Ransomware Stats

[ { “activity”: “Construction”, “attackdate”: “2025-07-01 21:52:43.545551”, “claim_url”: “http:\/\/j3dp6okmaklajrsk6zljl5sfa2vpui7j2w6cwmhmmqhab6frdfbphhid.onion#dossenterprises”, “country”: “US”, “description”: “[AI generated] N\/A”, “discovered”: “2025-07-01 21:53:10.478151”, “domain”: “dossenterprises.com”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-01 21:52:26”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/d1218ffa17ad2f3b956b9b68d03bba01.png”, “url”: “https:\/\/www.ransomware.live\/id\/ZG9zc2VudGVycHJpc2VzLmNvbUBzYWZlcGF5”, “victim”: “dossenterprises.com” }, { “activity”: “Public Sector”, “attackdate”: “2025-07-01 21:51:50.300454”, “claim_url”: “http:\/\/j3dp6okmaklajrsk6zljl5sfa2vpui7j2w6cwmhmmqhab6frdfbphhid.onion#lafayettefamilyymca”, “country”: “US”, “description”: “[AI generated] The Lafayette Family YMCA is a non-profit community organization based in Lafayette, Indiana. They offer a wide range of programs such as youth development, healthy living, and social responsibility initiatives. Programs include child care, fitness training, swimming lessons, summer camps, and more. The Lafayette YMCA strives to nurture the potential of every kid, promote healthy living, and foster a sense of social responsibility.”, “discovered”: “2025-07-01 21:52:20.684994”, “domain”: “lafayettefamilyymca.org”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-01 21:51:32”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/8277650d31c132435838ce8cda9310a1.png”, “url”: “https:\/\/www.ransomware.live\/id\/bGFmYXlldHRlZmFtaWx5eW1jYS5vcmdAc2FmZXBheQ==”, “victim”: “lafayettefamilyymca.org” }, { “activity”: “Not Found”, “attackdate”: “2025-07-01 21:50:59.131809”, “claim_url”: “http:\/\/j3dp6okmaklajrsk6zljl5sfa2vpui7j2w6cwmhmmqhab6frdfbphhid.onion#jansen”, “country”: “DE”, “description”: “[AI generated] N\/A”, “discovered”: “2025-07-01 21:51:27.464335”, “domain”: “jansen-aschendorf.de”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-01 21:50:41”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/27bd6b9568027c96970b27d166cb609c.png”, “url”: “https:\/\/www.ransomware.live\/id\/amFuc2VuLWFzY2hlbmRvcmYuZGVAc2FmZXBheQ==”, “victim”: “jansen-aschendorf.de” }, { “activity”: “Not Found”, “attackdate”: “2025-07-01 17:17:59.432728”, “claim_url”: “http:\/\/vmjfieomxhnfjba57sd6jjws2ogvowjgxhhfglsikqvvrnrajbmpxqqd.onion\/?p=418”, “country”: “US”, “description”: “GlobaLinks Hacked This is Handala. I do not forget. I do not forgive. And I do not look away. Today, GlobaLinks, a giant in concrete and quiet deals, has been breached. Its foundations have cracked , not under an earthquake, but under truth. Blueprints. Contracts. Internal emails. Private investor files. Resident records. All of it\u2026”, “discovered”: “2025-07-01 17:18:32.367322”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “handala”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/bda5459cdf492bb483e75d7a6297e8ad.png”, “url”: “https:\/\/www.ransomware.live\/id\/R2xvYmFMaW5rc0BoYW5kYWxh”, “victim”: “GlobaLinks” }, { “activity”: “Not Found”, “attackdate”: “2025-07-01 08:34:07.120818”, “claim_url”: “”, “country”: “”, “description”: “Cameron, Hodges, Coleman, LaPointe\nCHCLW specializes in insurance defense and has a proven history of client satisfaction. The firm believes in prompt responsiveness, as communication is the key to effective representation. As a firm, we strive exceed client expectations and maintain open communication with our valued clients. Our attorneys have jury trial experience and understand the important balance between aggressive representation and risk management\/cost of defense. Above all, the firm values our relationships with our clients, and endeavors to provide excellent customer service on every case.Geo: USA – Leak size: 86 GB Archive – Contains: Files”, “discovered”: “2025-07-01 08:34:10.473888”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “sarcoma”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Q2FtZXJvbiwgSG9kZ2VzLCBDb2xlbWFuLCBMYVBvaW50ZUBzYXJjb21h”, “victim”: “Cameron, Hodges, Coleman, LaPointe” }, { “activity”: “Not Found”, “attackdate”: “2025-07-01 01:00:00.000000”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/685cd4c1ba68908013371931”, “country”: “US”, “description”: “Thomasville is a city in Davidson County, North Carolina, United States. The city was once notable for its furniture industry, as were its neighbors High Point and Lexington.\r We have 250gb data, lots of financial information about all the services in your city”, “discovered”: “2025-07-01 01:53:59.267146”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “incransom”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/2999f2d9334c843f2f9b582184865d58.png”, “url”: “https:\/\/www.ransomware.live\/id\/Y29ydXpjaXR5d25kYXRhK0BpbmNyYW5zb20=”, “victim”: “coruzcitywndata+” }, { “activity”: “Construction”, “attackdate”: “2025-07-01 00:00:00.000000”, “claim_url”: “”, “country”: “MY”, “description”: “Eversendai”, “discovered”: “2025-07-01 05:45:03.306692”, “domain”: “eversendai.com”, “duplicates”: [], “extrainfos”: { “data_size”: “10TB” }, “group”: “nightspire”, “infostealer”: { “employees”: 6, “employees_url”: 2, “infostealer_stats”: { “Lumma”: 18, “RedLine”: 14, “Vidar”: 2 }, “thirdparties”: 6, “thirdparties_domain”: 10, “update”: “2025-07-01 05:44:45”, “users”: 14, “users_url”: 4 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/RXZlcnNlbmRhaUBuaWdodHNwaXJl”, “victim”: “Eversendai” }, { “activity”: “Business Services”, “attackdate”: “2025-07-01 00:00:00.000000”, “claim_url”: “http:\/\/nsalewdnfclsowcal6kn5csm4ryqmfpijznxwictukhrgvz2vbmjjjyd.onion\/lot15.html”, “country”: “CA”, “description”: null, “discovered”: “2025-07-01 07:23:25.805001”, “domain”: “tph.ca”, “duplicates”: [], “extrainfos”: [], “group”: “dunghill”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Lumma”: 2, “Raccoon”: 2, “RedLine”: 2 }, “thirdparties”: 2, “thirdparties_domain”: 2, “update”: “2025-07-01 07:22:39”, “users”: 5, “users_url”: 3 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/356214f8929cfef16895ae4ed4d9ec3a.png”, “url”: “https:\/\/www.ransomware.live\/id\/VGhlIFByaW50aW5nIEhvdXNlQGR1bmdoaWxs”, “victim”: “The Printing House” }, { “activity”: “Construction”, “attackdate”: “2025-07-01 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=502875e1-bf12-31a8-8d02-08917accd1d5”, “country”: “FR”, “description”: “Charpente in Annecy in the Haute-Savoie region of France, LP Charpente is a builder of timber-frame houses and all types of traditional carpentry work, including zinc work, roofing and building extension renovations.”, “discovered”: “2025-07-01 16:45:20.480843”, “domain”: “www.lpcharpente.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/dd991f9e3ea29e1d7436e6b0171f4b34.png”, “url”: “https:\/\/www.ransomware.live\/id\/TFAgQ2hhcnBlbnRlQHFpbGlu”, “victim”: “LP Charpente” }, { “activity”: “Not Found”, “attackdate”: “2025-07-01 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=356bb3b0-b6f2-38fa-8495-d1c34c9a3b24”, “country”: “”, “description”: “An independent registered municipal advisor dedicated to providing public jurisdictions with comprehensive advice on planning, \nstructuring and issuing bonds, notes and lease debt to meet their capital and cash flow needs. Their prospective …”, “discovered”: “2025-07-01 18:52:13.994319”, “domain”: “capmark.org”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-01 18:51:24”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/16e4ee0894f7dacf0372e9dfa5bcaa5d.png”, “url”: “https:\/\/www.ransomware.live\/id\/Y2FwbWFyay5vcmdAcWlsaW4=”, “victim”: “capmark.org” }, { “activity”: “Manufacturing”, “attackdate”: “2025-07-01 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=0ae85603-946f-3f59-9b79-480debda22e7”, “country”: “GB”, “description”: “Parsons Peebles is a global mechanical and electrical engineering service provider specializing in high, medium and low voltage motors, generators, pumps, gearboxes and compressors.\n1.QOS (Quality of Services) and TDC Parsons Peebles Agreeme …”, “discovered”: “2025-07-01 18:53:09.708837”, “domain”: “www.parsons-peebles.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/31b51c3687c81fe95f623e1e7eb5b6e2.png”, “url”: “https:\/\/www.ransomware.live\/id\/cGFyc29ucy1wZWVibGVzLmNvbUBxaWxpbg==”, “victim”: “parsons-peebles.com” }, { “activity”: “Technology”, “attackdate”: “2025-07-01 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=c1ed369f-1fed-3cba-a94c-9ecdd811b599”, “country”: “US”, “description”: “Village Coin Shop specializes in providing a wide variety of numismatic products.The store is also recognized as a dealer of US Mint bullion and Royal Canadian Mint bullion.\n1.Client lists\n2.File is an invoice from SilverTowne (STLP) to Vil …”, “discovered”: “2025-07-01 18:54:02.616455”, “domain”: “www.villagecoin.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/afbd0c280b98e1f28dfb83b13fe40c1d.png”, “url”: “https:\/\/www.ransomware.live\/id\/dmlsbGFnZWNvaW4uY29tQHFpbGlu”, “victim”: “villagecoin.com” }, { “activity”: “Technology”, “attackdate”: “2025-06-30 23:23:53.762897”, “claim_url”: “http:\/\/leak7y2247fj7dbb35rpfyxuyaqtwbshiwxp6h35ttzlhrxmhvi4fead.onionportel”, “country”: “ES”, “description”: “\u200b\u200b\u200b\u200b\u200bPortel Logistic Technologies software solutions support financial, operational and logistics processes…”, “discovered”: “2025-06-30 23:23:56.346534”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “nova”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/UG9ydGVsIExvZ2lzdGljIFRlY2hub2xvZ2llc0Bub3Zh”, “victim”: “Portel Logistic Technologies” }, { “activity”: “Not Found”, “attackdate”: “2025-06-30 18:26:03.838225”, “claim_url”: “http:\/\/nerqnacjmdy3obvevyol7qhazkwkv57dwqvye5v46k5bcujtfa6sduad.onion\/detail?code=oandg-com-au-australia-77gb”, “country”: “AU”, “description”: “Australia – O&G Adelaide”, “discovered”: “2025-06-30 18:26:44.301847”, “domain”: “oandg.com.au”, “duplicates”: [], “extrainfos”: [], “group”: “kairos”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-06-30 18:25:46”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/2f857d150c14b40b4759147630e82b93.png”, “url”: “https:\/\/www.ransomware.live\/id\/b2FuZGcuY29tLmF1QGthaXJvcw==”, “victim”: “oandg.com.au” }, { “activity”: “Not Found”, “attackdate”: “2025-06-30 18:23:32.238643”, “claim_url”: “https:\/\/handala-hack.to\/hotam-ec-hacked\/”, “country”: “EC”, “description”: “Hotam EC Hacked To the founders and executives of Hotam, We don\u2019t need introductions. You need to understand one thing: your infrastructure is no longer your own. From internal communications to client portfolios, decision-support models, risk-control systems, and sensitive investor data , we have accessed, extracted, and duplicated everything. Your clients trust you with billions.\u2026”, “discovered”: “2025-06-30 18:23:57.457594”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “handala”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/60c4cf9b12c4e972dab4323277a8ca60.png”, “url”: “https:\/\/www.ransomware.live\/id\/SG90YW0gRUNAaGFuZGFsYQ==”, “victim”: “Hotam EC” }, { “activity”: “Not Found”, “attackdate”: “2025-06-30 00:00:00.000000”, “claim_url”: “”, “country”: “IT”, “description”: “Meleam S.p.A. offers a comprehensive range of services including \nrisk assessment, training, health surveillance, and various certi\nfications to ensure compliance with current regulations. \n\nWe are ready to upload more than 12 GB of documents. Very detaile\nd financial information (audits, reports, statements, payment det\nails and so on), personal information of clients and employees, l\nots of contracts and agreements, confidential ones, etc.\n”, “discovered”: “2025-06-30 12:15:41.150712”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TWVsZWFtIFMucC5BLkBha2lyYQ==”, “victim”: “Meleam S.p.A.” }, { “activity”: “Business Services”, “attackdate”: “2025-06-30 00:00:00.000000”, “claim_url”: “”, “country”: “US”, “description”: “HRConnects, LLC is a leading provider of human resource and staff\ning services.\n\nWe are ready to upload 4 GB of documents. Employee information (S\nSN, DOB, address, passport\/SSN\/DL scans). Financial information (\nreports, invoices, so on), confidential docs, NDAs, etc.\n”, “discovered”: “2025-06-30 13:07:56.103752”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/SFJDb25uZWN0cywgTExDQGFraXJh”, “victim”: “HRConnects, LLC” }, { “activity”: “Energy”, “attackdate”: “2025-06-30 00:00:00.000000”, “claim_url”: “”, “country”: “US”, “description”: “Murex Petroleum Corporation is engaged in the acquisition, develo\npment and operation of oil and gas properties in North America.\n\nWe are ready to upload 25 GB of documents. Lots of confidential d\nocuments, employee information (SSN, DOB, address, passport\/SSN\/D\nL scans), detailed financial information (reports, invoices, so o\nn), NDAs, etc.\n”, “discovered”: “2025-06-30 14:12:48.613205”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TXVyZXggUGV0cm9sZXVtQGFraXJh”, “victim”: “Murex Petroleum” }, { “activity”: “Technology”, “attackdate”: “2025-06-30 00:00:00.000000”, “claim_url”: “”, “country”: “SE”, “description”: “ENT Energiteknik AB is a company that operates in the Cultural & Informational Centers industry. The company is headquartered in Stockholm, Sweden.”, “discovered”: “2025-06-30 16:14:53.313384”, “domain”: “entab.se”, “duplicates”: [], “extrainfos”: [], “group”: “global”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-06-30 16:14:32”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/ZW50YWIuc2VAZ2xvYmFs”, “victim”: “entab.se” }, { “activity”: “Not Found”, “attackdate”: “2025-06-30 00:00:00.000000”, “claim_url”: “http:\/\/flock4cvoeqm4c62gyohvmncx6ck2e7ugvyqgyxqtrumklhd5ptwzpqd.onion\/?p=460”, “country”: “”, “description”: “To The Board Of I******r D****n G***p As the C****n Islands\u2019 longest-standing interior design company, I*G has a long history [\u2026]”, “discovered”: “2025-06-30 21:24:42.514554”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “flocker”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/SSoqKioqKipuLmNvbUBmbG9ja2Vy”, “victim”: “I*******n.com” }, { “activity”: “Technology”, “attackdate”: “2025-06-30 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=4041ca17-ad40-36f9-8b90-4adfaf6f2bbe”, “country”: “US”, “description”: “Nuphoton Technologies, Inc. is a pioneer in fiber lasers and fiber amplifiers with applications covering industrial, defense, aerospace, biomedical, telecommunications and research areas. The company is in operation since 1996 using proprieta …”, “discovered”: “2025-06-30 21:27:14.030369”, “domain”: “www.nuphoton.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f65f64ada571dcc0023d0aea55b7522f.png”, “url”: “https:\/\/www.ransomware.live\/id\/d3d3Lm51cGhvdG9uLmNvbUBxaWxpbg==”, “victim”: “www.nuphoton.com” }, { “activity”: “Technology”, “attackdate”: “2025-06-30 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=963bd8a4-f9d3-39ac-8573-a101f03b0a80”, “country”: “FR”, “description”: “SEMCO Technologies is a France-based expert in electrostatic chucks (ESCs), essential components in semiconductor device manufacturing. The company focuses on delivering advanced and tailored wafer handling solutions to meet the needs of larg …”, “discovered”: “2025-06-30 21:28:10.802125”, “domain”: “www.semco-tech.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/62e071b29327bd3f0aa7f48310e002b4.png”, “url”: “https:\/\/www.ransomware.live\/id\/c2VtY28tdGVjaC5jb21AcWlsaW4=”, “victim”: “semco-tech.com” }, { “activity”: “Business Services”, “attackdate”: “2025-06-30 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=7accada7-8dff-31cf-9ea9-4b96bc78c5b5”, “country”: “US”, “description”: “Simmons-Boardman Publishing Corporation is one of the oldest, most well-respected, privately held B2B publishers. Our diverse portfolio of print and digital products includes magazines, books, directories, email newsletters, conferences, webs …”, “discovered”: “2025-06-30 21:29:43.635035”, “domain”: “simmonsboardman.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-06-30 21:28:15”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/14057847e1862a37a2d938b23ecff3ea.png”, “url”: “https:\/\/www.ransomware.live\/id\/c2ltbW9ucy1Cb2FyZG1hbiBQdWJsaXNoaW5nLCBJbmNAcWlsaW4=”, “victim”: “simmons-Boardman Publishing, Inc” }, { “activity”: “Manufacturing”, “attackdate”: “2025-06-30 00:00:00.000000”, “claim_url”: “”, “country”: “US”, “description”: “Watermark Marine Systems is a full-line marine contractor serving\nthe Lakes Region of New Hampshire since 1990. They offer a compl\nete range of shorefront construction services with crews working \nyear-round using mobile equipment to perform work on any of New H\nampshire\u2019s lakes or ponds.\n\nWe are ready to upload more than 10 GB of corporate documents. Em\nployee information, confidentiality agreement, financial informat\nion (audits, reports, invoices, so on), NDAs, etc.\n”, “discovered”: “2025-07-01 16:08:34.892171”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/V2F0ZXJtYXJrIE1hcmluZSBTeXN0ZW1zQGFraXJh”, “victim”: “Watermark Marine Systems” }, { “activity”: “Healthcare”, “attackdate”: “2025-06-30 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=4b327f95-5f0b-3177-8adb-6939ba3244d7”, “country”: “US”, “description”: “Alert Medical Alarms is a nationwide leader in Personal Emergency Response Systems (PERS), bringing over 25 years of healthcare expertise to deliver innovative, life-enhancing solutions. Our mission is to empower individuals and support manag …”, “discovered”: “2025-07-01 16:46:15.045886”, “domain”: “alertmedicalalarms.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: { “employees”: 1, “employees_url”: 1, “infostealer_stats”: { “Lumma”: 2 }, “thirdparties”: 1, “thirdparties_domain”: 4, “update”: “2025-07-01 16:45:28”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/7de8ce237d80eee5b0250e782c9967e7.png”, “url”: “https:\/\/www.ransomware.live\/id\/QWxlcnQgTWVkaWNhbCBBbGFybXNAcWlsaW4=”, “victim”: “Alert Medical Alarms” }, { “activity”: “Construction”, “attackdate”: “2025-06-29 17:46:17.183442”, “claim_url”: “http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=ir51M3hEcv7TrL”, “country”: “”, “description”: “United States”, “discovered”: “2025-06-29 17:47:05.805595”, “domain”: “www.budget-e.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/6c6f8a9ef695f1af9ac3c52eeb08f0d5.png”, “url”: “https:\/\/www.ransomware.live\/id\/QnVkZ2V0IEVsZWN0cmljQHBsYXk=”, “victim”: “Budget Electric” }, { “activity”: “Not Found”, “attackdate”: “2025-06-29 17:45:52.638575”, “claim_url”: “http:\/\/leak7y2247fj7dbb35rpfyxuyaqtwbshiwxp6h35ttzlhrxmhvi4fead.onionEpcatalogs”, “country”: “US”, “description”: “\u200b\u200b\u200b\u200b\u200bEPCATALOGS specializes in providing electronic spare part catalogs, workshop manuals, and diagnostic software for the automotive and heavy machinery industries…”, “discovered”: “2025-06-29 17:45:55.445604”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “nova”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/RXBjYXRhbG9ncyBDb21wYW55QG5vdmE=”, “victim”: “Epcatalogs Company” }, { “activity”: “Not Found”, “attackdate”: “2025-06-29 16:24:05.409057”, “claim_url”: “https:\/\/handala-hack.to\/clockworkadmin-hacked\/”, “country”: “”, “description”: “ClockWorkAdmin Hacked To the management of Clockwork Admin, This is not a test. This is not a drill. Your entire infrastructure has been compromised. From backend databases and cloud storage to internal communications and investor-related documentation , we are inside. Every fund file, KYC archive, transaction trail, compliance log, and internal memo has been accessed,\u2026”, “discovered”: “2025-06-29 16:24:30.459000”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “handala”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/85a19c83db1a75d840dcfa850c196871.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q2xvY2tXb3JrQWRtaW5AaGFuZGFsYQ==”, “victim”: “ClockWorkAdmin” }, { “activity”: “Not Found”, “attackdate”: “2025-06-29 09:37:09.000000”, “claim_url”: “http:\/\/zdkexsh2e7yihw5uhg5hpsgq3dois2m5je7lzfagij2y6iw5ptl35gyd.onion\/Data_Download\/nkcustomer.com”, “country”: “IN”, “description”: “Business Services\nNorth Carolina, United States\n107 Employees\nNK Customer Solutions Ltd offers a range of outsourcing services including customer service, data entry, billing and collections, order entry, and sales\/marketing surveys. The company specializes in nearshore call center solutions, providing efficient operations with a focus on high-quality service and rapid deployment.\nRevenue <$5 Million", "discovered": "2025-06-29 10:12:52.559224", "domain": "nkcustomer.com", "duplicates": [], "extrainfos": [], "group": "blacklock", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": [], "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-06-29 10:12:01", "users": 0, "users_url": 0 }, "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/5e601fb3a5be72ff139b0bd423097d3f.png", "url": "https:\/\/www.ransomware.live\/id\/TksgQ3VzdG9tZXIgU29sdXRpb25zQGJsYWNrbG9jaw==", "victim": "NK Customer Solutions" }, { "activity": "Not Found", "attackdate": "2025-06-29 05:50:18.218863", "claim_url": "http:\/\/rhysidafohrhyy2aszi7bm32tnjat5xri65fopcxkdfxhi4tidsg7cad.onion\/archive.php?company=197", "country": "DE", "description": "Welthungerhilfe Welthungerhilfe (WHH) is one of the largest private aid agencies in Germany; politically and religiously independent. More", "discovered": "2025-06-29 05:50:47.469879", "domain": "", "duplicates": [], "extrainfos": [], "group": "rhysida", "screenshot": "https:\/\/images.ransomware.live\/victims\/ed50373588be46c7893d4d0ffb4a87f8.png", "url": "https:\/\/www.ransomware.live\/id\/V2VsdGh1bmdlcmhpbGZlQHJoeXNpZGE=", "victim": "Welthungerhilfe" }, { "activity": "Business Services", "attackdate": "2025-06-29 00:00:00.000000", "claim_url": "http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=dc660747-e82d-35a9-b772-fdfdf71917cb", "country": "US", "description": "Founded in 1961, kubik maltbie produces experiences for museums, visitor centers, and exhibition projects. It offers fabrication and installation services, exhibit design and production, and creation of interactive exhibits. The company is he ...", "discovered": "2025-07-01 14:48:00.287930", "domain": "exhibits-intl.com", "duplicates": [], "extrainfos": [], "group": "qilin", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": [], "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-07-01 14:47:09", "users": 0, "users_url": 0 }, "press": null, "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/ZXhoaWJpdHMtaW50bC5jb21AcWlsaW4=", "victim": "exhibits-intl.com" }, { "activity": "Technology", "attackdate": "2025-06-28 19:49:16.000000", "claim_url": "http:\/\/worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion\/companies\/9154968486", "country": "IN", "description": "[AI generated] Dynamic Netsoft is an IT solutions provider initiated in 2002. It specializes in ERP solutions, custom application development, IT consulting, and software services. The company offers services for industries like real estate, banking, healthcare, and education. Its reputed services include solutions for Microsoft Dynamics, Mobile Applications, Azure Applications. It operates in the US, Middle East, and India.", "discovered": "2025-06-29 16:08:47.300918", "domain": "www.dnetsoft.com", "duplicates": [], "extrainfos": [], "group": "worldleaks", "infostealer": "", "press": null, "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/RHluYW1pYyBOZXRzb2Z0QHdvcmxkbGVha3M=", "victim": "Dynamic Netsoft" }, { "activity": "Consumer Services", "attackdate": "2025-06-28 19:48:56.000000", "claim_url": "http:\/\/worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion\/companies\/1829380564", "country": "US", "description": "[AI generated] Landscape Hawaii is a professional landscaping company offering high-quality services in Hawaii. They provide comprehensive solutions that may include landscape design, installation, and maintenance. Their work range from residential to commercial projects. With their experience and knowledge of local flora, they create sustainable, aesthetically pleasing landscapes that reflect the unique beauty of the Hawaiian islands.", "discovered": "2025-06-29 16:10:46.322204", "domain": "landscapehi.com", "duplicates": [], "extrainfos": [], "group": "worldleaks", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": [], "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-06-29 16:10:22", "users": 0, "users_url": 0 }, "press": null, "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/TGFuZHNjYXBlIEhhd2FpaUB3b3JsZGxlYWtz", "victim": "Landscape Hawaii" }, { "activity": "Not Found", "attackdate": "2025-06-28 19:48:36.000000", "claim_url": "http:\/\/worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion\/companies\/4547071781", "country": "US", "description": "[AI generated] \"Four Quarters\" is a boutique consulting firm that delivers innovative business and technology solutions to a diverse clientele. The team at Four Quarters works diligently to assist businesses in achieving their operational and financial objectives. Some of their services include IT consulting, strategy, development, and project management. Located in Australia, they have built a notable reputation by tailoring strategies for different industries.", "discovered": "2025-06-29 16:09:17.191003", "domain": "fourquartersinc.com", "duplicates": [], "extrainfos": [], "group": "worldleaks", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": [], "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-06-29 16:08:54", "users": 0, "users_url": 0 }, "press": null, "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/Rm91ciBRdWFydGVyc0B3b3JsZGxlYWtz", "victim": "Four Quarters" }, { "activity": "Energy", "attackdate": "2025-06-28 19:48:26.000000", "claim_url": "http:\/\/worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion\/companies\/6147038372", "country": "IN", "description": "[AI generated] ONGC Petro Additions Limited (OPaL) is a joint venture company promoted by Oil and Natural Gas Corporation (ONGC) and co-promoted by Gujarat State Petroleum Corporation (GSPC). It is one of the largest integrated Petrochemical Complexes in south Asia situated in the port town of Dahej, Gujarat, India. OPaL produces a wide range of petrochemical products like HDPE, LLDPE, PP etc.", "discovered": "2025-06-29 16:09:45.121303", "domain": "opalindia.in", "duplicates": [], "extrainfos": [], "group": "worldleaks", "infostealer": { "employees": 12, "employees_url": 7, "infostealer_stats": { "Azorult": 54, "CRYPTBOT": 14, "Ficker": 4, "Lumma": 416, "Predator": 2, "Raccoon": 210, "RedLine": 260, "StealC": 46, "UNKNOWN": 22, "Vidar": 60 }, "thirdparties": 4, "thirdparties_domain": 4, "update": "2025-06-29 16:09:24", "users": 667, "users_url": 74 }, "press": null, "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/T05HQyBQZXRybyBBZGRpdGlvbnMgTGltaXRlZEB3b3JsZGxlYWtz", "victim": "ONGC Petro Additions Limited" }, { "activity": "Telecommunication", "attackdate": "2025-06-28 19:48:06.000000", "claim_url": "http:\/\/worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion\/companies\/0478583208", "country": "IT", "description": "[AI generated] Tiscali SPA is an Italian telecommunications company based in Cagliari. Founded in 1998, it provides internet and telecommunications services to its domestic market. Its services span broadband, dial-up, and television services, along with other digital services. It was one of the first companies to provide ADSL internet services in Italy.", "discovered": "2025-06-29 16:10:14.189072", "domain": "tiscali.it", "duplicates": [], "extrainfos": [], "group": "worldleaks", "infostealer": "", "press": null, "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/VGlzY2FsaSBTUEFAd29ybGRsZWFrcw==", "victim": "Tiscali SPA" }, { "activity": "Not Found", "attackdate": "2025-06-28 10:07:23.281289", "claim_url": "", "country": "", "description": "*************.org", "discovered": "2025-06-30 21:31:58.553155", "domain": "", "duplicates": [], "extrainfos": [], "group": "kawa4096", "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/KioqKioqKioqKioqKi5vcmdAa2F3YTQwOTY=", "victim": "*************.org" }, { "activity": "Not Found", "attackdate": "2025-06-28 08:39:01.490466", "claim_url": "", "country": "JP", "description": "www.ogr-jp.com", "discovered": "2025-07-01 13:18:00.020188", "domain": "www.ogr-jp.com", "duplicates": [], "extrainfos": [], "group": "kawa4096", "infostealer": "", "press": null, "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/d3d3Lm9nci1qcC5jb21Aa2F3YTQwOTY=", "victim": "www.ogr-jp.com" }, { "activity": "Technology", "attackdate": "2025-06-27 21:33:26.000000", "claim_url": "https:\/\/worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion\/companies\/2150963645", "country": "US", "description": "[AI generated] Tech Mahindra is a leading global provider of IT, BPO and consulting services. Based in India, it is part of the Mahindra Group. With over 125,000 employees across 90 countries, it offers solutions that help clients enhance their business processes. Its offerings include customer strategy, data analytics, cloud infrastructure, and digital transformation services. They work with clients across various sectors including telecom, healthcare, manufacturing, banking and financial services.\n", "discovered": "2025-06-27 21:45:18.088836", "domain": "techmahindra.com", "duplicates": [], "extrainfos": [], "group": "worldleaks", "infostealer": { "employees": 3282, "employees_url": 100, "infostealer_stats": { "Atomic": 5, "Azorult": 173, "CRYPTBOT": 80, "DarkCrystal": 1, "Ficker": 15, "Generic Stealer": 1821, "KPOT": 2, "Lumma": 2561, "Mystic": 6, "Predator": 11, "Raccoon": 1134, "RedLine": 2361, "StealC": 517, "Taurus": 7, "UNKNOWN": 103, "Vidar": 339 }, "thirdparties": 3877, "thirdparties_domain": 149, "update": "2025-06-27 21:44:55", "users": 5904, "users_url": 100 }, "press": null, "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/VGVjaCBNYWhpbmRyYUB3b3JsZGxlYWtz", "victim": "Tech Mahindra" }, { "activity": "Manufacturing", "attackdate": "2025-06-27 18:48:26.753576", "claim_url": "http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=LOGDjmJfBG2CyR", "country": "", "description": "United States", "discovered": "2025-06-27 18:49:15.518721", "domain": "www.carterbearings.com", "duplicates": [], "extrainfos": [], "group": "play", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/d4da04e913520ab1984ab4762cd377e3.png", "url": "https:\/\/www.ransomware.live\/id\/Q2FydGVyIE1hbnVmYWN0dXJpbmdAcGxheQ==", "victim": "Carter Manufacturing" }, { "activity": "Not Found", "attackdate": "2025-06-27 18:47:34.291004", "claim_url": "http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=V5Nvy4FGEDOvn0", "country": "US", "description": "United States", "discovered": "2025-06-27 18:48:25.138814", "domain": "www.em-techinc.com", "duplicates": [], "extrainfos": [], "group": "play", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/8a9f965e18fb3d5ff1fbc4b366eae836.png", "url": "https:\/\/www.ransomware.live\/id\/RW10ZWNoIEluY0BwbGF5", "victim": "Emtech Inc" }, { "activity": "Manufacturing", "attackdate": "2025-06-27 18:46:43.588189", "claim_url": "http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=pixmDSseNm5dx2", "country": "TH", "description": "Thailand", "discovered": "2025-06-27 18:47:32.549793", "domain": "www.zuelligindustrial.com", "duplicates": [], "extrainfos": [], "group": "play", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/8ec2b71a8d97cfa575a610640f67c213.png", "url": "https:\/\/www.ransomware.live\/id\/VmlldyBadWVsbGlnIEluZHVzdHJpYWxAcGxheQ==", "victim": "View Zuellig Industrial" }, { "activity": "Hospitality and Tourism", "attackdate": "2025-06-27 18:45:52.852478", "claim_url": "http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=4kpOHpTbWy01r", "country": "CA", "description": "Canada", "discovered": "2025-06-27 18:46:41.860220", "domain": "www.islingtongolfclub.com", "duplicates": [], "extrainfos": [], "group": "play", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/5fd33dce006902524dd19a876ca2177a.png", "url": "https:\/\/www.ransomware.live\/id\/SXNsaW5ndG9uIEdvbGYgQ2x1YkBwbGF5", "victim": "Islington Golf Club" }, { "activity": "Hospitality and Tourism", "attackdate": "2025-06-27 18:45:01.005009", "claim_url": "http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=R6QHHXlR0zOWjj", "country": "US", "description": "United States", "discovered": "2025-06-27 18:45:50.907495", "domain": "www.ojosparesorts.com", "duplicates": [], "extrainfos": [], "group": "play", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/fd24e4a823fd33f5b483912a88b4c220.png", "url": "https:\/\/www.ransomware.live\/id\/U3VucmlzZSBTcHJpbmdzIFNwYSBSZXNvcnRAcGxheQ==", "victim": "Sunrise Springs Spa Resort" }, { "activity": "Not Found", "attackdate": "2025-06-27 18:44:08.609145", "claim_url": "http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=goyZqeZhOVSI0Z", "country": "", "description": "United States", "discovered": "2025-06-27 18:44:59.145148", "domain": "www.cgph.net", "duplicates": [], "extrainfos": [], "group": "play", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/c8f253569f104cf050028af6d4260e2d.png", "url": "https:\/\/www.ransomware.live\/id\/Q0dQJkhAcGxheQ==", "victim": "CGP&H" }, { "activity": "Telecommunication", "attackdate": "2025-06-27 18:43:18.615512", "claim_url": "http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=Q1CmiLcAEoPHVo", "country": "CA", "description": "Canada", "discovered": "2025-06-27 18:44:06.597664", "domain": "www.cartelsys.com", "duplicates": [], "extrainfos": [], "group": "play", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/b51509b69b83826f9787f0cfc60d5550.png", "url": "https:\/\/www.ransomware.live\/id\/Q2FydGVsIENvbW11bmljYXRpb24gU3lzdGVtc0BwbGF5", "victim": "Cartel Communication Systems" }, { "activity": "Manufacturing", "attackdate": "2025-06-27 18:42:26.268396", "claim_url": "http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=pILwaUV2XF0PoN", "country": "US", "description": "United States", "discovered": "2025-06-27 18:43:16.587082", "domain": "www.associatedpackaging.com", "duplicates": [], "extrainfos": [], "group": "play", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/1f1a6d6f25cb310d3c5bdefbdb51f470.png", "url": "https:\/\/www.ransomware.live\/id\/QXNzb2NpYXRlZCBQYWNrYWdpbmdAcGxheQ==", "victim": "Associated Packaging" }, { "activity": "Not Found", "attackdate": "2025-06-27 07:46:34.076635", "claim_url": "https:\/\/handala-hack.to\/weizmann-new-leak\/", "country": "", "description": "Dear Weizmann, Boom. That\u2019s the sound your data center made. We hear the servers didn\u2019t make it. The backups? Vaporized. The cloud? Rained fire. Your brilliant decades of research? Gone. Well , not entirely. We saved it for you. Every byte. Every model. Every unpublished manuscript. While your walls burned, our vaults stayed cold and\u2026", "discovered": "2025-06-27 07:47:00.336427", "domain": "", "duplicates": [], "extrainfos": [], "group": "handala", "screenshot": "https:\/\/images.ransomware.live\/victims\/f7ce26030d1390a30e857d6822c55026.png", "url": "https:\/\/www.ransomware.live\/id\/V2Vpem1hbm4gTmV3IExlYWtAaGFuZGFsYQ==", "victim": "Weizmann New Leak" }, { "activity": "Public Sector", "attackdate": "2025-06-27 05:16:09.143617", "claim_url": "", "country": "LK", "description": "[AI generated] N\/A", "discovered": "2025-06-27 05:16:12.872215", "domain": "Pensions.gov.lk", "duplicates": [], "extrainfos": [], "group": "cloak", "infostealer": "", "press": null, "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/UGVuc2lvbnMuZ292LmxrQGNsb2Fr", "victim": "Pensions.gov.lk" }, { "activity": "Not Found", "attackdate": "2025-06-27 01:15:45.796000", "claim_url": "http:\/\/lynxchatly4zludmhmi75jrwhycnoqvkxb4prohxmyzf4euf5gjxroad.onion\/leaks\/685df0c1e2d7f43c8f253f41", "country": "", "description": "PRECISION ENGINEERING CO., LTD. is a specialist in hard oil, polyurethane, and wood stain and wood preservatives since 1972. The company aims to distribute only premium quality products that can be used for both exterior and interior woodwork, as well as many other home care products. Since its establishment, the company has been appointed as the sole distributor of LORD CORPORATION products from the United States in Thailand. The main product imported from LORD Corporation is Chemglaze Polyurethane (CHEMGLAZE), a hard oil for interior woodwork and wood floors.", "discovered": "2025-06-27 01:39:33.858925", "domain": "woodtect.com", "duplicates": [], "extrainfos": [], "group": "lynx", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/578e501819c5858f1445adb3f5071faa.png", "url": "https:\/\/www.ransomware.live\/id\/V29vZHRlY3RAbHlueA==", "victim": "Woodtect" }, { "activity": "Technology", "attackdate": "2025-06-27 00:00:00.000000", "claim_url": "http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=461fb97f-e836-3935-a3df-a607aa8ab2da", "country": "NO", "description": "Norsk is a privately owned independent company. With 30 years of experience in international shipping.\n1.Invoice for the purchase of an Audi Q8 Sportback Sport 55 e-t by Norsk European Wholesale Ltd.\n2.UPS international shipments, including ...", "discovered": "2025-06-27 17:53:25.952283", "domain": "norsk.global", "duplicates": [], "extrainfos": [], "group": "qilin", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": { "Lumma": 6 }, "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-06-27 17:52:36", "users": 4, "users_url": 2 }, "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/e70bfd89bdc7a208419dde7f34fc7ae6.png", "url": "https:\/\/www.ransomware.live\/id\/bm9yc2suZ2xvYmFsQHFpbGlu", "victim": "norsk.global" }, { "activity": "Not Found", "attackdate": "2025-06-27 00:00:00.000000", "claim_url": "http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=52a111ab-f97a-3591-bdfc-10e13d04a0c2", "country": "US", "description": "Artex Management was founded in 2005 to meet the industry's demand for reliable and hassle-free property management.Our mission is to achieve the standard of living you desire for each property.\n1.The document is a Payment Agreement (Payment ...", "discovered": "2025-06-27 17:54:29.893815", "domain": "artexmanagement.com", "duplicates": [], "extrainfos": [], "group": "qilin", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": [], "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-06-27 17:53:30", "users": 0, "users_url": 0 }, "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/fd65647ac67998bbac690d246154ca3a.png", "url": "https:\/\/www.ransomware.live\/id\/YXJ0ZXhtYW5hZ2VtZW50LmNvbUBxaWxpbg==", "victim": "artexmanagement.com" }, { "activity": "Transportation\/Logistics", "attackdate": "2025-06-27 00:00:00.000000", "claim_url": "http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=2ac8299a-2e07-3403-a1f9-e5cbbea219c6", "country": "US", "description": "Buffalo Marine Service, Inc. founded in 1935, is a bunkering and marine transportation company specializing in inland waterway towing with a focus on the Intracoastal Waterway System.\n1.The document is a Professional Services Agreement (Prof ...", "discovered": "2025-06-27 19:21:59.642427", "domain": "www.buffalomarine.com", "duplicates": [], "extrainfos": [], "group": "qilin", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/76b394d6b91d45b6e5b40f8f9a4eef69.png", "url": "https:\/\/www.ransomware.live\/id\/YnVmZmFsb21hcmluZS5jb21AcWlsaW4=", "victim": "buffalomarine.com" }, { "activity": "Not Found", "attackdate": "2025-06-27 00:00:00.000000", "claim_url": "http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=5fe3b44c-30a0-3b1d-9609-278e900275fc", "country": "JP", "description": "Broadleaf is a family-owned food distribution company supplying high-quality meats and deli meats to distributors and retailers throughout the United States and abroad.Founded in 1988, Broadleaf entered the U.S. market as a major importer and ...", "discovered": "2025-06-27 19:22:54.010608", "domain": "broadleafgame.com", "duplicates": [], "extrainfos": [], "group": "qilin", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": [], "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-06-27 19:22:04", "users": 0, "users_url": 0 }, "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/6ff987a017b29122b1d203c8f21c3203.png", "url": "https:\/\/www.ransomware.live\/id\/YnJvYWRsZWFmZ2FtZS5jb21AcWlsaW4=", "victim": "broadleafgame.com" }, { "activity": "Transportation\/Logistics", "attackdate": "2025-06-27 00:00:00.000000", "claim_url": "http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=41005975-7373-333d-bc45-7a2c25708b6b", "country": "US", "description": "Over more than 30 years, Driver Solutions has specialized in providing affordable driver training and quality trucking job opportunities to new drivers. We do this by offering a company-sponsored CDL training program that allows new drivers ...", "discovered": "2025-06-27 19:23:48.092863", "domain": "greatcdltraining.com", "duplicates": [], "extrainfos": [], "group": "qilin", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": [], "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-06-27 19:22:59", "users": 0, "users_url": 0 }, "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/b50e7711f5e1a4b4147d671828bfbcc6.png", "url": "https:\/\/www.ransomware.live\/id\/Z3JlYXRjZGx0cmFpbmluZy5jb21AcWlsaW4=", "victim": "greatcdltraining.com" }, { "activity": "Manufacturing", "attackdate": "2025-06-27 00:00:00.000000", "claim_url": "http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=23f31887-16ff-305f-919a-18c38a3f3be6", "country": "US", "description": "We are commited to being one of the best and highest quality commercial contract glazing firms in the rocky mountain region. While specializing in Curtainwall, Storefront and Commercial windows we understand how important scheduling and compl ...", "discovered": "2025-06-27 19:24:43.890018", "domain": "elpasoglass.com", "duplicates": [], "extrainfos": [], "group": "qilin", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": [], "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-06-27 19:23:53", "users": 0, "users_url": 0 }, "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/dc7a552a7baa7d43a16d39a14e01b8b1.png", "url": "https:\/\/www.ransomware.live\/id\/ZWxwYXNvZ2xhc3MuY29tQHFpbGlu", "victim": "elpasoglass.com" }, { "activity": "Not Found", "attackdate": "2025-06-26 18:54:28.850559", "claim_url": "http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=CFJvUC8uOAOchh", "country": "US", "description": "United States", "discovered": "2025-06-26 18:55:18.612716", "domain": "www.merlinindustries.com", "duplicates": [], "extrainfos": [], "group": "play", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/8a1172199128ded3999d41871e7ea4ff.png", "url": "https:\/\/www.ransomware.live\/id\/TWVybGluIEluZHVzdHJpZXNAcGxheQ==", "victim": "Merlin Industries" }, { "activity": "Not Found", "attackdate": "2025-06-26 18:28:28.872554", "claim_url": "http:\/\/nerqnacjmdy3obvevyol7qhazkwkv57dwqvye5v46k5bcujtfa6sduad.onion\/detail?code=mcparlane-com-usa-1-65tb", "country": "", "description": "USA - McParlane & Associates", "discovered": "2025-06-26 18:29:01.780454", "domain": "mcparlane.com", "duplicates": [], "extrainfos": [], "group": "kairos", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": [], "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-06-26 18:28:11", "users": 0, "users_url": 0 }, "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/0a8a7ac1a4356300ea1c41e4a7a3d85d.png", "url": "https:\/\/www.ransomware.live\/id\/bWNwYXJsYW5lLmNvbUBrYWlyb3M=", "victim": "mcparlane.com" }, { "activity": "Healthcare", "attackdate": "2025-06-26 18:19:57.262618", "claim_url": "http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=c73c5785-3fac-4338-bc57-bda6f63d1e17", "country": "US", "description": "(Data of the entire group of companies) Dealmed provides a comprehensive range of medical supplies designed for healthcare professionals. Their products cater to various medical needs, ensuring quality and reliability. Dealmed serves hospitals, clinics, and other healthcare facilities as its primary clients. The company is dedicated to enhancing patient care through its innovative supply solutions.", "discovered": "2025-06-26 18:23:35.695388", "domain": "dealmed.com", "duplicates": [], "extrainfos": [], "group": "dragonforce", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": { "Azorult": 2, "Raccoon": 2 }, "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-06-26 18:22:42", "users": 3, "users_url": 2 }, "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/b77a1febc81391c8bb267413b41b5cff.png", "url": "https:\/\/www.ransomware.live\/id\/RGVhbG1lZCBNZWRpY2FsIFN1cHBsaWVzQGRyYWdvbmZvcmNl", "victim": "Dealmed Medical Supplies" }, { "activity": "Construction", "attackdate": "2025-06-26 18:16:31.903668", "claim_url": "http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=5e45838d-5efe-4e1d-a355-ded1452cdcba", "country": "US", "description": "(including email) Antigo Construction is located in Antigo, Wisconsin, and is the company headquarters for the North American and international business operations. Antigo entered the pavement rehabilitation business in 1982 when it imported from Germany the first of six guillotine-style concrete pavement breakers. In 1988 Antigo began operating the 8600 Badger Breaker\u00ae and in 1995 introduced the MHB Badger Breaker\u00ae to respond to the growing demand for more efficient and effective concrete breaking technology. Today Antigo is the worldwide leader in concrete pavement rehabilitation: concrete rubblization - 45 million square yards (38m m2), crack\/break and seat - 82 million square yards (69m m2), break for removal - 106 million square yards (88m m2). Antigo has the equipment, people and experience to get the job done right.", "discovered": "2025-06-26 18:24:36.931928", "domain": "antigoconstruction.com", "duplicates": [], "extrainfos": [], "group": "dragonforce", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": [], "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-06-26 18:23:41", "users": 0, "users_url": 0 }, "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/ba37d56ef9a655f1323b5171e9c05293.png", "url": "https:\/\/www.ransomware.live\/id\/QW50aWdvIENvbnN0cnVjdGlvbkBkcmFnb25mb3JjZQ==", "victim": "Antigo Construction" }, { "activity": "Business Services", "attackdate": "2025-06-26 18:04:09.733343", "claim_url": "http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=2868cd8c-2c6d-4a5d-98ff-265288ec37f3", "country": "US", "description": "Our team is driven by the opportunity to deliver outstanding service to everyone who may visit our stores. Ethics, partnership and integrity are the main values which moves our business forward. Fissco Supply was born on the expansion of our brazilian parent company, Frigelar North American, Inc. Frigelar North America, Inc. is a 55 years old enterprise, which works with the best suppliers in the world. We are happy to bring the same excellence to the US.", "discovered": "2025-06-26 18:25:35.824112", "domain": "fisscosupply.com", "duplicates": [], "extrainfos": [], "group": "dragonforce", "infostealer": { "employees": 1, "employees_url": 1, "infostealer_stats": { "Lumma": 4 }, "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-06-26 18:24:43", "users": 3, "users_url": 2 }, "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/fed44fca675fb0d502d45625baf54d29.png", "url": "https:\/\/www.ransomware.live\/id\/Sm9obnN0b25lIFN1cHBseSBEYWxsYXMtRm9ydCBXb3J0aEBkcmFnb25mb3JjZQ==", "victim": "Johnstone Supply Dallas-Fort Worth" }, { "activity": "Not Found", "attackdate": "2025-06-26 16:02:48.261000", "claim_url": "http:\/\/lynxchatly4zludmhmi75jrwhycnoqvkxb4prohxmyzf4euf5gjxroad.onion\/leaks\/685d6f28e2d7f43c8f217336", "country": "IL", "description": "With our recognized leadership in applying legal service and technology innovation, we deliver commercial advantage to clients.\r", "discovered": "2025-06-26 16:36:28.331062", "domain": "hubermanlaw.co.il", "duplicates": [], "extrainfos": [], "group": "lynx", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": [], "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-06-26 16:35:32", "users": 0, "users_url": 0 }, "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/fd17e2e79a0119bccb79859637ce2391.png", "url": "https:\/\/www.ransomware.live\/id\/aHViZXJtYW5sYXcuY28uaWxAbHlueA==", "victim": "hubermanlaw.co.il" }, { "activity": "Not Found", "attackdate": "2025-06-26 12:59:29.843326", "claim_url": "", "country": "JP", "description": "**********-*******.co.jp", "discovered": "2025-06-30 21:32:01.626923", "domain": "", "duplicates": [], "extrainfos": [], "group": "kawa4096", "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/KioqKioqKioqKi0qKioqKioqLmNvLmpwQGthd2E0MDk2", "victim": "**********-*******.co.jp" }, { "activity": "Financial Services", "attackdate": "2025-06-26 09:42:26.326413", "claim_url": "", "country": "JP", "description": "tokiomarine-nichido.co.jp", "discovered": "2025-07-01 13:18:24.568775", "domain": "tokiomarine-nichido.co.jp", "duplicates": [], "extrainfos": [], "group": "kawa4096", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": { "Atomic": 2, "Azorult": 32, "CRYPTBOT": 16, "Lumma": 408, "Mystic": 2, "Predator": 2, "Raccoon": 140, "RedLine": 328, "StealC": 110, "UNKNOWN": 14, "Vidar": 28 }, "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-07-01 13:18:08", "users": 671, "users_url": 59 }, "press": null, "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/dG9raW9tYXJpbmUtbmljaGlkby5jby5qcEBrYXdhNDA5Ng==", "victim": "tokiomarine-nichido.co.jp" }, { "activity": "Education", "attackdate": "2025-06-26 09:27:34.000000", "claim_url": "http:\/\/zdkexsh2e7yihw5uhg5hpsgq3dois2m5je7lzfagij2y6iw5ptl35gyd.onion\/Data_Download\/e-tech.ac.th", "country": "TH", "description": "Colleges & Universities\nThailand\n502 Employees\nUbon Ratchathani University (UBU) (Thai, ) was established as a campus of Khon Kaen University, Thailand, in 1987. It gained independent university status in 1990.\nRevenue $38.7 Million", "discovered": "2025-06-26 11:13:41.286912", "domain": "www.ubu.ac.th", "duplicates": [], "extrainfos": [], "group": "blacklock", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/21a086d73dd4bc164a3bd7e105e2e891.png", "url": "https:\/\/www.ransomware.live\/id\/VWJvbiBSYXRjaGF0aGFuaSBVbml2ZXJzaXR5QGJsYWNrbG9jaw==", "victim": "Ubon Ratchathani University" }, { "activity": "Technology", "attackdate": "2025-06-26 01:53:18.000000", "claim_url": "http:\/\/vmjfieomxhnfjba57sd6jjws2ogvowjgxhhfglsikqvvrnrajbmpxqqd.onion\/?p=397", "country": "CA", "description": "QHR Ltd Hacked After Job Info and Job Place, QHR was next. One by one, the pillars fall. You built your walls high. You trusted in silence, in firewalls, in forgetfulness. But the echoes of the unseen do not fade. Your gates were not as closed as you believed. Some doors are meant to stay\u2026", "discovered": "2025-06-26 02:16:01.554183", "domain": "", "duplicates": [], "extrainfos": [], "group": "handala", "screenshot": "https:\/\/images.ransomware.live\/victims\/d6dd121598fafceb2749169eb2199874.png", "url": "https:\/\/www.ransomware.live\/id\/UUhSIEx0ZEBoYW5kYWxh", "victim": "QHR Ltd" }, { "activity": "Not Found", "attackdate": "2025-06-26 00:00:00.000000", "claim_url": "", "country": "", "description": "MultiStone is the Low Country's leader in fabrication and install\nation of Natural and Engineered stone countertops. \n\nWe are ready to upload more than 8 GB of documents such as: emplo\nyee documents, financial data, lots of projects, confidentiality \nagreements, etc.\n", "discovered": "2025-06-26 12:12:52.354056", "domain": "", "duplicates": [], "extrainfos": [], "group": "akira", "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/TXVsdGlTdG9uZUBha2lyYQ==", "victim": "MultiStone" }, { "activity": "Business Services", "attackdate": "2025-06-26 00:00:00.000000", "claim_url": "", "country": "US", "description": "Imblum Law Offices PC specializes in bankruptcy law, offering ser\nvices such as Chapter 7, Chapter 11, and Chapter 13 bankruptcy fi\nling, as well as foreclosure defense and debt relief. \n\nWe are ready to upload more than 20 GB of documents such as: clie\nnt personal documents (passports, SSNs, death\/birth certificates,\nfinancial information), court hearings, protocols, employee info\nrmation, other confidential documents.\n", "discovered": "2025-06-26 15:12:20.547300", "domain": "", "duplicates": [], "extrainfos": [], "group": "akira", "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/SW1ibHVtIExhdyBPZmZpY2VzQGFraXJh", "victim": "Imblum Law Offices" }, { "activity": "Not Found", "attackdate": "2025-06-26 00:00:00.000000", "claim_url": "", "country": "", "description": "Martin, Showers, Smith McDonald, LLC is a law firm specializing i\nn civil litigation, trial law, personal injury, and family law.\n\nWe are ready to upload more than 8 GB of documents. More than hal\nf of the data are scans of client personal documents (passports, \nSSNs, death\/birth certificates, DLs and more), employee informati\non, confidential documents, court reports.\n", "discovered": "2025-06-26 15:12:26.421192", "domain": "", "duplicates": [], "extrainfos": [], "group": "akira", "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/TWFydGluIFNob3dlcnMgU21pdGgmIE1jRG9uYWxkQGFraXJh", "victim": "Martin Showers Smith& McDonald" }, { "activity": "Not Found", "attackdate": "2025-06-26 00:00:00.000000", "claim_url": "http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=8ccaa176-e8d6-3b3e-8e90-92a8207b312a", "country": "FJ", "description": "The Essence of Tappoo\nThe Tappoo Group of Companies retails, wholesales and supports an extensive range of high-quality products.\nRETAIL SERVICES\nTappoo Department Stores are located at the key commercial centres of Suva, Nadi and Sigatoka ...", "discovered": "2025-06-26 16:45:55.295234", "domain": "www.tappoo.com.fj", "duplicates": [], "extrainfos": [], "group": "qilin", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/40c0a1e010f90317336c3cd3ea94532a.png", "url": "https:\/\/www.ransomware.live\/id\/VGFwcG9vIEdyb3VwIG9mIENvbXBhbmllc0BxaWxpbg==", "victim": "Tappoo Group of Companies" }, { "activity": "Public Sector", "attackdate": "2025-06-26 00:00:00.000000", "claim_url": "http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/685ded5bba6890801344e878", "country": "TO", "description": "Tonga's health system includes central hospitals, peripheral health centres and communitybased services. Key health challenges include rising rates of NCDs such as diabetes, obesity, heart disease and cancer. Communicable diseases such as tuberculosis, STIs and VPDs persist.", "discovered": "2025-06-27 01:20:50.524419", "domain": "", "duplicates": [], "extrainfos": [], "group": "incransom", "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/VGhlIEtpbmdkb20gb2YgVG9uZ2EncyBNaW5pc3RyeSBvZiBIZWFsdGhAaW5jcmFuc29t", "victim": "The Kingdom of Tonga's Ministry of Health" }, { "activity": "Not Found", "attackdate": "2025-06-26 00:00:00.000000", "claim_url": "", "country": "HK", "description": "Premier 1888 Ltd.", "discovered": "2025-07-01 05:45:53.252968", "domain": "premier1888.com", "duplicates": [], "extrainfos": { "data_size": "0 GB" }, "group": "nightspire", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": [], "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-07-01 05:45:33", "users": 0, "users_url": 0 }, "press": null, "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/UHJlbWllciAxODg4IEx0ZC5AbmlnaHRzcGlyZQ==", "victim": "Premier 1888 Ltd." }, { "activity": "Telecommunication", "attackdate": "2025-06-25 19:42:40.519946", "claim_url": "http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=bc05a7af-c572-4f1f-b595-15a5eef1f102", "country": "US", "description": "Pay Tel Communications, Inc. specializes in providing technology solutions designed to enhance safety and efficiency within confinement facilities and support the needs of incarcerated individuals. Their product offerings include secure communication platforms, educational resources, and multi-function tablets aimed at improving the lives of detainees.\nThe data includes:\n10,000+ video call recordings\n10,000+ audio call recordings\n20,000+ scans of physical mail\n70,000+ work-related documents\n\nThe list of facilities affected by the breach:\nAlexander County NC\nAlleghany County Jail NC\nAlleghany Covington Regional Jail VA\nAnderson County SC\nAshe County Jail NC\nBarnwell County Jail SC\nBartow County GA\nBeaufort County Detention Center NC\nBertie Martin Regional Jail NC\nBleckley County Jail GA\nBradford County Jail FL\nBurke Catawba NC\nBurke County GA\nBurke County Jail NC\nButts County GA\nCarteret County Detention Center NC\nCaswell County Detention Center NC\nCatawba County NC\nChatham County GA\nCitrus County Jail\nColleton County Jail SC\nColumbia County GA\nCoweta County GA\nCrisp County Jail GA\nCurrituck County Detention Center NC\nDare County Jail NC\nDavidson County Detention NC\nDavie County Jail NC\nDooly County Jail GA\nDorchester SC (St George and Summerville)\nDuchesne County Detention Center UT\nDuplin County Detention Center NC\nEastern Shore Regional VA\nEdgecombe County Jail NC\nElbert County Jail GA\nEmanuel County Jail GA\nFauquier County Det Center VA\nFlagler County Jail FL\nFlorence County Jail SC\nForsyth County Jail GA\nForsyth County Jail NC\nFranklin County Jail FL\nFranklin County Jail GA\nFranklin County Jail MO\nFranklin County Jail NC\nGadsden County FL\nGilmer County Jail GA\nGlynn County Detention Center GA\nGordon County Jail GA\nGranville County Jail NC\nGreene County NC\nGuilford County Juvenile Center\nGuilford County NC\nHalifax County Jail NC\nHaralson County Jail GA\nHeard County Jail GA\nHertford County Jail NC\nHertford County Jail NC\nHolmes County FL\nHouston County Jail GA\nJasper County Jail GA\nJefferson County Jail FL\nJones County Jail GA\nJones County Jail NC\nLaurens County Jail GA\nLee County Jail NC\nLevy County Jail FL\nLiberty County Jail GA\nLincoln NC\nLumpkin County Jail\nMadison County Jail GA\nMarion County Jail SC\nMcDowell County Detention Center\nMarlboro County Jail SC\nMartinsville City Jail VA\nMcDowell County Detention Center NC\nMcIntosh County Jail GA\nMcKinley County Adult Detention Center NM\nMcKinley County Juvenile Detention Center NM\nMeigs County Jail TN\nMeriwether County GA\nMitchell County Jail GA\nMonroe County Jail GA\nMontgomery County, OH\nMontgomery County, OH\nMurray County Jail GA\nNash County NC\nNewton County Jail GA\nNorthampton County Jail NC\nOconee County Jail GA\nOkanogan County Corrections Center WA\nOnslow NC\nOrange County Jail NC\nOrangeburg County Jail SC\nPage County VA\nPamlico County Detention Center NC\nPamunkey Regional Jail Authority VA\nPeach County Jail GA\nPickens County Jail GA\nPierce County Jail GA\nPitt County NC\nPittsylvania County Jail\nPolk County Jail NC\nPulaski County Jail GA\nPutnam County Jail GA\nRandolph County Jail GA\nRandolph County Jail NC\nRichmond County Jail NC\nRobeson County Jail NC\nRockbridge Regional Jail VA\nSaluda County Jail SC\nSampson County Detention Center NC\nSchley County Jail GA\nSCORE \u2013 South Correctional Entity\nSiskiyou County Jail CA\nStanly County NC\nStokes County Jail NC\nTaylor County Jail GA\nTelfair County Jail GA\nThomas County Correctional Institution GA\nToombs County Jail GA\nTreutlen County Jail GA\nTwiggs County GA\nVance County Jail NC\nWake County Jail NC\nWalton County Jail GA\nWashington County GA\nWashington County FL\nWashington County NC\nWayne County Jail GA\nWayne County Jail NC\nWhite County Jail GA\nWhitfield County Jail GA\nWilkes County Jail Main NC\nWilkes County Female Annex NC\nWilliamsburg County Jail SC\nWilson County Jail NC\nWorth County GA\nWyandotte County Detention Center KS\nYadkin County Jail NC\nYork County Prison SC", "discovered": "2025-06-26 10:16:14.583029", "domain": "paytel.com", "duplicates": [], "extrainfos": [], "group": "dragonforce", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": { "Azorult": 62, "CRYPTBOT": 2, "Lumma": 110, "Raccoon": 52, "RedLine": 198, "StealC": 8, "Vidar": 16 }, "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-06-26 10:15:19", "users": 278, "users_url": 11 }, "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/f6490662949b3a71affaa965fc7cdda3.png", "url": "https:\/\/www.ransomware.live\/id\/UGF5IFRlbCBDb21tdW5pY2F0aW9uc0BkcmFnb25mb3JjZQ==", "victim": "Pay Tel Communications" }, { "activity": "Not Found", "attackdate": "2025-06-25 17:46:08.000000", "claim_url": "https:\/\/handala-hack.to\/jobplace-ltd-hacked\/", "country": "", "description": "JobPlace Ltd Hacked After the Job Info company, it\u2019s now time for Job Place Today, we confirm that JobPlace, one of the largest Israeli employment and staffing companies, has been successfully breached by the Handala. All internal systems were accessed and fully compromised. We have exfiltrated a comprehensive dataset including employee details, client information, recruitment\u2026", "discovered": "2025-06-25 19:48:32.604072", "domain": "", "duplicates": [], "extrainfos": [], "group": "handala", "screenshot": "https:\/\/images.ransomware.live\/victims\/1628695dfeb177d52b74a3097054aca2.png", "url": "https:\/\/www.ransomware.live\/id\/Sm9iUGxhY2UgTHRkQGhhbmRhbGE=", "victim": "JobPlace Ltd" }, { "activity": "Not Found", "attackdate": "2025-06-25 17:01:20.072292", "claim_url": "http:\/\/kawasa2qo7345dt7ogxmx7qmn6z2hnwaoi3h5aeosupozkddqwp6lqqd.onion\/t7sfhn48\/", "country": "US", "description": "******.org", "discovered": "2025-06-27 14:15:37.498770", "domain": "", "duplicates": [], "extrainfos": [], "group": "kawa4096", "screenshot": "https:\/\/images.ransomware.live\/victims\/ad7eb22acf9eab02b0b8d34b6db7a97b.png", "url": "https:\/\/www.ransomware.live\/id\/KioqKioqLm9yZ0BrYXdhNDA5Ng==", "victim": "******.org" }, { "activity": "Consumer Services", "attackdate": "2025-06-25 15:20:27.534098", "claim_url": "http:\/\/ebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion\/leaks.phphttp:\/\/63dxcqyjooi55s2x25aqsvrykywmmaaoxj4kc23kdboyxyng2zqtkbyd.onion\/index.php?p=", "country": "US", "description": "Wilsonville Toyota-Scion is a new and used car dealership company. It provides a variety of vehicles, including coupes, convertibles, hatchbacks, sedans, and passenger vans. The company was formed in 2007 and is based in Wilsonville, Oregon", "discovered": "2025-06-25 15:20:52.781173", "domain": "wilsonvilletoyota.com", "duplicates": [], "extrainfos": [], "group": "interlock", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": [], "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-06-25 15:20:10", "users": 0, "users_url": 0 }, "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/9441e31d83cf3ce97e160ddd7ddadc4f.png", "url": "https:\/\/www.ransomware.live\/id\/V2lsc29udmlsbGUgVG95b3RhLVNjaW9uQGludGVybG9jaw==", "victim": "Wilsonville Toyota-Scion" }, { "activity": "Not Found", "attackdate": "2025-06-25 15:19:35.694463", "claim_url": "http:\/\/ebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion\/leaks.phphttp:\/\/zdn5uv663oiffbrloxalsdl4v3lg73elrnuso47rbuavu6bmhqvd2wqd.onion\/index.php?p=", "country": "GB", "description": "Positive Solutions High School offers a flexible learning environment with a split session format and a College Credit Program, enabling students to earn college credits while completing high school. The school empowers students with resources for future employment and personal success, emphasizing academic excellence and student accountability.", "discovered": "2025-06-25 15:20:04.745656", "domain": "https:positivesolutions.school", "duplicates": [], "extrainfos": [], "group": "interlock", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/068cb106669de2db960fcc09ac191232.png", "url": "https:\/\/www.ransomware.live\/id\/UG9zaXRpdmUgU29sdXRpb25zQGludGVybG9jaw==", "victim": "Positive Solutions" }, { "activity": "Not Found", "attackdate": "2025-06-25 00:00:00.000000", "claim_url": "http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=68666792-07dc-3fca-b61e-e3962586e952", "country": "", "description": "Optimizing for What\u2019s Next\n \n\nThe AEROBLOX platform is currently undergoing optimization to better serve your tokenized assets. Smart contracts are syncing. Protocols are refining. Value engines are recalibrating.\n\nYour wealth is safe ...", "discovered": "2025-06-25 16:45:25.151250", "domain": "aeroblox.io", "duplicates": [], "extrainfos": [], "group": "qilin", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": [], "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-06-25 16:44:30", "users": 0, "users_url": 0 }, "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/654b423e4dfc600eb64e54946530392c.png", "url": "https:\/\/www.ransomware.live\/id\/QUVST0JMT1hAcWlsaW4=", "victim": "AEROBLOX" }, { "activity": "Public Sector", "attackdate": "2025-06-25 00:00:00.000000", "claim_url": "http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=a6829fe3-deda-3c38-9e1c-6daf5a4779db", "country": "US", "description": "We build, preserve & advocate for affordable housing.\nHabitat for Humanity of Greater Sioux Falls is committed to improving the quality of life, health and economic prosperity of our community through shelter. Eligible residents of Minnehaha ...", "discovered": "2025-06-26 00:16:55.026970", "domain": "siouxfallshabitat.org", "duplicates": [], "extrainfos": [], "group": "qilin", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": [], "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-06-26 00:16:06", "users": 0, "users_url": 0 }, "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/fe1706ed6cf216147c7bec82f3bba49b.png", "url": "https:\/\/www.ransomware.live\/id\/SGFiaXRhdCBmb3IgSHVtYW5pdHkgb2YgR3JlYXRlciBTaW91eCBGYWxscywgSW5jLkBxaWxpbg==", "victim": "Habitat for Humanity of Greater Sioux Falls, Inc." }, { "activity": "Manufacturing", "attackdate": "2025-06-25 00:00:00.000000", "claim_url": "http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=9ef5eea3-a83d-38bc-9e8e-ebf21b2ea83f", "country": "GB", "description": "Established in 1945 Airedale Springs Ltd is a successful family business which has gained a World-Wide reputation for up to the minute expertise for the manufacture of quality springs and wire forms for many national and international custome ...", "discovered": "2025-06-26 11:42:35.843745", "domain": "www.airedalesprings.co.uk", "duplicates": [], "extrainfos": [], "group": "qilin", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/e70b9b51bde0b8a2bcb47676152fdf95.png", "url": "https:\/\/www.ransomware.live\/id\/QWlyZWRhbGUgU3ByaW5nc0BxaWxpbg==", "victim": "Airedale Springs" }, { "activity": "Consumer Services", "attackdate": "2025-06-25 00:00:00.000000", "claim_url": "", "country": "CA", "description": "Throughout the year your Arbour Volkswagen in Laval offers you a \nlarge choice of special offers, impressive rebates and unbeatable\npromotions.\n\nWe are ready to upload more than 4 GB of documents such as: confi\ndential agreements containing clients personal information, detai\nled financial data (audits, payment details, reports, invoices), \nemployee and partners information, etc.\n", "discovered": "2025-06-26 12:12:42.805965", "domain": "", "duplicates": [], "extrainfos": [], "group": "akira", "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/QXJib3VyIFZvbGtzd2FnZW5AYWtpcmE=", "victim": "Arbour Volkswagen" }, { "activity": "Not Found", "attackdate": "2025-06-25 00:00:00.000000", "claim_url": "", "country": "IT", "description": "Studio Verna Societ\u00e0 Professionale offers integrated economic, ta\nx and legal advice to businesses and third sector entities, with \na highly personalized approach to the needs of the client and the\nsector in which it operates.\n\nWe are ready to upload more than 7 GB of documents such as: finan\ncial data (audits, payment details, reports, invoices), client fi\nnancial data, agreements, project information, employee informati\non, etc.\n", "discovered": "2025-06-26 12:12:46.864726", "domain": "", "duplicates": [], "extrainfos": [], "group": "akira", "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/U3R1ZGlvIFZlcm5hIFNvY2lldMOgUHJvZmVzc2lvbmFsZUBha2lyYQ==", "victim": "Studio Verna Societ\u00e0Professionale" }, { "activity": "Not Found", "attackdate": "2025-06-24 21:45:30.980257", "claim_url": "http:\/\/kawasa2qo7345dt7ogxmx7qmn6z2hnwaoi3h5aeosupozkddqwp6lqqd.onion\/sug6y4wv\/", "country": "US", "description": "www.******.com", "discovered": "2025-06-27 14:16:23.437641", "domain": "", "duplicates": [], "extrainfos": [], "group": "kawa4096", "screenshot": "https:\/\/images.ransomware.live\/victims\/d436ff55e728b8b0a1c94c07237d4fe7.png", "url": "https:\/\/www.ransomware.live\/id\/KioqKioqLmNvbUBrYXdhNDA5Ng==", "victim": "******.com" }, { "activity": "Financial Services", "attackdate": "2025-06-24 15:11:28.329722", "claim_url": "", "country": "US", "description": "www.malonebailey.com", "discovered": "2025-06-30 21:32:27.996409", "domain": "malonebailey.com", "duplicates": [], "extrainfos": [], "group": "kawa4096", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": [], "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-06-30 21:32:09", "users": 0, "users_url": 0 }, "press": null, "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/d3d3Lm1hbG9uZWJhaWxleS5jb21Aa2F3YTQwOTY=", "victim": "www.malonebailey.com" }, { "activity": "Not Found", "attackdate": "2025-06-24 00:00:00.000000", "claim_url": "", "country": "JP", "description": "JIEI (THAILAND) CO., LTD", "discovered": "2025-07-01 05:45:29.071804", "domain": "jieithai.com", "duplicates": [], "extrainfos": { "data_size": "650 GB" }, "group": "nightspire", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": [], "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-07-01 05:45:08", "users": 0, "users_url": 0 }, "press": null, "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/SklFSSBDTy4sIExUREBuaWdodHNwaXJl", "victim": "JIEI CO., LTD" }, { "activity": "Not Found", "attackdate": "2025-06-22 13:05:36.657062", "claim_url": "http:\/\/kawasa2qo7345dt7ogxmx7qmn6z2hnwaoi3h5aeosupozkddqwp6lqqd.onion\/rodx6ixo\/", "country": "DE", "description": "www.******.de", "discovered": "2025-06-27 14:16:55.184159", "domain": "", "duplicates": [], "extrainfos": [], "group": "kawa4096", "screenshot": "https:\/\/images.ransomware.live\/victims\/a43f01dc82367a13d59e94cc9f3c776a.png", "url": "https:\/\/www.ransomware.live\/id\/KioqKioqLmRlQGthd2E0MDk2", "victim": "******.de" }, { "activity": "Public Sector", "attackdate": "2025-06-21 00:00:00.000000", "claim_url": "http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=dc5a4086-46e4-3323-8863-ed47db33a512", "country": "ES", "description": "The other day we learned with interest that the autonomous city of Melilla was subjected to a serious hacker attack =)\nBut what surprised us even more was that none of the authorities even tried to contact us. So, it's time for our team to t ...", "discovered": "2025-06-26 16:44:59.919100", "domain": "www.melilla.es", "duplicates": [], "extrainfos": [], "group": "qilin", "infostealer": "", "press": { "link": "https:\/\/www.ransomware.live\/id\/bWVsaWxsYS5lc0AyMDI1LTA2LTIx", "source": "https:\/\/www.mallorca-services.es\/melilla-erleidet-moeglichen-cyberangriff-vollstaendiger-it-ausfall\/", "summary": "La ville autonome de Melilla est touch\u00e9e par une panne informatique totale depuis trois jours, emp\u00eachant les employ\u00e9s publics de travailler et les administr\u00e9s de r\u00e9gler leurs affaires. Les techniciens travaillent \u00e0 r\u00e9soudre le probl\u00e8me avec l'aide du service de renseignement national. Les causes de la panne ne sont pas encore connues, mais un cyberattaque est soup\u00e7onn\u00e9e." }, "screenshot": "https:\/\/images.ransomware.live\/victims\/7c76eb77f0dad7cdda0ab8c4b3766216.png", "url": "https:\/\/www.ransomware.live\/id\/bWVsaWxsYS5lc0BxaWxpbg==", "victim": "melilla.es" }, { "activity": "Not Found", "attackdate": "2025-06-20 18:23:55.821232", "claim_url": "http:\/\/kawasa2qo7345dt7ogxmx7qmn6z2hnwaoi3h5aeosupozkddqwp6lqqd.onion\/6m2kaswe\/", "country": "US", "description": "www.morningsideservices.com", "discovered": "2025-06-27 14:17:27.664113", "domain": "Morningsideservices.com", "duplicates": [], "extrainfos": [], "group": "kawa4096", "infostealer": "", "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/d787d19b816693ff82a5e92a6eac309c.png", "url": "https:\/\/www.ransomware.live\/id\/TW9ybmluZ3NpZGVzZXJ2aWNlc0BrYXdhNDA5Ng==", "victim": "Morningsideservices" }, { "activity": "Not Found", "attackdate": "2025-06-16 00:00:00.000000", "claim_url": "", "country": "TR", "description": "Kinik Gross Toptan Market", "discovered": "2025-07-01 05:46:18.237758", "domain": "kinikgross.com", "duplicates": [], "extrainfos": { "data_size": "1 GB" }, "group": "nightspire", "infostealer": { "employees": 0, "employees_url": 0, "infostealer_stats": [], "thirdparties": 0, "thirdparties_domain": 0, "update": "2025-07-01 05:45:57", "users": 0, "users_url": 0 }, "press": null, "screenshot": "", "url": "https:\/\/www.ransomware.live\/id\/S2luaWsgR3Jvc3MgVG9wdGFuIE1hcmtldEBuaWdodHNwaXJl", "victim": "Kinik Gross Toptan Market" }, { "activity": "Not Found", "attackdate": "2025-06-15 00:00:00.000000", "claim_url": "http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=71f68468-3afb-3ed8-a1ea-309a25afdaa8", "country": "DE", "description": "SILOKING is the brand for innovative feeding technology.\n\nSILOKING Mayer Maschinenbau GmbH produces innovative feeding technology and sells it in over 50 countries worldwide. The owner-managed family company is based in Tittmoning, Bavaria. ...", "discovered": "2025-06-27 16:23:22.437268", "domain": "www.siloking.com", "duplicates": [], "extrainfos": [], "group": "qilin", "infostealer": "", "press": { "link": "https:\/\/www.ransomware.live\/id\/c2lsb2tpbmcuY29tQDIwMjUtMDYtMTU=", "source": "https:\/\/www.pnp.de\/lokales\/landkreis-traunstein\/cyberangriff-legt-siloking-lahm-produktion-laeuft-nur-im-notbetrieb-18931292", "summary": "L'entreprise Siloking a \u00e9t\u00e9 victime d'une attaque de cybercriminels qui ont utilis\u00e9 du logiciel de ran\u00e7on pour crypter les syst\u00e8mes informatiques. La production est actuellement en fonctionnement d'urgence. Un expert en IT de l'Universit\u00e9 de Passau a expliqu\u00e9 les m\u00e9thodes utilis\u00e9es par les hackers et a donn\u00e9 des conseils aux entreprises." }, "screenshot": "https:\/\/images.ransomware.live\/victims\/3ceff21671027bb6b271b79fb4d16667.png", "url": "https:\/\/www.ransomware.live\/id\/U2lsb0tpbmdAcWlsaW4=", "victim": "SiloKing" }, { "activity": "Manufacturing", "attackdate": "2025-06-11 00:00:00.000000", "claim_url": "http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=d2be9393-52f0-30a1-b89a-6150030de6a7", "country": "TW", "description": "Quaser Machine Tools, Inc. is a Taiwan-based company that manufactures and sells various machine tools, primarily CNC (computer numerical control) machine tools. \n\nOur team managed to breach the QMT network. \n2TB of sensitive data leaked f ...", "discovered": "2025-06-25 21:25:21.330224", "domain": "www.quaser.com", "duplicates": [], "extrainfos": [], "group": "qilin", "infostealer": "", "modifications": [ { "date": "2025-07-01 09:14:56.448915", "description": "Update published" } ], "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/f1bb599cb7727188855b8635540c062d.png", "url": "https:\/\/www.ransomware.live\/id\/UXVhc2VyIE1hY2hpbmUgVG9vbHMsIEluY0BxaWxpbg==", "victim": "Quaser Machine Tools, Inc" }, { "activity": "Not Found", "attackdate": "2025-04-11 00:00:00.000000", "claim_url": "http:\/\/krakenccj3wr23452a4ibkbkuph4d6soyx2xgjoogtuamc3m7u7wemad.onion\/news\/835160f27ad84646042097f971740526", "country": "ES", "description": "ULTRA RAPIT, S.L.\n\nhttp:\/\/[redacted].onion\/...", "discovered": "2025-06-28 08:28:33.634148", "domain": "www.ultrarapit.net", "duplicates": [], "extrainfos": [], "group": "kraken", "infostealer": "", "modifications": [ { "date": "2025-07-01 09:14:56.438843", "description": "Update published" } ], "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/d689db8cc602e92f255fa999149d2604.png", "url": "https:\/\/www.ransomware.live\/id\/d3d3LnVsdHJhcmFwaXQubmV0QGtyYWtlbg==", "victim": "www.ultrarapit.net" }, { "activity": "Not Found", "attackdate": "2025-04-03 00:00:00.000000", "claim_url": "http:\/\/krakenccj3wr23452a4ibkbkuph4d6soyx2xgjoogtuamc3m7u7wemad.onion\/news\/864bfb802a2c20d2d4b4334691a075e8", "country": "ES", "description": "Transportes Sanmarti SA\n\nhttp:\/\/[redacted].onion\/...", "discovered": "2025-06-28 06:18:17.790080", "domain": "www.sanmarti.es", "duplicates": [], "extrainfos": [], "group": "kraken", "infostealer": "", "modifications": [ { "date": "2025-07-01 09:14:56.407896", "description": "Update published" } ], "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/9f4c930dcbc4891bf85665ccf0c04350.png", "url": "https:\/\/www.ransomware.live\/id\/d3d3LnNhbm1hcnRpLmVzQGtyYWtlbg==", "victim": "www.sanmarti.es" }, { "activity": "Consumer Services", "attackdate": "2025-04-02 00:00:00.000000", "claim_url": "http:\/\/krakenccj3wr23452a4ibkbkuph4d6soyx2xgjoogtuamc3m7u7wemad.onion\/news\/faca45600e3c5d12926fbb4a2761ece0", "country": "ES", "description": "ANUBIS COSMETICS, S.L.\n\nhttp:\/\/[redacted].onion\/...", "discovered": "2025-06-28 06:17:30.316742", "domain": "www.anubis-cosmetics.com", "duplicates": [], "extrainfos": [], "group": "kraken", "infostealer": "", "modifications": [ { "date": "2025-07-01 09:14:56.418306", "description": "Update published" } ], "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/f8763658cbd8e18ba0cdefe470104828.png", "url": "https:\/\/www.ransomware.live\/id\/d3d3LmFudWJpcy1jb3NtZXRpY3MuY29tQGtyYWtlbg==", "victim": "www.anubis-cosmetics.com" }, { "activity": "Technology", "attackdate": "2025-04-02 00:00:00.000000", "claim_url": "http:\/\/krakenccj3wr23452a4ibkbkuph4d6soyx2xgjoogtuamc3m7u7wemad.onion\/news\/3b5ad327394e69a407c67ecfaa06de75", "country": "DK", "description": "Humac was established in 1989 and has sold and serviced Apple products ever since. Humac is to bring the HUman and MAC's togethe...", "discovered": "2025-06-28 06:21:06.170877", "domain": "www.humac.dk", "duplicates": [], "extrainfos": [], "group": "kraken", "infostealer": "", "modifications": [ { "date": "2025-07-01 09:14:56.366142", "description": "Update published" } ], "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/623e29718d7b61696290f4c893ac9672.png", "url": "https:\/\/www.ransomware.live\/id\/d3d3Lmh1bWFjLmRrQGtyYWtlbg==", "victim": "www.humac.dk" }, { "activity": "Technology", "attackdate": "2025-02-28 00:00:00.000000", "claim_url": "http:\/\/krakenccj3wr23452a4ibkbkuph4d6soyx2xgjoogtuamc3m7u7wemad.onion\/news\/7a9aa1aedf92b0af3a1d0522c5756b24", "country": "BD", "description": "Flora Limited\n\nhttp:\/\/[redacted].onion...", "discovered": "2025-06-28 06:16:42.225220", "domain": "www.floralimited.com", "duplicates": [], "extrainfos": [], "group": "kraken", "infostealer": "", "modifications": [ { "date": "2025-07-01 09:14:56.428587", "description": "Update published" } ], "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/676b03ebcee801e5f588c464bdf448ef.png", "url": "https:\/\/www.ransomware.live\/id\/d3d3LmZsb3JhbGltaXRlZC5jb21Aa3Jha2Vu", "victim": "www.floralimited.com" }, { "activity": "Business Services", "attackdate": "2025-02-18 00:00:00.000000", "claim_url": "http:\/\/krakenccj3wr23452a4ibkbkuph4d6soyx2xgjoogtuamc3m7u7wemad.onion\/news\/961e4d38e526e58cb38cf673435d8246", "country": "US", "description": "Scott & Kraus, LLC is a boutique law firm located in Chicago specializing in commercial finance. \nThe firm serves a diverse ran...", "discovered": "2025-06-28 06:19:32.112908", "domain": "www.skcounsel.com", "duplicates": [], "extrainfos": [], "group": "kraken", "infostealer": "", "modifications": [ { "date": "2025-07-01 09:14:56.386738", "description": "Update published" } ], "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/b99f307fbb9ca4b1598bf1eae9eadee9.png", "url": "https:\/\/www.ransomware.live\/id\/d3d3LnNrY291bnNlbC5jb21Aa3Jha2Vu", "victim": "www.skcounsel.com" }, { "activity": "Technology", "attackdate": "2025-02-15 00:00:00.000000", "claim_url": "http:\/\/krakenccj3wr23452a4ibkbkuph4d6soyx2xgjoogtuamc3m7u7wemad.onion\/news\/84693f0074b0ec834c33a0404e76c95c", "country": "CA", "description": "Banking \u00b7 Panama\n\nhttp:\/\/[redacted].onion...", "discovered": "2025-06-28 06:20:19.034583", "domain": "www.prival.com", "duplicates": [], "extrainfos": [], "group": "kraken", "infostealer": "", "modifications": [ { "date": "2025-07-01 09:14:56.376529", "description": "Update published" } ], "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/5278abf20aec5be63aed2c51f6fdb09a.png", "url": "https:\/\/www.ransomware.live\/id\/d3d3LnByaXZhbC5jb21Aa3Jha2Vu", "victim": "www.prival.com" }, { "activity": "Manufacturing", "attackdate": "2025-01-06 00:00:00.000000", "claim_url": "http:\/\/mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion\/topic.php?id=v72FxV8rP68te6", "country": "US", "description": "United States", "discovered": "2025-06-27 16:01:56.963849", "domain": "www.dickowcyzak.com", "duplicates": [], "extrainfos": [], "group": "play", "infostealer": "", "modifications": [ { "date": "2025-06-29 18:04:08.502116", "description": "Update published" } ], "press": null, "screenshot": "https:\/\/images.ransomware.live\/victims\/d3d3960b9ddc3226603f04e175136ac8.png", "url": "https:\/\/www.ransomware.live\/id\/RGlja293IEN5emFrIFRpbGVAcGxheQ==", "victim": "Dickow Cyzak Tile" }, { "activity": "Manufacturing", "attackdate": "2024-02-20 00:00:00.000000", "claim_url": "http:\/\/krakenccj3wr23452a4ibkbkuph4d6soyx2xgjoogtuamc3m7u7wemad.onion\/news\/6ab25ad3ac5db4bc5a88789d2aca64d1", "country": "DE", "description": "Continental Aerospace Technologies is a global leader in General Aviation. \nThey are the only company to offer a full range of ...", "discovered": "2025-06-28 06:18:45.242762", "domain": "www.continental.aero", "duplicates": [ { "attackdate": "2024-02-12 00:00:00.000000", "date": "2025-06-28 06:18:45.268345", "group": "play", "link": "https:\/\/www.ransomware.live\/id\/Q29udGluZW50YWwgQWVyb3NwYWNlIFRlY2hub2xvZ2llc0BwbGF5" } ], "extrainfos": [], "group": "kraken", "infostealer": "", "press": { "link": "https:\/\/www.ransomware.live\/id\/Y29udGluZW50YWwuYWVyb0AyMDI0LTAyLTIw", "source": "https:\/\/www.ftnonline.co.uk\/2024\/02\/21\/continental-aerospace-under-cyberattack-that-is-disrupting-daily-operations-at-the-engine-manufacturers-alabama-site\/", "summary": "Continental Aerospace, un fabricant de moteurs bas\u00e9 \u00e0 Mobile en Alabama, est actuellement victime d'une cyberattaque qui perturbe ses op\u00e9rations. L'entreprise a annonc\u00e9 sur son site web le 20 f\u00e9vrier qu'elle travaillait avec des experts pour r\u00e9soudre le probl\u00e8me et esp\u00e8re reprendre ses activit\u00e9s normales prochainement. Aucun d\u00e9tail suppl\u00e9mentaire n'a \u00e9t\u00e9 fourni concernant la fin de l'attaque ou l'\u00e9tendue des perturbations, ni si une violation de donn\u00e9es a eu lieu." }, "screenshot": "https:\/\/images.ransomware.live\/victims\/0ad2fb07a765c173ade805f348d22547.png", "url": "https:\/\/www.ransomware.live\/id\/d3d3LmNvbnRpbmVudGFsLmFlcm9Aa3Jha2Vu", "victim": "www.continental.aero" } ]