools.co.uk” }, { “activity”: “Public Sector”, “attackdate”: “2025-04-16 23:27:20.051533”, “claim_url”: “http:\/\/nz4z6ruzcekriti5cjjiiylzvrmysyqwibxztk6voem4trtx7gstpjid.onion#heilbronn”, “country”: “DE”, “description”: “[AI generated] N\/A”, “discovered”: “2025-04-16 23:27:23.264259”, “domain”: “heilbronn.de”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 23:27:02”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/aGVpbGJyb25uLmRlQHNhZmVwYXk=”, “victim”: “heilbronn.de” }, { “activity”: “Manufacturing”, “attackdate”: “2025-04-16 23:25:30.288761”, “claim_url”: “http:\/\/nz4z6ruzcekriti5cjjiiylzvrmysyqwibxztk6voem4trtx7gstpjid.onion#getriebetech”, “country”: “DE”, “description”: “[AI generated] \”Getriebetech.de\” is based in Germany and functions as a provider of exceptional transmission technology services. Their offer ranges from automatic, manual, CVT to DSG transmissions. Their team of expert engineers conduct comprehensive repairs and maintenance on these transmissions. They pride themselves on delivering quality workmanship, using cutting-edge equipment for diagnostics and resolution of complex transmission issues. They serve both private car owners and partners in the automotive industry.”, “discovered”: “2025-04-16 23:26:57.134520”, “domain”: “getriebetech.de”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 23:25:12”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a96f37e36676b20e12875f0aca268fd2.png”, “url”: “https:\/\/www.ransomware.live\/id\/Z2V0cmllYmV0ZWNoLmRlQHNhZmVwYXk=”, “victim”: “getriebetech.de” }, { “activity”: “Not Found”, “attackdate”: “2025-04-16 23:23:45.426931”, “claim_url”: “http:\/\/nz4z6ruzcekriti5cjjiiylzvrmysyqwibxztk6voem4trtx7gstpjid.onion#extremefire”, “country”: “AU”, “description”: “[AI generated] Extreme Fire Solutions is an Australian company that specializes in fire protection services. They are experts in designing, installing, and maintaining fire safety systems. They provide a wide range of services including fire sprinkler systems, fire extinguisher supply and maintenance, fire detection and alarm systems, and fire safety training.”, “discovered”: “2025-04-16 23:24:56.341248”, “domain”: “extremefire.com.au”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 23:23:28”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/8c5042a3c6f454e3845d90061feb322c.png”, “url”: “https:\/\/www.ransomware.live\/id\/ZXh0cmVtZWZpcmUuY29tLmF1QHNhZmVwYXk=”, “victim”: “extremefire.com.au” }, { “activity”: “Not Found”, “attackdate”: “2025-04-16 23:23:19.333417”, “claim_url”: “http:\/\/nz4z6ruzcekriti5cjjiiylzvrmysyqwibxztk6voem4trtx7gstpjid.onion#foerster”, “country”: “DE”, “description”: “[AI generated] N\/A”, “discovered”: “2025-04-16 23:23:22.410606”, “domain”: “foerster-schwanau.de”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 23:23:00”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Zm9lcnN0ZXItc2Nod2FuYXUuZGVAc2FmZXBheQ==”, “victim”: “foerster-schwanau.de” }, { “activity”: “Construction”, “attackdate”: “2025-04-16 23:22:53.306165”, “claim_url”: “http:\/\/nz4z6ruzcekriti5cjjiiylzvrmysyqwibxztk6voem4trtx7gstpjid.onion#eichele”, “country”: “DE”, “description”: “[AI generated] N\/A”, “discovered”: “2025-04-16 23:22:56.389723”, “domain”: “eichele-bau.de”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 23:22:34”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/ZWljaGVsZS1iYXUuZGVAc2FmZXBheQ==”, “victim”: “eichele-bau.de” }, { “activity”: “Manufacturing”, “attackdate”: “2025-04-16 23:21:00.793741”, “claim_url”: “http:\/\/nz4z6ruzcekriti5cjjiiylzvrmysyqwibxztk6voem4trtx7gstpjid.onion#frapack”, “country”: “DE”, “description”: “[AI generated] Frapack.de is a German company specialized in the distribution and production of packaging materials. Their product range includes plastic and paper packaging, bags, industrial packaging materials, and packaging for food & beverages. They cater to both large-scale industrial needs and smaller commercial requirements. They’re dedicated to providing sustainable, high-quality, custom packaging solutions for various industries.”, “discovered”: “2025-04-16 23:22:30.439697”, “domain”: “frapack.de”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 23:20:43”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/548e38f21d575edf91247d8f6a4526d3.png”, “url”: “https:\/\/www.ransomware.live\/id\/ZnJhcGFjay5kZUBzYWZlcGF5”, “victim”: “frapack.de” }, { “activity”: “Not Found”, “attackdate”: “2025-04-16 20:42:00.000000”, “claim_url”: “http:\/\/lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion\/post\/rxIw0r7etVsgsc8H6800162b2e183”, “country”: “CN”, “description”: “Heng Chang Machinery Co., Ltd (HCH), founded in 1988, is a leading world-class professional manufacturer of complete production lines for disposable hygiene products.”, “discovered”: “2025-04-16 21:38:58.234661”, “domain”: “aqhch.com.cn”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit3”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 21:37:33”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/edbc3cbd2e9870997d0734fd9f5cfcd1.png”, “url”: “https:\/\/www.ransomware.live\/id\/YXFoY2guY29tLmNuQGxvY2tiaXQz”, “victim”: “aqhch.com.cn” }, { “activity”: “Not Found”, “attackdate”: “2025-04-16 18:35:14.262631”, “claim_url”: “http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=x3KNmmfNdZbj7r”, “country”: “US”, “description”: “United States”, “discovered”: “2025-04-16 18:36:44.950556”, “domain”: “www.redchamber.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/4c0ef8aa907f4d2f78399a97da69e9e2.png”, “url”: “https:\/\/www.ransomware.live\/id\/UmVkIENoYW1iZXJAcGxheQ==”, “victim”: “Red Chamber” }, { “activity”: “Technology”, “attackdate”: “2025-04-16 18:33:49.238836”, “claim_url”: “http:\/\/nerqnacjmdy3obvevyol7qhazkwkv57dwqvye5v46k5bcujtfa6sduad.onion\/detail?code=d-line-it-com-uk-208gb”, “country”: “DK”, “description”: “UK – d-line”, “discovered”: “2025-04-16 18:35:13.554245”, “domain”: “d-line-it.com”, “duplicates”: [], “extrainfos”: [], “group”: “kairos”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 18:33:32”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/615480082a8d345bbc91b8756da0d2f5.png”, “url”: “https:\/\/www.ransomware.live\/id\/ZC1saW5lLWl0LmNvbUBrYWlyb3M=”, “victim”: “d-line-it.com” }, { “activity”: “Not Found”, “attackdate”: “2025-04-16 16:09:00.000000”, “claim_url”: “http:\/\/lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion\/post\/IVwfFqJaktJWSfGO67ffd6316db6e”, “country”: “BO”, “description”: “Greetings! Today we are posting here the new company, \”Empresa Nacional de Electricidad\”. Company Description: The National Electricity Company (ENDE) is a corporation of the Plurinational State, whose main objective and strategic role is to pa…”, “discovered”: “2025-04-16 16:56:00.706582”, “domain”: “ende.bo”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit3”, “infostealer”: { “employees”: 34, “employees_url”: 4, “infostealer_stats”: { “Lumma”: 10, “Raccoon”: 12, “RedLine”: 50, “StealC”: 2, “UNKNOWN”: 2, “Vidar”: 2 }, “thirdparties”: 23, “thirdparties_domain”: 8, “update”: “2025-04-16 16:54:38”, “users”: 20, “users_url”: 15 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/522f4394b230b98579d8c41195486584.png”, “url”: “https:\/\/www.ransomware.live\/id\/ZW5kZS5ib0Bsb2NrYml0Mw==”, “victim”: “ende.bo” }, { “activity”: “Not Found”, “attackdate”: “2025-04-16 16:07:00.000000”, “claim_url”: “http:\/\/lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion\/post\/KiZ3EK1iWPwPCE3m67ffd5c1d9db5”, “country”: “BR”, “description”: “Greetings! Today we are posting here the new company, \”AEA-MG\”. Company Description: AEA-MG (Association of Electricians and Employees of CEMIG and its Subsidiaries) was founded on 29 January 1983 by a group of electricians who recognized the n…”, “discovered”: “2025-04-16 16:57:33.283064”, “domain”: “aeamg.org.br”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit3”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 16:56:10”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/dcba38022584852f535cd74479966265.png”, “url”: “https:\/\/www.ransomware.live\/id\/YWVhbWcub3JnLmJyQGxvY2tiaXQz”, “victim”: “aeamg.org.br” }, { “activity”: “Not Found”, “attackdate”: “2025-04-16 08:39:11.948000”, “claim_url”: “http:\/\/lynxch2k5xi35j7hlbmwl7d6u2oz4vp2wqp6qkwol624cod3d6iqiyqd.onion\/leaks\/67ff6cafce8dcc3b0d9c93e0”, “country”: “”, “description”: “Feldman & Lopez, P.A. is a boutique law firm located in the heart of South Florida. Feldman & Lopez, P.A. was established in 2015 by a young female team of insurance experts, eager to provide Floridians with high quality civil and insurance litigation services. This boutique firm offers state-wide professional services to all residents of Florida and their assignees, personalized to meet every one of their clients’ needs. Feldman & Lopez has a wide range of expertise in handling all post loss claims for their clients who have the appropriate coverages under their homeowner insurance policy. In addition, the firm handles all aspects of water and\/or mold remediation claims and the invoices that go along with them based off validly executed assignment of benefits. In an age where the insurance industry rules our pocket books, rest assured that Feldman & Lopez will protect your rights and benefits when your insurance company tries to wrongfully deny or underpay your property damage claims.”, “discovered”: “2025-04-16 17:05:23.283891”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “lynx”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/8dcc0dc55963cd22bca01e3e420da08b.png”, “url”: “https:\/\/www.ransomware.live\/id\/RmVsZG1hbiAmIExvcGV6QGx5bng=”, “victim”: “Feldman & Lopez” }, { “activity”: “Healthcare”, “attackdate”: “2025-04-16 08:05:21.750000”, “claim_url”: “http:\/\/lynxch2k5xi35j7hlbmwl7d6u2oz4vp2wqp6qkwol624cod3d6iqiyqd.onion\/leaks\/67ff64c1ce8dcc3b0d9bf42d”, “country”: “US”, “description”: “Hyalogic, the leader in premium high molecular weight hyaluronic acid, offers joint care supplements for humans and animals, as well as a full line of skin care and personal care products made with premium hyaluronic acid (HA). Also known as hyaluronan or hyaluronate, HA supports healthy joints and has numerous skin, hair, nail, and eye moisturizing benefits. Our product line includes liquid oral supplements, lozenge supplements, and topical skin care products under the well known names: Synthovial Seven and Episilk, Hyalun for your horse and HyaFlex for your dog or cat.”, “discovered”: “2025-04-16 17:04:12.193087”, “domain”: “www.hyalogic.com”, “duplicates”: [], “extrainfos”: [], “group”: “lynx”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/d7defbb2b149cb7d22b18d48b7f5a4ec.png”, “url”: “https:\/\/www.ransomware.live\/id\/SHlhbG9naWNAbHlueA==”, “victim”: “Hyalogic” }, { “activity”: “Technology”, “attackdate”: “2025-04-16 02:19:00.000000”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/67f8dedc516e69ca61924455”, “country”: “DE”, “description”: “ibL \u2013 Ingenieurb\u00fcro f\u00fcr Landentwicklung GmbH \u2013 based in Halle (Saale) is a consulting and planning engineering firm that operates primarily in rural areas.\r Our work focuses on planning services for land development using geodata.\r In selected regions, we act as a suitable agency for determining and reorganizing the ownership of land and buildings based on Section 99 (2) of the Land Consolidation Act and Section 53 of the Agricultural Adjustment Act.\r \r ===>\r Phone Number: 0345 233 410\r Revenue: $5 Million\r Industry: Engineering\r Employees: 25\r Data: 56gb”, “discovered”: “2025-04-16 03:25:05.523409”, “domain”: “iblinfo.de”, “duplicates”: [], “extrainfos”: [], “group”: “incransom”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 03:23:28”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/d496b51f6952dcb6d7c94b4ebc720b1d.png”, “url”: “https:\/\/www.ransomware.live\/id\/aWJsaW5mby5kZUBpbmNyYW5zb20=”, “victim”: “iblinfo.de” }, { “activity”: “Not Found”, “attackdate”: “2025-04-16 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=9f6489a4-4568-38a9-9859-97f5fc911963”, “country”: “IT”, “description”: “Company designs and manufactures machines and systems of sandblasting, as well as dust extraction systems, Sorting and conveying devices for metal abrasives and silica sands, partial and total recovery devices for large cabins and soundproofi …”, “discovered”: “2025-04-16 09:38:09.146303”, “domain”: “govonisabbiatrici.it”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 09:36:38”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/b850d204e7cc35a324c1b87f4edd2533.png”, “url”: “https:\/\/www.ransomware.live\/id\/Z292b25pc2FiYmlhdHJpY2lAcWlsaW4=”, “victim”: “govonisabbiatrici” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2025-04-16 00:00:00.000000”, “claim_url”: “”, “country”: “BR”, “description”: “D’Granel is a transportation company that offers logistics, fleet\nmanagement, and cargo transportation services.\n\nWe are ready to upload more than 40 GB of essential corporate doc\numents such as: financial data (audits, payment details, reports)\n, lots of confidential documents, corporate NDA\u2019s, contact number\ns and e-mail addresses of employees and customers etc.\n”, “discovered”: “2025-04-16 14:14:42.421195”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/RCdHcmFuZWxAYWtpcmE=”, “victim”: “D’Granel” }, { “activity”: “Not Found”, “attackdate”: “2025-04-16 00:00:00.000000”, “claim_url”: “”, “country”: “GR”, “description”: “ANFARM is a manufacturer of generic pharmaceutical formulations f\nor human use. The company sells its products to 31 countries and \nacts as third party manufacturer to 45 clients.\n\nWe are ready to upload more than 35 GB of essential corporate doc\numents such as: contact numbers and e-mail addresses of governmen\nts(!) of a few countries like Portugal, Spain and a few others (i\nf somebody is interested), detailed financial data (audits, payme\nnt details, reports), corporate NDA\u2019s, employee personal informat\nion, clients data, etc.\n”, “discovered”: “2025-04-16 16:13:38.685093”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/QW5mYXJtIEhlbGxhc0Bha2lyYQ==”, “victim”: “Anfarm Hellas” }, { “activity”: “Construction”, “attackdate”: “2025-04-16 00:00:00.000000”, “claim_url”: “”, “country”: “US”, “description”: “Dale | Bailey, an Association is a joint venture of Bailey Archit\necture Education, P.A.and Dale Partners Architects P.A. The assoc\niation was formed in August 2008 to create a firm with unsurpasse\nd experience in educational facility planning, design and constru\nction.\n\nWe are ready to upload over 148 GB of essential corporate documen\nts such as: contact numbers and e-mail addresses of employees and\npartners, employee personal files, detailed financial data (audi\nts, payment details, reports), corporate NDA\u2019s, etc.\n”, “discovered”: “2025-04-16 16:13:43.574453”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/RGFsZSBQYXJ0bmVycyBBcmNoaXRlY3RzQGFraXJh”, “victim”: “Dale Partners Architects” }, { “activity”: “Manufacturing”, “attackdate”: “2025-04-16 00:00:00.000000”, “claim_url”: “”, “country”: “IT”, “description”: “The Lamberti Group produces chemical specialties for a broad rang\ne of applications.\n\nWe are ready to upload essential corporate documents such as: det\nailed financial information, employee personal information, proje\ncts, customers data, corporate NDA\u2019s, etc.\n”, “discovered”: “2025-04-16 17:44:05.938088”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TGFtYmVydGkgR3JvdXBAYWtpcmE=”, “victim”: “Lamberti Group” }, { “activity”: “Business Services”, “attackdate”: “2025-04-16 00:00:00.000000”, “claim_url”: “http:\/\/ralordqe33mpufkpsr6zkdatktlu3t2uei4ught3sitxgtzfmqmbsuyd.onion\/bioclimaservice”, “country”: “IT”, “description”: “\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200bBio-Clima Service Srl, an Italian company based in Bernareggio, Lombardy, specializing in the technical assistance, maintenance, and…”, “discovered”: “2025-04-16 18:38:45.838576”, “domain”: “bioclimaservice”, “duplicates”: [], “extrainfos”: [], “group”: “ralord”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 18:37:11”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/98d705ec55203c4b7ee56d19027f78ca.png”, “url”: “https:\/\/www.ransomware.live\/id\/4oCL4oCL4oCL4oCLQmlvLUNsaW1hIFNlcnZpY2VAcmFsb3Jk”, “victim”: “\u200b\u200b\u200b\u200bBio-Clima Service” }, { “activity”: “Education”, “attackdate”: “2025-04-16 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=b6bd244b-a4ae-30ae-8b47-c83ccf15d427”, “country”: “”, “description”: “Data from Nelson University contains thousands of personal employee and students records. All data will be published fully on 24 April 2024. If management of University will not pay ransom .Nelson is a publisher of educational products. They …”, “discovered”: “2025-04-16 19:16:52.025240”, “domain”: “www.nelson.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/ae38fb6cea37cf2c47d9178112723ac8.png”, “url”: “https:\/\/www.ransomware.live\/id\/d3d3Lm5lbHNvbi5lZHVAcWlsaW4=”, “victim”: “www.nelson.edu” }, { “activity”: “Agriculture and Food Production”, “attackdate”: “2025-04-16 00:00:00.000000”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/68001f58516e69ca61f381d6”, “country”: “NL”, “description”: “The family of Ahold Delhaize serve 72 million customers every week in the United States, Europe and Indonesia. Each brand shares a passion for delivering great food, value and innovations, and for creating inclusive workplaces that provide rewarding professional opportunities. \r Ahold Delhaize become a victim of the largest data breach. 6TB sensitive data will be published soon in our blog.”, “discovered”: “2025-04-16 21:34:10.596265”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “incransom”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/c97d784abcf9506d914ab0f52642402d.png”, “url”: “https:\/\/www.ransomware.live\/id\/S29uaW5rbGlqa2UgQWhvbGQgRGVsaGFpemUgTi5WLkBpbmNyYW5zb20=”, “victim”: “Koninklijke Ahold Delhaize N.V.” }, { “activity”: “Not Found”, “attackdate”: “2025-04-15 22:09:18.851000”, “claim_url”: “http:\/\/lynxblog.net\/leaks\/67fed90ece8dcc3b0d917e53”, “country”: “”, “description”: “McElwee Firm PLLC is a company that operates in the Law Firms & Legal Services industry. It employs 5to9 people and has 1Mto5M of revenue. The company is headquartered in North Wilkesboro, North Carolina.”, “discovered”: “2025-04-16 10:05:25.903745”, “domain”: “mcelweefirm.com”, “duplicates”: [], “extrainfos”: [], “group”: “lynx”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/0d957d6217b816c78da2745188944827.png”, “url”: “https:\/\/www.ransomware.live\/id\/TWNFbHdlZSBGaXJtQGx5bng=”, “victim”: “McElwee Firm” }, { “activity”: “Construction”, “attackdate”: “2025-04-15 20:14:58.831000”, “claim_url”: “http:\/\/lynxblog.net\/leaks\/67febe42ce8dcc3b0d8fabd2”, “country”: “US”, “description”: “Lake HVAC was founded in 1975. For more than 40 years, Lake HVAC has built and maintained quality HVAC systems for industrial, commercial, institutional and high tech\/biotech clients in Massachusetts and New Hampshire. We work with general contractors, developers, facilities departments and engineering firms to ensure that our clients receive efficient, reliable, and cost-effective solutions for their HVAC systems. Our professional experience in HVAC installation, service and design ensures your project will maintain long-term functionality, efficiency and return on facility investment.”, “discovered”: “2025-04-15 20:38:16.038128”, “domain”: “lakehvac.com”, “duplicates”: [], “extrainfos”: [], “group”: “lynx”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/bcc0cc41b8deb5a9626de59ca8f85494.png”, “url”: “https:\/\/www.ransomware.live\/id\/TGFrZSBIVkFDQGx5bng=”, “victim”: “Lake HVAC” }, { “activity”: “Not Found”, “attackdate”: “2025-04-15 19:46:38.781000”, “claim_url”: “http:\/\/lynxblog.net\/leaks\/67feb79ece8dcc3b0d8f25ac”, “country”: “US”, “description”: “Astra Products of Ohio is a supplier to the window covering industry. We do not fabricate or install window coverings. We offer products that allow for our customers to fabricate window coverings that meet the ANSI\/WCMA A100.1-2022 standards. We are committed to continue our search for new, child safe products to offer our customers. “, “discovered”: “2025-04-15 20:39:30.926714”, “domain”: “astraproducts.com”, “duplicates”: [], “extrainfos”: [], “group”: “lynx”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/76c1a5a2786a65d4edf3e5f1fcb9efaf.png”, “url”: “https:\/\/www.ransomware.live\/id\/QXN0cmEgUHJvZHVjdHNAbHlueA==”, “victim”: “Astra Products” }, { “activity”: “Construction”, “attackdate”: “2025-04-15 17:09:06.401000”, “claim_url”: “http:\/\/lynxblog.net\/leaks\/67fe92b2ce8dcc3b0d8c76e6”, “country”: “US”, “description”: “Nevada Ready Mix was founded in 1960. The company offers concrete for residential foundations, public works, golf courses, and heavy highway projects. It is headquartered in Nevada, United States.\r”, “discovered”: “2025-04-15 17:37:14.374962”, “domain”: “nevadareadymix.com”, “duplicates”: [], “extrainfos”: [], “group”: “lynx”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-15 17:35:50”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f9b7bf65b8d7f86005dfe97018e314bd.png”, “url”: “https:\/\/www.ransomware.live\/id\/bmV2YWRhcmVhZHltaXguY29tQGx5bng=”, “victim”: “nevadareadymix.com” }, { “activity”: “Manufacturing”, “attackdate”: “2025-04-15 16:36:27.912000”, “claim_url”: “http:\/\/lynxblog.net\/leaks\/67fe8b0bce8dcc3b0d8beba7”, “country”: “US”, “description”: “Founded in 1951 and headquartered in St Louis Park, Minnesota, SPS Companies is a wholesale distributor of products and services for use by both residential and commercial contractors. The company focuses on plumbing, mechanical and industrial piping, heating, ventilation, and more.\r”, “discovered”: “2025-04-15 17:38:42.508803”, “domain”: “spscompanies.com”, “duplicates”: [], “extrainfos”: [], “group”: “lynx”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-15 17:37:19”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f59576a2977a7fb937ce0f9a3422c62d.png”, “url”: “https:\/\/www.ransomware.live\/id\/c3BzY29tcGFuaWVzLmNvbUBseW54”, “victim”: “spscompanies.com” }, { “activity”: “Technology”, “attackdate”: “2025-04-15 11:07:54.985427”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=816d47f3-8966-41b4-9475-3c1d00afd396”, “country”: “US”, “description”: “Setpoint Systems is a lean automation integration firm providing engineering, design, build, and controls experts for turn key custom automated solutions using the Toyota Production System (TPS) methodology. Since 1992 Setpoint has designed, manufactured, and marketed automated manufacturing equipment to increase productivity and quality for companies in a variety of industries. Setpoint has developed a methodology and system that mitigates customers risk and maximizes the customers return on investment.”, “discovered”: “2025-04-16 08:22:55.939939”, “domain”: “www.setpointsystems.com”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/9191d883f55c3cd28c35a2ce294f3647.png”, “url”: “https:\/\/www.ransomware.live\/id\/U2V0cG9pbnQgU3lzdGVtc0BkcmFnb25mb3JjZQ==”, “victim”: “Setpoint Systems” }, { “activity”: “Public Sector”, “attackdate”: “2025-04-15 08:45:11.371589”, “claim_url”: “”, “country”: “US”, “description”: “Oregon Department of Environmental Quality They think their data hasn’t been stolen. They’re sorely mistaken.Over 2.5 terabytes of unique data. (SQL, employee data and more)We are waiting for your suggestions.”, “discovered”: “2025-04-15 08:45:13.232898”, “domain”: “oregon.gov”, “duplicates”: [], “extrainfos”: [], “group”: “rhysida”, “infostealer”: { “employees”: 17, “employees_url”: 11, “infostealer_stats”: { “Atomic”: 2, “Azorult”: 434, “KPOT”: 2, “Lumma”: 994, “Mystic”: 6, “Raccoon”: 328, “RedLine”: 1600, “StealC”: 60, “Taurus”: 2, “UNKNOWN”: 74, “Vidar”: 162 }, “thirdparties”: 4, “thirdparties_domain”: 10, “update”: “2025-04-16 13:05:52”, “users”: 2299, “users_url”: 100 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/T3JlZ29uIERlcGFydG1lbnQgb2YgRW52aXJvbm1lbnRhbCBRdWFsaXR5QHJoeXNpZGE=”, “victim”: “Oregon Department of Environmental Quality” }, { “activity”: “Education”, “attackdate”: “2025-04-15 08:44:00.000000”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/67f7e797516e69ca6185364d”, “country”: “US”, “description”: “Founded in 1958 in the Buffalo, NY by the Sisters of Mercy, Trocaire College is a private, career-oriented Catholic college that strives to empower students toward personal enrichment, dignity and self-worth through education. A career-oriented institution, Trocaire offers bachelor’s degrees, associate degrees and certificate and workforce development programs in healthcare, business, hospitality and technology. Recognizing the individual needs of a diverse student body, Trocaire College provides life learning and development within a community-based environment, preparing students for service in the universal community.\r ===>\r Phone Number: \r (716) 826-1200\r Revenue: $24.6 Million\r Industry: Education\r Employees: 217\r Data: 310gb\r “, “discovered”: “2025-04-15 09:33:03.267433”, “domain”: “trocaire.edu”, “duplicates”: [], “extrainfos”: [], “group”: “incransom”, “infostealer”: { “employees”: 15, “employees_url”: 5, “infostealer_stats”: { “Azorult”: 1, “Generic Stealer”: 4, “Lumma”: 2, “Raccoon”: 2, “RedLine”: 11, “UNKNOWN”: 1, “Vidar”: 1 }, “thirdparties”: 14, “thirdparties_domain”: 12, “update”: “2025-04-15 09:31:28”, “users”: 7, “users_url”: 6 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/e1a5cb9a5b9cbb5a063de34f0a24080b.png”, “url”: “https:\/\/www.ransomware.live\/id\/dHJvY2FpcmUuZWR1QGluY3JhbnNvbQ==”, “victim”: “trocaire.edu” }, { “activity”: “Agriculture and Food Production”, “attackdate”: “2025-04-15 06:44:00.000000”, “claim_url”: “http:\/\/47glxkuxyayqrvugfumgsblrdagvrah7gttfscgzn56eyss5wg3uvmqd.onion\/packages\/cfb3fbbb-5118-4013-b21d-90df5b31dd0d”, “country”: “CA”, “description”: “Revenue: $170 million\n Type: Research\n Size: 214,2 GBytes”, “discovered”: “2025-04-16 12:52:15.668886”, “domain”: “semex.com”, “duplicates”: [], “extrainfos”: [], “group”: “underground”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Lumma”: 5, “RedLine”: 3 }, “thirdparties”: 1, “thirdparties_domain”: 1, “update”: “2025-04-16 12:40:27”, “users”: 8, “users_url”: 2 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/101e0393148c041d17b574bfec136fa7.png”, “url”: “https:\/\/www.ransomware.live\/id\/c2VtZXguY29tQHVuZGVyZ3JvdW5k”, “victim”: “semex.com” }, { “activity”: “Hospitality and Tourism”, “attackdate”: “2025-04-15 00:00:00.000000”, “claim_url”: “http:\/\/ralordqe33mpufkpsr6zkdatktlu3t2uei4ught3sitxgtzfmqmbsuyd.onion\/newhotelcloud”, “country”: “ES”, “description”: “\u200b\u200b\u200b\u200bNewhotel Cloud is a comprehensive, cloud-based Property Management System (PMS) developed by Newhotel Software to streamline hotel operations of…”, “discovered”: “2025-04-15 10:08:46.664652”, “domain”: “newhotelcloud”, “duplicates”: [], “extrainfos”: [], “group”: “ralord”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-15 10:07:16”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/7f8478c25297afacdb8f70a5dac4c927.png”, “url”: “https:\/\/www.ransomware.live\/id\/TmV3SG90ZWwgY2xvdWQgY29tcGFueUByYWxvcmQ=”, “victim”: “NewHotel cloud company” }, { “activity”: “Not Found”, “attackdate”: “2025-04-15 00:00:00.000000”, “claim_url”: “”, “country”: “US”, “description”: “Inductors Inc. is the premier franchised distributor of inductive\ncomponents specializing in power and RF products. \n\nWe are ready to upload more than 6 GB of essential corporate docu\nments such as: corporate NDA\u2019s, corporate licenses, agreements an\nd contracts, financial data (audits, payment details, reports), i\nnsurance documents, etc.\n”, “discovered”: “2025-04-15 12:17:12.234652”, “domain”: “inductor.com”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 13:05:16”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/SW5kdWN0b3JzIEluYy5AYWtpcmE=”, “victim”: “Inductors Inc.” }, { “activity”: “Not Found”, “attackdate”: “2025-04-15 00:00:00.000000”, “claim_url”: “”, “country”: “US”, “description”: “PE\u00d1A BRIONES MCDANIEL & CO. offers a wide range of accounting, ta\nx, assurance, and consulting services across Texas and New Mexico\n. Their clientele includes individuals, non-profits, governments,\nfinancial institutions, and businesses from various industries. \n\nWe are ready to upload more than 34 GB of essential corporate doc\numents such as: marriage licenses, corporate licenses, agreements\nand contracts, personal passport scans, driver licenses, contact\nnumbers and e-mail addresses of employees and customers, financi\nal data (audits, payment details, reports), etc.\n”, “discovered”: “2025-04-15 13:47:46.818211”, “domain”: “cpaelpaso.com”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 13:04:43”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/UEXDkUEgQlJJT05FUyBNQ0RBTklFTCAmIENPLkBha2lyYQ==”, “victim”: “PE\u00d1A BRIONES MCDANIEL & CO.” }, { “activity”: “Not Found”, “attackdate”: “2025-04-15 00:00:00.000000”, “claim_url”: “”, “country”: “US”, “description”: “King Industries, Inc. designs, manufactures, and distributes addi\ntives for small to large companies throughout the world who make \ntheir own branded products we all know and use like engine oils, \ngreases, hydraulic oils, paints, coatings, and rubber goods.\n\nWe are ready to upload more than 260 GB of essential corporate do\ncuments such as: corporate NDA\u2019s, passport scans, medical documen\nts, contact numbers and e-mail addresses of employees and custome\nrs, financial data (audits, payment details, reports), etc.\n”, “discovered”: “2025-04-15 13:47:50.310208”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/S2luZyBJbmR1c3RyaWVzIEluYy5AYWtpcmE=”, “victim”: “King Industries Inc.” }, { “activity”: “Construction”, “attackdate”: “2025-04-15 00:00:00.000000”, “claim_url”: “”, “country”: “US”, “description”: “Bolivar Insulation serves all of southwest Missouri including the\nareas of Springfield, Bolivar, Branson, Joplin, Columbia and Cam\ndenton, Missouri for gutter cleaning, repair or new gutter instal\nlation.\n\nWe are ready to upload more than 9 GB of essential corporate docu\nments such as: financial data (audits, payment details, reports),\ncontact numbers and e-mail addresses of employees and customers,\nSSN\u2019s, driver licenses, passport scans, etc.\n”, “discovered”: “2025-04-15 15:17:48.004878”, “domain”: “bolivarinsulation.com”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 13:04:13”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Qm9saXZhciBJbnN1bGF0aW9uQGFraXJh”, “victim”: “Bolivar Insulation” }, { “activity”: “Not Found”, “attackdate”: “2025-04-15 00:00:00.000000”, “claim_url”: “”, “country”: “CH”, “description”: “The company’s activities include project planning, construction m\nanagement, expertise and consulting in civil engineering and its \nspecialized fields.\n\nWe are ready to upload more than 92 GB of essential corporate doc\numents such as: contact numbers and e-mail addresses of employees\nand customers, financial data (audits, payment details, reports)\n, corporate NDA\u2019s, etc.\n”, “discovered”: “2025-04-15 15:17:52.020080”, “domain”: “heierli.ch”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 13:03:45”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/SGVpZXJsaUBha2lyYQ==”, “victim”: “Heierli” }, { “activity”: “Not Found”, “attackdate”: “2025-04-15 00:00:00.000000”, “claim_url”: “http:\/\/ralordqe33mpufkpsr6zkdatktlu3t2uei4ught3sitxgtzfmqmbsuyd.onion\/arrco”, “country”: “NO”, “description”: “ARRCO \u2013 Lights Sound Magic is a professional event technology company based in Hamar, Norway. They specialize in providing comprehensive solutions for events, including sound,…”, “discovered”: “2025-04-15 19:17:17.385622”, “domain”: “arrco.no”, “duplicates”: [], “extrainfos”: [], “group”: “ralord”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/d47d4368a7681086411f45bde138c165.png”, “url”: “https:\/\/www.ransomware.live\/id\/QVJSQ08gTFNNQHJhbG9yZA==”, “victim”: “ARRCO LSM” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2025-04-15 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=cdeac47a-2919-33f9-bdc0-c4428f16c863”, “country”: “US”, “description”: “A company is only as strong as its roots, and A-1 Freeman Moving Group’s roots are firmly planted in a culture of honesty, integrity, and hard work. In 1974, Jim Freeman founded A-1 Freeman Moving Group in Oklahoma City, OK on a belief that h …”, “discovered”: “2025-04-15 22:17:17.559964”, “domain”: “a-1freeman.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-15 22:16:27”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/YS0xZnJlZW1hbkBxaWxpbg==”, “victim”: “a-1freeman” }, { “activity”: “Technology”, “attackdate”: “2025-04-15 00:00:00.000000”, “claim_url”: “http:\/\/5butbkrljkaorg5maepuca25oma7eiwo6a2rlhvkblb4v6mf3ki2ovid.onion\/companies\/69\/evertech-instrumental-co-ltd”, “country”: “TW”, “description”: “Ever Tech Instrumental(ETI) has been a professional technologies agent in FPD industry over two decades. We are dedicated to importing SEMI\/FPD related materials and equipments , New advanced materials, Optical and Analytical instruments from Japan and Korea.- Database- Financial documents- Personal information of employees and clients https:\/\/en.evertech.com.tw\/”, “discovered”: “2025-04-17 07:09:15.623832”, “domain”: “en.evertech.com.tw”, “duplicates”: [], “extrainfos”: [], “group”: “spacebears”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-17 07:07:41”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/c730f001ae795617b927700e18ca8824.png”, “url”: “https:\/\/www.ransomware.live\/id\/RVZFUlRFQ0ggSU5TVFJVTUVOVEFMIENPLiwgTFREQHNwYWNlYmVhcnM=”, “victim”: “EVERTECH INSTRUMENTAL CO., LTD” }, { “activity”: “Not Found”, “attackdate”: “2025-04-14 21:17:50.152973”, “claim_url”: “http:\/\/mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion\/index.php?page=1topic.php?id=YGTeOV05sBnv0w”, “country”: “US”, “description”: “United States”, “discovered”: “2025-04-14 21:19:23.284479”, “domain”: “www.wallercorporation.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/b3bd118cb728c79dce264ff880f0ddcc.png”, “url”: “https:\/\/www.ransomware.live\/id\/V2FsbGVyQHBsYXk=”, “victim”: “Waller” }, { “activity”: “Energy”, “attackdate”: “2025-04-14 21:15:00.572879”, “claim_url”: “http:\/\/mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion\/index.php?page=1topic.php?id=22AXJaO3f3J4xw”, “country”: “US”, “description”: “United States”, “discovered”: “2025-04-14 21:16:33.173044”, “domain”: “www.cortezoil.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/de8cc10d400b549053c430298f994e87.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q29ydGV6IFJlc291cmNlc0BwbGF5”, “victim”: “Cortez Resources” }, { “activity”: “Technology”, “attackdate”: “2025-04-14 21:13:28.701919”, “claim_url”: “http:\/\/mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion\/index.php?page=1topic.php?id=N3sZFnZSd76li”, “country”: “US”, “description”: “United States”, “discovered”: “2025-04-14 21:14:58.779741”, “domain”: “www.comport.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/681b38a4315cbf6d7fbf845aae084b3a.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q29tcG9ydCBUZWNobm9sb2d5IFNvbHV0aW9uc0BwbGF5”, “victim”: “Comport Technology Solutions” }, { “activity”: “Not Found”, “attackdate”: “2025-04-14 21:11:55.523241”, “claim_url”: “http:\/\/mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion\/index.php?page=1topic.php?id=4D6LeM54F4IJq5”, “country”: “US”, “description”: “United States”, “discovered”: “2025-04-14 21:13:26.743897”, “domain”: “www.merrimakers.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/029c22f05008bf4c6bac1f5ad02777f0.png”, “url”: “https:\/\/www.ransomware.live\/id\/TWVycmktTWFrZXJzQHBsYXk=”, “victim”: “Merri-Makers” }, { “activity”: “Not Found”, “attackdate”: “2025-04-14 21:10:22.351900”, “claim_url”: “http:\/\/mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion\/index.php?page=1topic.php?id=U30p0MUfYcYX1Q”, “country”: “US”, “description”: “United States”, “discovered”: “2025-04-14 21:11:53.785774”, “domain”: “www.obrlaw.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a21f40e78fa5bc87e1521f5f8a7b51e1.png”, “url”: “https:\/\/www.ransomware.live\/id\/TydCcmllbiAmIFJ5YW5AcGxheQ==”, “victim”: “O’Brien & Ryan” }, { “activity”: “Manufacturing”, “attackdate”: “2025-04-14 21:08:49.877038”, “claim_url”: “http:\/\/mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion\/index.php?page=1topic.php?id=ShnssDiWMw2UOc”, “country”: “US”, “description”: “United States”, “discovered”: “2025-04-14 21:10:20.501708”, “domain”: “www.voigtab.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/0c181e4c45f7b8b3b73f12bd77a35408.png”, “url”: “https:\/\/www.ransomware.live\/id\/Vm9pZ3QtQWJlcm5hdGh5IENvbXBhbnlAcGxheQ==”, “victim”: “Voigt-Abernathy Company” }, { “activity”: “Hospitality and Tourism”, “attackdate”: “2025-04-14 21:07:17.596390”, “claim_url”: “http:\/\/mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion\/index.php?page=1topic.php?id=4g0BsGwLCqoyqy”, “country”: “CA”, “description”: “Canada”, “discovered”: “2025-04-14 21:08:48.041400”, “domain”: “www.destinationtoronto.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/64d58898eddc56457252e84ed1490157.png”, “url”: “https:\/\/www.ransomware.live\/id\/RGVzdGluYXRpb24gVG9yb250b0BwbGF5”, “victim”: “Destination Toronto” }, { “activity”: “Consumer Services”, “attackdate”: “2025-04-14 21:05:43.692597”, “claim_url”: “http:\/\/mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion\/index.php?page=1topic.php?id=WNTi7SR6uZ72kQ”, “country”: “US”, “description”: “United States”, “discovered”: “2025-04-14 21:07:15.284259”, “domain”: “www.jamesandsons.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/bb88fb415f57ea6f6fe1a75b6509274a.png”, “url”: “https:\/\/www.ransomware.live\/id\/SmFtZXMgJiBTb25zIEZpbmUgSmV3ZWxlcnNAcGxheQ==”, “victim”: “James & Sons Fine Jewelers” }, { “activity”: “Construction”, “attackdate”: “2025-04-14 17:38:18.863117”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=c70a4dd5-52f8-4f36-9e69-1f701744f65b”, “country”: “CA”, “description”: “Check out the videos below to learn more about our home selection, design, and building processes. Our company has always been a family affair ever since Uncle Doug moved into the first official Pratt Home in Scandia in 1973. Each newly married and with student loans to pay off, brothers Len and Lowell banded together, determined to create a legacy. They hired relatives and school friends as their business grew through the first start-up years. Now, nearly 1,000 families have chosen to make their dream homes with us, and we feel a deep sense of pride knowing that each home was built to our high standards and with our philosophy of quality construction and customer satisfaction. In 1976, the Pratts began the development side of their business with five homes in Forest Lake. Three years later, they commenced with their first large-scale project: Birch Lake Woods, building over 60 single family homes and 128 multiple condo units in White Bear Lake.”, “discovered”: “2025-04-16 08:24:23.494311”, “domain”: “pratthomes.com”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 08:23:03”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/dbbaa4f0153b32de4b86e93a884cd193.png”, “url”: “https:\/\/www.ransomware.live\/id\/UHJhdHQgSG9tZXNAZHJhZ29uZm9yY2U=”, “victim”: “Pratt Homes” }, { “activity”: “Construction”, “attackdate”: “2025-04-14 17:33:13.765548”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=c0be1d83-9493-4d6a-8730-90f3e043af47”, “country”: “US”, “description”: “Pryor Morrow is a firm specializing in architecture, engineering, and interior design, focused on serving schools, governments, and recreational facilities. With a commitment to building strong relationships, the company prioritizes client needs and aims to create impactful community spaces that enhance people’s lives. Their experienced team, boasting over 200 years of combined experience, strives to deliver exceptional results while mentoring the next generation of designers. By designing innovative structures, they aim to leave a lasting legacy for future generations.”, “discovered”: “2025-04-16 08:25:52.241727”, “domain”: “pryor-morrow.com”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 08:24:28”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a38fde4d66ff6e2460eb07fb4bdb4d62.png”, “url”: “https:\/\/www.ransomware.live\/id\/UHJ5b3IgTW9ycm93QGRyYWdvbmZvcmNl”, “victim”: “Pryor Morrow” }, { “activity”: “Not Found”, “attackdate”: “2025-04-14 15:19:20.739208”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=0a63d947-b905-49c3-8877-0b20d7f22c4b”, “country”: “”, “description”: “We at KraftKisarna mainly carry out electrical control and fire alarm installations, and maintain railways and train stations around Sweden.\n\nWe also carry out complete electrical installations in infrastructure, lighting and power in track and track-related environments, associated peripheral areas such as walking \u2013 cycle paths and welcoming green areas. Also bridge, tunnel and platform work.\n\nOur staff has good experience and is specially trained to work safely on track and track environments. Despite our young age as a company, we have been able to carry out a large number of projects in the field of railways throughout Sweden. Our primary end customers are the Swedish Transport Administration, municipalities and industries.”, “discovered”: “2025-04-16 08:27:20.755147”, “domain”: “kraftkisarna.se”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 08:25:58”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/cbda8c6e71c336953835260b3c271882.png”, “url”: “https:\/\/www.ransomware.live\/id\/S3JhZnRLaXNhcm5hQGRyYWdvbmZvcmNl”, “victim”: “KraftKisarna” }, { “activity”: “Education”, “attackdate”: “2025-04-14 14:11:19.000000”, “claim_url”: “http:\/\/xfv4jzckytb4g3ckwemcny3ihv4i5p4lqzdpi624cxisu35my5fwi5qd.onion\/detail?id=9e9a8fbf0d29fc8ef65907aca24c2bba”, “country”: “US”, “description”: “Pawnee Heights Unified School District ( founded 1949 ) a school district located in Rozel, Kansas. It provides academic services from elementary and secondary level. Pawnee Heights Unified School District corporate office is located in 100 Grand, Rozel, Kansas, 67574, United States and has 129 employees. The total amount of data leakage is 498.10 GB”, “discovered”: “2025-04-16 08:21:09.011310”, “domain”: “phtigers.net”, “duplicates”: [], “extrainfos”: { “ransom”: 160000 }, “group”: “medusa”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 13:02:09”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/bc2b956896d1fa91308993cb466feb6e.png”, “url”: “https:\/\/www.ransomware.live\/id\/UGF3bmVlIEhlaWdodHMgVW5pZmllZCBTY2hvb2wgRGlzdHJpY3RAbWVkdXNh”, “victim”: “Pawnee Heights Unified School District” }, { “activity”: “Healthcare”, “attackdate”: “2025-04-14 02:00:00.000000”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/67efb5a6516e69ca612626e1”, “country”: “US”, “description”: “Mental Health Partners \r Is now Clinica Family Health & Wellness\r \r So many factors influence your health and well-being. That\u2019s why \”whole-person\” or \”integrated\” healthcare matters. It ties together your physical, oral, and mental health. Clinica Family Health & Wellness is leading the way by treating you as a whole person and providing all the care you need to be healthy and well. Select the buttons below to learn more about our whole-person health services. Welcome to your new health care home!\r \r \r In our hands there are more than 1 terabyte of the company’s data. Including all personal cards of patients. Databases. The results of treatment and diagnoses. Databases. Postal correspondence and financial documents. All data will be published in case of refusal of payment.”, “discovered”: “2025-04-14 08:07:32.340494”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “incransom”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f878de491aeedec2c0f01d968721cfb2.png”, “url”: “https:\/\/www.ransomware.live\/id\/TUVOVEFMIEhFQUxUSEBpbmNyYW5zb20=”, “victim”: “MENTAL HEALTH” }, { “activity”: “Healthcare”, “attackdate”: “2025-04-14 00:00:00.000000”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/67ee8d1d516e69ca611ee27d”, “country”: “US”, “description”: “Best Orthopedics, Sports Medicine, Joint Replacement.”, “discovered”: “2025-04-14 10:58:42.287433”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “incransom”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/9ddb7d6a05a9bf22f1f6a3f7a9aaa757.png”, “url”: “https:\/\/www.ransomware.live\/id\/T3J0aG9wYWVkaWMgU3BlY2lhbGlzdHMgb2YgQ29ubmVjdGljdXRAaW5jcmFuc29t”, “victim”: “Orthopaedic Specialists of Connecticut” }, { “activity”: “Manufacturing”, “attackdate”: “2025-04-14 00:00:00.000000”, “claim_url”: “”, “country”: “US”, “description”: “Oklahoma Steel & Wire Co Inc. offers a complete line in both agri\ncultural and industrial wire products.\n\nWe are ready to upload more than 129 GB of essential corporate do\ncuments such as: corporate licenses, agreements and contracts, co\nntact numbers and e-mail addresses of employees and customers, fi\nnancial data (audits, payment details, reports), etc.\n”, “discovered”: “2025-04-14 11:52:50.485089”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/T2tsYWhvbWEgU3RlZWwgJiBXaXJlQGFraXJh”, “victim”: “Oklahoma Steel & Wire” }, { “activity”: “Not Found”, “attackdate”: “2025-04-14 00:00:00.000000”, “claim_url”: “”, “country”: “DE”, “description”: “The company rents and leases tools and equipment in the areas of \nsanitation, heating, control and control technology.\n\nWe are ready to upload some of essential corporate documents such\nas: contact numbers and e-mail addresses of employees and custom\ners, corporate licenses, agreements and contracts, etc.\n”, “discovered”: “2025-04-14 11:52:55.318375”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/U1RVTVBGIE3DnExMRVIgQmliZXJhY2hAYWtpcmE=”, “victim”: “STUMPF M\u00dcLLER Biberach” }, { “activity”: “Agriculture and Food Production”, “attackdate”: “2025-04-14 00:00:00.000000”, “claim_url”: “”, “country”: “PT”, “description”: “Companhia Agricola da Quinta de Corona has its headquarters in Li\nsbon. Its main activity is forestry.\n\nWe are ready to upload more than 38 GB of essential corporate doc\numents such as: contact numbers and e-mail addresses of employees\nand customers, corporate licenses, agreements and contracts, emp\nloyee passports, etc.\n”, “discovered”: “2025-04-14 13:19:23.516929”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/QWdyaWNvbGEgRGEgUXVpbnRhIERlIENvcm9uYUBha2lyYQ==”, “victim”: “Agricola Da Quinta De Corona” }, { “activity”: “Not Found”, “attackdate”: “2025-04-14 00:00:00.000000”, “claim_url”: “”, “country”: “IT”, “description”: “The firm assists businesses in small business accounting, tax pre\nparation, strategic business planning, part-time Chief Financial \nOfficer Services, and assistance in loan proposal preparation to \nbanks among others.\n\nWe are ready to upload more than 20 GB of essential corporate doc\numents such as: corporate NDA\u2019s, personal SSN\u2019s, internal corpora\nte correspondence, contact numbers and e-mail addresses of employ\nees and customers, driver licenses, corporate licenses, agreement\ns and contracts, financial data (audits, payment details, reports\n), etc.\n”, “discovered”: “2025-04-14 17:17:36.122015”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Q2FwdXRvQGFraXJh”, “victim”: “Caputo” }, { “activity”: “Manufacturing”, “attackdate”: “2025-04-14 00:00:00.000000”, “claim_url”: “http:\/\/ralordqe33mpufkpsr6zkdatktlu3t2uei4ught3sitxgtzfmqmbsuyd.onion\/hejailan”, “country”: “SA”, “description”: “\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200bEstablished in 1980, the Al-Hejailan Group began as an engineering and contracting firm and has since evolved into a diversified holding company. Headquartered in Riyadh, with regional offices across the GCC…”, “discovered”: “2025-04-14 19:08:27.675062”, “domain”: “hejailan”, “duplicates”: [], “extrainfos”: [], “group”: “ralord”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-14 19:06:52”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/7387af4e7f1adfc814af07c1177df04d.png”, “url”: “https:\/\/www.ransomware.live\/id\/QWwtSGVqYWlsYW4gR3JvdXBAcmFsb3Jk”, “victim”: “Al-Hejailan Group” }, { “activity”: “Not Found”, “attackdate”: “2025-04-14 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=244ce069-4b19-3369-af3d-38572456a42f”, “country”: “”, “description”: “Groupe Custeau is a Sherbrooke-based company specializing in real estate development, rental properties, private financing, and investment. They offer efficient solutions in residential and commercial real estate markets. The company is commi …”, “discovered”: “2025-04-14 21:21:41.003078”, “domain”: “www.groupecusteau.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/385dcce14d9bf8ae713864062f62cbaa.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q0RJQHFpbGlu”, “victim”: “CDI” }, { “activity”: “Not Found”, “attackdate”: “2025-04-14 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=4c7b8c53-3eb1-37ac-bdf7-bc78027090ca”, “country”: “US”, “description”: “Company has 24 hours to contact us .\n\nN.L. Olson & Associates maintains at all times, $1,000,000 E & O insurance and $1,000,000 general liability insurance. Careful consideration must be given to the selection of a firm to perform design an …”, “discovered”: “2025-04-14 21:23:17.186337”, “domain”: “lolson.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-14 21:21:45”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/e08baed59a1f572b0d532590951bf21d.png”, “url”: “https:\/\/www.ransomware.live\/id\/TkwgT2xzb24gJiBBc3NvY2lhdGVzQHFpbGlu”, “victim”: “NL Olson & Associates” }, { “activity”: “Not Found”, “attackdate”: “2025-04-13 20:58:36.177592”, “claim_url”: “”, “country”: “SG”, “description”: “70k USD”, “discovered”: “2025-04-13 20:58:37.271433”, “domain”: “”, “duplicates”: [], “extrainfos”: { “ransom”: “” }, “group”: “devman”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/RkVFTEZPVVJAZGV2bWFu”, “victim”: “FEELFOUR” }, { “activity”: “Healthcare”, “attackdate”: “2025-04-13 20:58:32.076149”, “claim_url”: “”, “country”: “”, “description”: “Price -Soon”, “discovered”: “2025-04-13 20:58:34.006010”, “domain”: “”, “duplicates”: [], “extrainfos”: { “ransom”: “” }, “group”: “devman”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TWVkIGluc3RpdHV0ZUBkZXZtYW4=”, “victim”: “Med institute” }, { “activity”: “Technology”, “attackdate”: “2025-04-13 20:58:28.619174”, “claim_url”: “”, “country”: “TH”, “description”: “200k USD”, “discovered”: “2025-04-13 20:58:29.933974”, “domain”: “”, “duplicates”: [], “extrainfos”: { “ransom”: “” }, “group”: “devman”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/QmFuZ2tvayBFbGVjdHJvbmljcyBDby4sIEx0ZEBkZXZtYW4=”, “victim”: “Bangkok Electronics Co., Ltd” }, { “activity”: “Not Found”, “attackdate”: “2025-04-13 20:58:24.965812”, “claim_url”: “”, “country”: “EG”, “description”: “150k USD”, “discovered”: “2025-04-13 20:58:26.224839”, “domain”: “”, “duplicates”: [], “extrainfos”: { “ransom”: “” }, “group”: “devman”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/VGF3YXNvbEBkZXZtYW4=”, “victim”: “Tawasol” }, { “activity”: “Construction”, “attackdate”: “2025-04-13 20:58:21.441717”, “claim_url”: “”, “country”: “US”, “description”: “Amount TBD”, “discovered”: “2025-04-13 20:58:22.650871”, “domain”: “”, “duplicates”: [], “extrainfos”: { “ransom”: “” }, “group”: “devman”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/VGV4YXMgQ29uc3RydWN0aW9uIEZpcm1AZGV2bWFu”, “victim”: “Texas Construction Firm” }, { “activity”: “Technology”, “attackdate”: “2025-04-13 20:58:16.558556”, “claim_url”: “”, “country”: “”, “description”: “590k USD”, “discovered”: “2025-04-13 20:58:19.101591”, “domain”: “optimaxtech.com”, “duplicates”: [], “extrainfos”: { “ransom”: “” }, “group”: “devman”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/T3B0aW1heCBUZWNobm9sb2d5QGRldm1hbg==”, “victim”: “Optimax Technology” }, { “activity”: “Not Found”, “attackdate”: “2025-04-13 20:52:23.403387”, “claim_url”: “http:\/\/santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion\/\/calton-com”, “country”: “”, “description”: “[AI generated] N\/A”, “discovered”: “2025-04-13 20:53:32.246097”, “domain”: “CALTON.COM”, “duplicates”: [], “extrainfos”: [], “group”: “clop”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/ff185e76476aa79cba5d0b1c8bfc6faf.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q0FMVE9OLkNPTUBjbG9w”, “victim”: “CALTON.COM” }, { “activity”: “Business Services”, “attackdate”: “2025-04-12 00:00:00.000000”, “claim_url”: “http:\/\/5butbkrljkaorg5maepuca25oma7eiwo6a2rlhvkblb4v6mf3ki2ovid.onion\/companies\/68\/vinuelas-abogados”, “country”: “ES”, “description”: “In times when transversality and multifunctionality are seen as assets that seemingly reinforce the quality of the professional services offered, at VI\u00d1UELAS ABOGADOS, since our inception in 1987, we have presented ourselves as what we are and what we want to continue to be: A LAW FIRM.Our objective is none other than to defend our clients’ interests in the legal field, avoiding actions that transcend and exceed the scope of our knowledge and experience.- Legal information of clients- Database- Financial documents- Personal information of employees and clients https:\/\/www.xn--viuelasabogados-zqb.es\/”, “discovered”: “2025-04-17 07:10:55.918507”, “domain”: “www.xn--viuelasabogados-zqb.es”, “duplicates”: [], “extrainfos”: [], “group”: “spacebears”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f4ff5223d457359ec9a9231993e4500e.png”, “url”: “https:\/\/www.ransomware.live\/id\/VknDkVVFTEFTIEFCT0dBRE9TQHNwYWNlYmVhcnM=”, “victim”: “VI\u00d1UELAS ABOGADOS” }, { “activity”: “Not Found”, “attackdate”: “2025-04-10 00:00:00.000000”, “claim_url”: “”, “country”: “ID”, “description”: “REFFINDO-PT Pupk Indonesia (Indonesia)”, “discovered”: “2025-04-14 04:09:18.343457”, “domain”: “pupk-indonesia.com”, “duplicates”: [], “extrainfos”: { “data_size”: “200 GB” }, “group”: “nightspire”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-14 04:09:00”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/UkVGRklORE8tUFQgUHVwayBJbmRvbmVzaWFAbmlnaHRzcGlyZQ==”, “victim”: “REFFINDO-PT Pupk Indonesia” }, { “activity”: “Education”, “attackdate”: “2025-04-09 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=b8592709-99e2-30a6-95b7-61fd4949837d”, “country”: “US”, “description”: “Bertie County Public Schools is committed to ensuring that every child in our community receives the best possible education. We are dedicated to nurturing and supporting our students from Pre-K to 12th grade, providing them with the resource …”, “discovered”: “2025-04-17 09:18:14.858342”, “domain”: “www.bertie.k12.nc.us”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: { “link”: “https:\/\/www.ransomware.live\/id\/YmVydGllLmsxMi5uYy51c0AyMDI1LTA0LTA5”, “source”: “https:\/\/www.facebook.com\/BertieCountySchools\/posts\/pfbid0RnyEyLu4rx8tbr7f6p6PB8HmDjEnK9yucbc8RTrkToTogqYhBW7a1LrkJRyD3BTwl”, “summary”: “Le 17 avril, une cyberattaque contre les \u00e9coles du comt\u00e9 de Bertie, en Caroline du Nord, a \u00e9t\u00e9 revendiqu\u00e9e sur le site vitrine de l’enseigne de ran\u00e7ongiciel Qilin. Le 9 avril, les \u00e9coles annon\u00e7aient, sur leur page Facebook, l’indisponibilit\u00e9 de leur syst\u00e8me de t\u00e9l\u00e9phonie et de leurs acc\u00e8s \u00e0 Internet, sugg\u00e9rant la survenue de la cyberattaque revendiqu\u00e9e.” }, “screenshot”: “https:\/\/images.ransomware.live\/victims\/e1828206fc67927d6fe82236970f5e03.png”, “url”: “https:\/\/www.ransomware.live\/id\/YmVydGllLmsxMi5uYy51c0BxaWxpbg==”, “victim”: “bertie.k12.nc.us” }, { “activity”: “Not Found”, “attackdate”: “2025-04-07 00:00:00.000000”, “claim_url”: “http:\/\/nz4z6ruzcekriti5cjjiiylzvrmysyqwibxztk6voem4trtx7gstpjid.onion#niemann”, “country”: “DE”, “description”: “[AI generated] Niemann.de is a German company known as Niemann M\u00f6belteile, which translates to Niemann Furniture Parts. Niemann.de manufactures high-quality surfaces and board materials, mainly distributing its products for interior and furniture design practices. It provides a variety of design options including high gloss and super matte finishes amongst others.”, “discovered”: “2025-04-16 19:26:24.578111”, “domain”: “niemann.de”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 19:26:03”, “users”: 0, “users_url”: 0 }, “modifications”: [ { “date”: “2025-04-17 12:14:40.067460”, “description”: “Update published” } ], “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/bmllbWFubi5kZUBzYWZlcGF5”, “victim”: “niemann.de” }, { “activity”: “Not Found”, “attackdate”: “2025-04-01 00:00:00.000000”, “claim_url”: “”, “country”: “SE”, “description”: “STORT(Sweden)”, “discovered”: “2025-04-13 20:36:46.487316”, “domain”: “stort.nu”, “duplicates”: [], “extrainfos”: { “data_size”: “100 GB” }, “group”: “nightspire”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-13 20:36:27”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/U1RPUlRAbmlnaHRzcGlyZQ==”, “victim”: “STORT” }, { “activity”: “Public Sector”, “attackdate”: “2025-03-30 00:00:00.000000”, “claim_url”: “”, “country”: “PL”, “description”: “Powiatowy Urz\u0105d Pracy w \u017borach(Poland)”, “discovered”: “2025-04-13 20:36:22.589701”, “domain”: “zory.praca.gov.pl”, “duplicates”: [], “extrainfos”: { “data_size”: “40 GB” }, “group”: “nightspire”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-13 20:36:03”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/UG93aWF0b3d5IFVyesSFZCBQcmFjeSB3IMW7b3JhY2hAbmlnaHRzcGlyZQ==”, “victim”: “Powiatowy Urz\u0105d Pracy w \u017borach” }, { “activity”: “Not Found”, “attackdate”: “2025-03-30 00:00:00.000000”, “claim_url”: “”, “country”: “EG”, “description”: “INI Investments(Egypt)”, “discovered”: “2025-04-13 20:37:10.265239”, “domain”: “INI Investments”, “duplicates”: [], “extrainfos”: { “data_size”: “400 GB” }, “group”: “nightspire”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/SU5JIEludmVzdG1lbnRzQG5pZ2h0c3BpcmU=”, “victim”: “INI Investments” }, { “activity”: “Manufacturing”, “attackdate”: “2025-03-30 00:00:00.000000”, “claim_url”: “http:\/\/47glxkuxyayqrvugfumgsblrdagvrah7gttfscgzn56eyss5wg3uvmqd.onion\/packages\/34080486-0237-4e21-83cb-0e0cde11019d”, “country”: “TW”, “description”: “Revenue: $431.6 million\n Type: Manufacturing\n Size: 353,9 GBytes”, “discovered”: “2025-04-16 12:53:45.678509”, “domain”: “shengyusteel.com”, “duplicates”: [], “extrainfos”: [], “group”: “underground”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Lumma”: 4, “Raccoon”: 2, “RedLine”: 4, “StealC”: 2 }, “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-03-31 08:43:39”, “users”: 5, “users_url”: 4 }, “press”: { “link”: “https:\/\/www.ransomware.live\/id\/c2hlbmd5dXN0ZWVsLmNvbUAyMDI1LTAzLTMw”, “source”: “https:\/\/emops.twse.com.tw\/server-java\/t05sr01_1_e?&isNew=Y&seq_no=2&spoke_time=211609&spoke_date=20250330&co_id=2029”, “summary”: “Une cyberattaque a frapp\u00e9 la soci\u00e9t\u00e9 le 30 mars 2025, infectant certains h\u00f4tes et ordinateurs avec des virus. La \u00e9quipe de s\u00e9curit\u00e9 a activ\u00e9 les m\u00e9canismes de d\u00e9fense et a collabor\u00e9 avec des experts pour contenir l’attaque, sans pertes de donn\u00e9es personnelles ou confidentielles. La soci\u00e9t\u00e9 a lanc\u00e9 une enqu\u00eate et renforce actuellement la s\u00e9curit\u00e9 de son infrastructure pour pr\u00e9venir de futures attaques.” }, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a80e9c3010eeb99f07d3090334aa542b.png”, “url”: “https:\/\/www.ransomware.live\/id\/c2hlbmd5dXN0ZWVsLmNvbUB1bmRlcmdyb3VuZA==”, “victim”: “shengyusteel.com” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2025-03-29 00:00:00.000000”, “claim_url”: “http:\/\/mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion\/index.php?page=1topic.php?id=wr7Q9NWapmQ4Qy”, “country”: “CA”, “description”: “Canada”, “discovered”: “2025-04-14 13:57:43.947245”, “domain”: “www.calmont.ca”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “modifications”: [ { “date”: “2025-04-17 12:14:40.257877”, “description”: “Update published” } ], “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/c07ab21b3435198d64f1195e0756c633.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q2FsbW9udCBHcm91cEBwbGF5”, “victim”: “Calmont Group” }, { “activity”: “Hospitality and Tourism”, “attackdate”: “2025-03-29 00:00:00.000000”, “claim_url”: “http:\/\/lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion\/post\/6SW3CsuoFZbjT18E67ffe40a3b1c7”, “country”: “US”, “description”: “Cash in on big wins this tax season! Every hour from 5 – 9 pm, one lucky winner will snag $1,040 in CASH or Free Play! Earn just 25 points, print your voucher at a kiosk, and drop it in the drawing barrel for your shot at a hefty payout!”, “discovered”: “2025-04-16 18:08:01.594751”, “domain”: “jackpotjunction.com”, “duplicates”: [ { “attackdate”: “2025-03-31 16:17:39.000000”, “date”: “2025-04-16 18:08:01.748736”, “group”: “ransomhub”, “link”: “https:\/\/www.ransomware.live\/id\/amFja3BvdGp1bmN0aW9uLmNvbUByYW5zb21odWI=” } ], “extrainfos”: [], “group”: “lockbit3”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-03-31 23:17:53”, “users”: 0, “users_url”: 0 }, “press”: { “link”: “https:\/\/www.ransomware.live\/id\/amFja3BvdGp1bmN0aW9uLmNvbUAyMDI1LTAzLTI5”, “source”: “https:\/\/www.startribune.com\/cybersecurity-incident-at-minnesota-tribal-community-casino-lead-to-shutdown\/601314170”, “summary”: “Le casino Jackpot Junction dans le Minnesota a \u00e9t\u00e9 victime d’une cyberattaque qui a entra\u00een\u00e9 l’arr\u00eat des machines \u00e0 sous et la perturbation des communications t\u00e9l\u00e9phoniques. Les clients ont d\u00fb utiliser les r\u00e9seaux sociaux pour communiquer avec l’h\u00f4tel et les employ\u00e9s ont d\u00fb escorter les clients jusqu’\u00e0 leurs chambres en raison de la perte d’acc\u00e8s aux syst\u00e8mes de r\u00e9servation. L’incident a entra\u00een\u00e9 la fermeture du casino et a affect\u00e9 les activit\u00e9s de la communaut\u00e9 locale, notamment le programme Head Start.” }, “screenshot”: “https:\/\/images.ransomware.live\/victims\/3196301a42eab881deb577dd23112798.png”, “url”: “https:\/\/www.ransomware.live\/id\/amFja3BvdGp1bmN0aW9uLmNvbUBsb2NrYml0Mw==”, “victim”: “jackpotjunction.com” }, { “activity”: “Manufacturing”, “attackdate”: “2025-03-23 00:00:00.000000”, “claim_url”: “”, “country”: “TR”, “description”: “SUMITOMOTOOL(TURKEY)”, “discovered”: “2025-04-13 20:37:34.046055”, “domain”: “www.sumitomotool.com\/en”, “duplicates”: [], “extrainfos”: { “data_size”: “50 GB” }, “group”: “nightspire”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/U1VNSVRPTU9UT09MQG5pZ2h0c3BpcmU=”, “victim”: “SUMITOMOTOOL” }, { “activity”: “Technology”, “attackdate”: “2025-03-18 00:00:00.000000”, “claim_url”: “”, “country”: “TW”, “description”: “Tanaka Electronics Taiwan Co., LTD”, “discovered”: “2025-04-13 20:37:40.095771”, “domain”: “www.tanaka.co.jp”, “duplicates”: [], “extrainfos”: { “data_size”: “10 GB” }, “group”: “nightspire”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/VGFuYWthIEVsZWN0cm9uaWNzIFRhaXdhbiBDby4sIExUREBuaWdodHNwaXJl”, “victim”: “Tanaka Electronics Taiwan Co., LTD” }, { “activity”: “Not Found”, “attackdate”: “2025-03-16 00:00:00.000000”, “claim_url”: “http:\/\/nz4z6ruzcekriti5cjjiiylzvrmysyqwibxztk6voem4trtx7gstpjid.onion#kirkel”, “country”: “DE”, “description”: “[AI generated] N\/A”, “discovered”: “2025-04-16 23:25:01.765496”, “domain”: “kirkel.de”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-03-17 10:12:19”, “users”: 0, “users_url”: 0 }, “press”: { “link”: “https:\/\/www.ransomware.live\/id\/a2lya2VsLmRlQDIwMjUtMDMtMTY=”, “source”: “https:\/\/www.sr.de\/sr\/home\/nachrichten\/politik_wirtschaft\/cyberangriff_auf_gemeinde_kirkel_100.html”, “summary”: “La mairie de Kirkel est ferm\u00e9e temporairement apr\u00e8s avoir \u00e9t\u00e9 victime d’une cyberattaque. Les d\u00e9tails de l’attaque ne sont pas pr\u00e9cis\u00e9s dans l’article. La mairie a d\u00e9cid\u00e9 de fermer ses portes pour une dur\u00e9e ind\u00e9termin\u00e9e en raison de cette attaque.” }, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/a2lya2VsLmRlQHNhZmVwYXk=”, “victim”: “kirkel.de” }, { “activity”: “Not Found”, “attackdate”: “2025-03-15 00:00:00.000000”, “claim_url”: “http:\/\/lynxblog.net\/leaks\/67fe87bdce8dcc3b0d8ba911”, “country”: “DE”, “description”: “toolsign GmbH is a company that operates in the Consumer Services industry. It employs 10to19 people and has 1Mto5M of revenue. The company is headquartered in Neusorg, Bavaria, Germany.\r”, “discovered”: “2025-04-15 17:40:10.999053”, “domain”: “toolsign.com”, “duplicates”: [], “extrainfos”: [], “group”: “lynx”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-15 17:38:46”, “users”: 0, “users_url”: 0 }, “modifications”: [ { “date”: “2025-04-17 12:14:40.045429”, “description”: “Update published” } ], “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/caca1e3d247386424a92be065ed97b3d.png”, “url”: “https:\/\/www.ransomware.live\/id\/dG9vbHNpZ24uY29tQGx5bng=”, “victim”: “toolsign.com” }, { “activity”: “Technology”, “attackdate”: “2025-02-19 00:00:00.000000”, “claim_url”: “http:\/\/hptqq2o2qjva7lcaaq67w36jihzivkaitkexorauw7b2yul2z6zozpqd.onion\/post\/4S0DAV3WkyopbiEaRIPoKWREqx3EqlOK”, “country”: “US”, “description”: “904.6 Million | Commercial & Residential Construction\nIES Communications, LLC (Integrated Electrical Services) We are the national leading provider of communications technology, systems, and services. IES Communications, LLC; The right team to get the job done”, “discovered”: “2025-04-15 16:55:26.485847”, “domain”: “iescomm.com”, “duplicates”: [], “extrainfos”: { “data_size”: “1000 GB” }, “group”: “chaos”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/efe34aeae3c725ae78b04474c38c32d3.png”, “url”: “https:\/\/www.ransomware.live\/id\/aWVzY29tbS5jb21AY2hhb3M=”, “victim”: “iescomm.com” }, { “activity”: “Technology”, “attackdate”: “2025-02-13 12:10:00.000000”, “claim_url”: “http:\/\/47glxkuxyayqrvugfumgsblrdagvrah7gttfscgzn56eyss5wg3uvmqd.onion\/packages\/39dc0afb-d3e1-49f9-8645-62276e3f26eb”, “country”: “CA”, “description”: “Revenue: $37.2 million\n Type: Industry\n Size: 1,1 TBytes”, “discovered”: “2025-04-16 12:55:00.212515”, “domain”: “afasystemsinc.com”, “duplicates”: [], “extrainfos”: [], “group”: “underground”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-04-16 13:00:57”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/5c343f087a2719d7dc61bc3619ed577b.png”, “url”: “https:\/\/www.ransomware.live\/id\/QWZhIFN5c3RlbXMgTHRkLkB1bmRlcmdyb3VuZA==”, “victim”: “Afa Systems Ltd.” }, { “activity”: “Manufacturing”, “attackdate”: “2024-12-22 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=cb0424ef-f1f2-37fc-841c-3df3851abb8d”, “country”: “US”, “description”: “Club Car boasts a 60+ year history of industry-leading innovation and design, initially focused on golf cars and then expanding to commercial utility vehicles and personal-use transportation.\n\nEvery detail of design, fabrication and assembl …”, “discovered”: “2025-04-15 19:15:46.675304”, “domain”: “clubcar.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Azorult”: 2, “Generic Stealer”: 3, “Lumma”: 4, “Raccoon”: 4, “RedLine”: 9, “StealC”: 1, “Vidar”: 2, “racoon”: 2 }, “thirdparties”: 9, “thirdparties_domain”: 3, “update”: “2025-04-15 19:14:19”, “users”: 22, “users_url”: 11 }, “modifications”: [ { “date”: “2025-04-17 12:14:40.131071”, “description”: “Update published” } ], “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f6bc6b20978bca0b3460520404984687.png”, “url”: “https:\/\/www.ransomware.live\/id\/d3d3LmNsdWJjYXIuY29tQHFpbGlu”, “victim”: “www.clubcar.com” }, { “activity”: “Business Services”, “attackdate”: “2024-07-31 00:00:00.000000”, “claim_url”: “http:\/\/mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion\/index.php?page=1topic.php?id=4ZzbRfC5KqXtxJ”, “country”: “US”, “description”: “United States”, “discovered”: “2025-04-14 21:17:48.413177”, “domain”: “www.mbl-arch.com”, “duplicates”: [ { “attackdate”: “2024-07-31 00:00:00.000000”, “date”: “2025-04-14 21:17:48.484117”, “group”: “lynx”, “link”: “https:\/\/www.ransomware.live\/id\/TWlsbGVyIEJvc2t1cyBMYWNrIEFyY2hpdGVjdHMgKGFkLm1ibC1hcmNoLmNvbSlAbHlueA==” } ], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/7a7ae5d451ee379248374d0b1baab8c1.png”, “url”: “https:\/\/www.ransomware.live\/id\/TWlsbGVyIEJvc2t1cyBMYWNrIEFyY2hpdGVjdHNAcGxheQ==”, “victim”: “Miller Boskus Lack Architects” } ]