Ransomware Stats

[ { “activity”: “Education”, “attackdate”: “2026-04-16 12:25:45.486845”, “claim_url”: “http:\/\/payloadrz5yw227brtbvdqpnlhq3rdcdekdnn3rgucbcdeawq2v6vuyd.onion\/posts\/7c90fc7c-33c6-4fbe-913c-b43b396b278a”, “country”: “DE”, “description”: “Franziskusschule Wilhelmshaven is a school located in Wilhelmshaven, a city in northern Germany on the North Sea coast. The name \u201cFranziskusschule\u201d indicates that it is a Franciscan or Catholic school, often inspired by the values of Saint Francis of Assisi, emphasizing community, social responsibility, and moral education alongside academic learning.”, “discovered”: “2026-04-16 12:26:10.942784”, “domain”: “”, “duplicates”: [], “extrainfos”: { “data_size”: “13 GB” }, “group”: “payload”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/b4493e602dda6d46ffefb7f3284c5643.png”, “url”: “https:\/\/www.ransomware.live\/id\/RnJhbnppc2t1c3NjaHVsZSBXaWxoZWxtc2hhdmVuQHBheWxvYWQ=”, “victim”: “Franziskusschule Wilhelmshaven” }, { “activity”: “Agriculture and Food Production”, “attackdate”: “2026-04-16 12:25:19.177812”, “claim_url”: “http:\/\/payloadrz5yw227brtbvdqpnlhq3rdcdekdnn3rgucbcdeawq2v6vuyd.onion\/posts\/0de813bc-eaed-452e-9b1e-10c6c085e000”, “country”: “LK”, “description”: “Marino Food Products Pvt Ltd, based in Hyderabad, India, specializes in a wide range of healthy and delicious bakery items including biscuits, cookies, cakes, and breads. The company is dedicated to providing high-quality food products that combine wellness with taste, making them an ideal choice for health-conscious consumers. Their offerings are available for online ordering and in various retail stores, ensuring accessibility for their clients. Marino aims to be the go-to destination for snacking bliss, with a commitment to crafting irresistible snacks that satisfy cravings while promoting a healthy lifestyle.”, “discovered”: “2026-04-16 12:25:43.808599”, “domain”: “”, “duplicates”: [], “extrainfos”: { “data_size”: “30 GB” }, “group”: “payload”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/425f6e9658320ecc2a0210fd13b9b99e.png”, “url”: “https:\/\/www.ransomware.live\/id\/TWFyaW5vIEZvb2QgUHJvZHVjdHMgUHZ0QHBheWxvYWQ=”, “victim”: “Marino Food Products Pvt” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2026-04-16 12:24:53.185114”, “claim_url”: “http:\/\/payloadrz5yw227brtbvdqpnlhq3rdcdekdnn3rgucbcdeawq2v6vuyd.onion\/posts\/b4c9d63d-2827-4bb9-b1b9-edf84f780a74”, “country”: “”, “description”: “Sunlight Air offers affordable flights to popular Philippine island destinations such as Cebu, Coron, Boracay, Siquijor, and Siargao. The airline provides various services including private charters, vacation packages, and a loyalty program called Sunlight Miles. Targeting both leisure and business travelers, Sunlight Air aims to enhance the travel experience with exclusive passenger perks and flexible booking options. With a commitment to expanding flight frequencies and routes, the company continues to facilitate convenient travel across the Philippines.”, “discovered”: “2026-04-16 12:25:17.550689”, “domain”: “”, “duplicates”: [], “extrainfos”: { “data_size”: “200 GB” }, “group”: “payload”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/350c764276f1d091e7f54b8d4da56735.png”, “url”: “https:\/\/www.ransomware.live\/id\/U3VubGlnaHQgRXhwcmVzcyBBaXJ3YXlzQHBheWxvYWQ=”, “victim”: “Sunlight Express Airways” }, { “activity”: “Manufacturing”, “attackdate”: “2026-04-16 12:24:26.352400”, “claim_url”: “http:\/\/payloadrz5yw227brtbvdqpnlhq3rdcdekdnn3rgucbcdeawq2v6vuyd.onion\/posts\/b32ffa64-bd8e-487d-a358-cdb8f7d2bb8d”, “country”: “EG”, “description”: “Established in 1979, Oriental Weavers is a manufacturer of textiles used to construct rugs, carpet, upholstery, and more. This company is headquartered in Cairo, Egypt”, “discovered”: “2026-04-16 12:24:51.128097”, “domain”: “orientalweavers.com”, “duplicates”: [], “extrainfos”: { “data_size”: “150 GB” }, “group”: “payload”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-16 12:24:07”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/506acd28db14e581b7c018ea5cd8d01f.png”, “url”: “https:\/\/www.ransomware.live\/id\/b3JpZW50YWx3ZWF2ZXJzLmNvbUBwYXlsb2Fk”, “victim”: “orientalweavers.com” }, { “activity”: “Consumer Services”, “attackdate”: “2026-04-16 12:23:34.677270”, “claim_url”: “http:\/\/payloadrz5yw227brtbvdqpnlhq3rdcdekdnn3rgucbcdeawq2v6vuyd.onion\/posts\/555031f0-db54-4cc0-b7ed-c5b3c1d5f400”, “country”: “AU”, “description”: “TFE Group is a company that operates in the Architecture, Engineering & Design industry.”, “discovered”: “2026-04-16 12:24:01.281814”, “domain”: “”, “duplicates”: [], “extrainfos”: { “data_size”: “30 GB” }, “group”: “payload”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/5516b9c67b13fa8b56abd4c5a2382b8a.png”, “url”: “https:\/\/www.ransomware.live\/id\/VEZFIEdyb3VwQHBheWxvYWQ=”, “victim”: “TFE Group” }, { “activity”: “Healthcare”, “attackdate”: “2026-04-16 09:33:38.161478”, “claim_url”: “http:\/\/lamashtux5j74mcm7lwwgn5yrvuwtrpxjoyendif3v3hrztjesfoyayd.onion\/post\/2bff47b8b7414902df9b5c49cf876d81”, “country”: “”, “description”: “Biotehnos is a Romanian pharmaceutical company founded in 1993 by Prof. Dr. Ioan Manzatu. It is currently headquartered in Otopeni, Ilfov County, near the country\u2019s capital, Bucharest, and celebrated its 30th anniversary in 2023.”, “discovered”: “2026-04-16 09:33:56.647678”, “domain”: “biotehnos.ro”, “duplicates”: [], “extrainfos”: [], “group”: “lamashtu”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-16 09:33:18”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f2df7a698a3967d6628ddbe38690e5f3.png”, “url”: “https:\/\/www.ransomware.live\/id\/QmlvdGVobm9zQGxhbWFzaHR1”, “victim”: “Biotehnos” }, { “activity”: “Business Services”, “attackdate”: “2026-04-15 22:25:44.396349”, “claim_url”: “”, “country”: “NZ”, “description”: “[AI generated] Harris Beach Murtha is a full-service law firm operating in the United States, primarily in the northeastern region. Formed through the merger of Harris Beach and Murtha Cullina, the firm provides legal services across areas including corporate law, litigation, real estate, healthcare, and public finance. It serves clients ranging from businesses and municipalities to nonprofits and individuals across Connecticut, New York, and nearby states.”, “discovered”: “2026-04-15 22:25:48.649042”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “SilentRansomGroup”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/SGFycmlzIEJlYWNoIE11cnRoYUBTaWxlbnRSYW5zb21Hcm91cA==”, “victim”: “Harris Beach Murtha” }, { “activity”: “Consumer Services”, “attackdate”: “2026-04-15 20:25:57.170838”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=1b2b5018-bc00-3fc8-b5b5-01b2110c9924”, “country”: “US”, “description”: “N\/A”, “discovered”: “2026-04-15 20:26:59.814312”, “domain”: “www.cmaquarium.org”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Q2xlYXJ3YXRlciBNYXJpbmUgQXF1YXJpdW1AcWlsaW4=”, “victim”: “Clearwater Marine Aquarium” }, { “activity”: “Not Found”, “attackdate”: “2026-04-15 18:58:31.583564”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=433a4569-2ad7-3b40-b1d1-1b5bf391aa35”, “country”: “”, “description”: “N\/A”, “discovered”: “2026-04-15 18:59:33.389359”, “domain”: “www.limkon.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TGlta29uQHFpbGlu”, “victim”: “Limkon” }, { “activity”: “Consumer Services”, “attackdate”: “2026-04-15 16:32:57.792535”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/theepoch”, “country”: “US”, “description”: “[AI generated] The Epoch Times is a American media company founded in 2000 by John Tang and other Falun Gong practitioners. It operates as a multi-platform news outlet publishing print and digital content in multiple languages across numerous countries. The company is known for promoting conservative viewpoints and has been associated with spreading misinformation. It operates primarily in the United States with a significant global reach.”, “discovered”: “2026-04-15 16:33:19.724150”, “domain”: “theepochtimes.com”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-15 16:32:38”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/097448241c660bec973c42c6da94cdeb.png”, “url”: “https:\/\/www.ransomware.live\/id\/VGhlIEVwb2NoIFRpbWVzQGNvaW5iYXNlY2FydGVs”, “victim”: “The Epoch Times” }, { “activity”: “Not Found”, “attackdate”: “2026-04-15 14:45:21.928336”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=c7f1fef9-9aab-3ba9-8758-9a21b1cb1bf3”, “country”: “IT”, “description”: “N\/A”, “discovered”: “2026-04-15 14:45:47.909710”, “domain”: “www.gruppoicm.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f9073122ff88e3e086fa6f1a6675399b.png”, “url”: “https:\/\/www.ransomware.live\/id\/R3J1cHBvIElDTSBTUEFAcWlsaW4=”, “victim”: “Gruppo ICM SPA” }, { “activity”: “Education”, “attackdate”: “2026-04-15 13:42:56.498329”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/uom”, “country”: “MT”, “description”: “[AI generated] N\/A”, “discovered”: “2026-04-15 13:43:11.526411”, “domain”: “www.uom.gr”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/cb0724b2d17ef7d18784a731f157a157.png”, “url”: “https:\/\/www.ransomware.live\/id\/VU9NIFVuaXZlcnNpdHlAY29pbmJhc2VjYXJ0ZWw=”, “victim”: “UOM University” }, { “activity”: “Not Found”, “attackdate”: “2026-04-15 13:42:19.610958”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/vlz”, “country”: “”, “description”: “[AI generated] N\/A”, “discovered”: “2026-04-15 13:42:34.284227”, “domain”: “vluznet.com”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-15 13:42:00”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/6ec40aca916fa43d63a656dc8cca7583.png”, “url”: “https:\/\/www.ransomware.live\/id\/Vmx1em5ldEBjb2luYmFzZWNhcnRlbA==”, “victim”: “Vluznet” }, { “activity”: “Consumer Services”, “attackdate”: “2026-04-15 13:41:39.859038”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/epoch”, “country”: “US”, “description”: “[AI generated] Epoch Times is an American media company founded in 2000 by Chinese-American Falun Gong practitioners. It operates newspapers, websites, and video content across multiple countries, publishing in numerous languages. The company covers news, politics, health, and culture, but has drawn scrutiny from researchers and platforms for spreading misinformation and promoting far-right narratives. It is headquartered in New York, USA.”, “discovered”: “2026-04-15 13:41:57.428130”, “domain”: “epochtimes.com”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: { “employees”: 6, “employees_url”: 4, “infostealer_stats”: { “Azorult”: 1, “Generic Stealer”: 11, “Lumma”: 15, “Raccoon”: 1, “RedLine”: 2, “StealC”: 7, “Vidar”: 1 }, “thirdparties”: 15, “thirdparties_domain”: 14, “update”: “2026-04-15 13:41:21”, “users”: 36, “users_url”: 38 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/fcd9271a8b5fd4cca399d9f3fef7bf47.png”, “url”: “https:\/\/www.ransomware.live\/id\/RXBvY2ggVGltZXNAY29pbmJhc2VjYXJ0ZWw=”, “victim”: “Epoch Times” }, { “activity”: “Public Sector”, “attackdate”: “2026-04-15 13:41:03.461301”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/sot”, “country”: “”, “description”: “[AI generated] N\/A”, “discovered”: “2026-04-15 13:41:17.779451”, “domain”: “sot.gob.ec”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-15 13:40:44”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a1c4cb170dd0b4f13d51f41990e646ce.png”, “url”: “https:\/\/www.ransomware.live\/id\/U3VwZXJpbnRlbmRlbmN5IG9mIHRlcnJpdG9yaWFsIHBsYW5uaW5nQGNvaW5iYXNlY2FydGVs”, “victim”: “Superintendency of territorial planning” }, { “activity”: “Manufacturing”, “attackdate”: “2026-04-15 13:40:27.047887”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/glsteel”, “country”: “”, “description”: “[AI generated] N\/A”, “discovered”: “2026-04-15 13:40:41.332225”, “domain”: “glsteel.pl”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-15 13:40:07”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/5fad681f8d5ad220f4c826b966759f85.png”, “url”: “https:\/\/www.ransomware.live\/id\/R0wgU3RlZWxAY29pbmJhc2VjYXJ0ZWw=”, “victim”: “GL Steel” }, { “activity”: “Construction”, “attackdate”: “2026-04-15 13:39:49.233176”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/bros”, “country”: “US”, “description”: “[AI generated] N\/A”, “discovered”: “2026-04-15 13:40:03.230642”, “domain”: “waynebrothers.com”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-15 13:39:29”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/7ebcc5a2ae81b4b8de1b254ab67d1bec.png”, “url”: “https:\/\/www.ransomware.live\/id\/V2F5bmUgQnJvdGhlcnMgQ29uc3RydWN0aW9uQGNvaW5iYXNlY2FydGVs”, “victim”: “Wayne Brothers Construction” }, { “activity”: “Business Services”, “attackdate”: “2026-04-15 13:39:09.735179”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/quest”, “country”: “”, “description”: “[AI generated] N\/A”, “discovered”: “2026-04-15 13:39:24.669231”, “domain”: “questivity.com”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-15 13:38:50”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/be6549e30d4bae02e3a62db1ee284508.png”, “url”: “https:\/\/www.ransomware.live\/id\/UXVlc3Rpdml0eUBjb2luYmFzZWNhcnRlbA==”, “victim”: “Questivity” }, { “activity”: “Manufacturing”, “attackdate”: “2026-04-15 13:38:32.796806”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/pkg”, “country”: “”, “description”: “[AI generated] N\/A”, “discovered”: “2026-04-15 13:38:47.526919”, “domain”: “mil-pkg.com”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-15 13:38:13”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/01972b63d783ace87e804e8ac9814a6f.png”, “url”: “https:\/\/www.ransomware.live\/id\/TWlsbGVuaXVtIFBhY2thZ2luZ0Bjb2luYmFzZWNhcnRlbA==”, “victim”: “Millenium Packaging” }, { “activity”: “Public Sector”, “attackdate”: “2026-04-15 13:37:54.251448”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/kemen”, “country”: “ID”, “description”: “[AI generated] Kemenpppa, short for Kementerian Pemberdayaan Perempuan dan Perlindungan Anak, is an Indonesian government ministry responsible for empowering women and protecting children. Operating in Indonesia, it develops and oversees policies related to gender equality, women’s rights, child protection, and social welfare. The ministry works to eliminate discrimination, violence, and exploitation affecting women and children across the country.”, “discovered”: “2026-04-15 13:38:10.581731”, “domain”: “keemenpppa.go.id”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-15 13:37:35”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/dd6c4a5e371ee4839423d4450f0c9e66.png”, “url”: “https:\/\/www.ransomware.live\/id\/S2VtZW5wcHBhQGNvaW5iYXNlY2FydGVs”, “victim”: “Kemenpppa” }, { “activity”: “Education”, “attackdate”: “2026-04-15 13:37:14.990132”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/tokyo”, “country”: “JP”, “description”: “[AI generated] Rogiken is a research organization affiliated with the Institute of Science Tokyo, a Japanese national university formed through the merger of Tokyo Institute of Technology and Tokyo Medical and Dental University. It operates in Japan within the academic and scientific research sector, focusing on advanced engineering, natural sciences, and interdisciplinary studies. The institute supports innovation, technology development, and collaboration between academia and industry.”, “discovered”: “2026-04-15 13:37:31.142418”, “domain”: “rogiken.org”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-15 13:36:55”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/ac7c26b242f7269f187d5529d6471bf7.png”, “url”: “https:\/\/www.ransomware.live\/id\/Um9naWtlbiAvIGluc3RpdHV0ZSBvZiBTY2llbmNlIFRva3lvQGNvaW5iYXNlY2FydGVs”, “victim”: “Rogiken \/ institute of Science Tokyo” }, { “activity”: “Hospitality and Tourism”, “attackdate”: “2026-04-15 13:36:37.070505”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/bleue”, “country”: “FR”, “description”: “[AI generated] N\/A”, “discovered”: “2026-04-15 13:36:52.810332”, “domain”: “la-maison-bleue.fr”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Generic Stealer”: 9, “Lumma”: 17, “Mystic”: 1, “Raccoon”: 2, “RedLine”: 33, “StealC”: 1, “UNKNOWN”: 2, “Vidar”: 6 }, “thirdparties”: 2, “thirdparties_domain”: 3, “update”: “2026-04-15 13:36:17”, “users”: 75, “users_url”: 20 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/d0a2fb6d56f55680d55afde4cf859714.png”, “url”: “https:\/\/www.ransomware.live\/id\/TGEgTWFpc29uIEJsZXVlIEZyYW5jZUBjb2luYmFzZWNhcnRlbA==”, “victim”: “La Maison Bleue France” }, { “activity”: “Not Found”, “attackdate”: “2026-04-15 13:35:59.039505”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/sampol”, “country”: “”, “description”: “[AI generated] Sampol is a Spanish engineering and services company headquartered in Mallorca, Spain. It operates in the energy, industrial, and infrastructure sectors, offering services such as electrical installations, renewable energy solutions, facility management, and maintenance. The company works across multiple countries, primarily in Spain and international markets, serving both public and private clients in areas including smart grids, sustainability, and industrial automation.”, “discovered”: “2026-04-15 13:36:14.751209”, “domain”: “sampol.com”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: { “employees”: 1, “employees_url”: 1, “infostealer_stats”: { “Raccoon”: 2, “RedLine”: 1 }, “thirdparties”: 10, “thirdparties_domain”: 23, “update”: “2026-04-15 13:35:39”, “users”: 2, “users_url”: 6 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/74f17177ddb30ef091b66974660d9226.png”, “url”: “https:\/\/www.ransomware.live\/id\/U2FtcG9sQGNvaW5iYXNlY2FydGVs”, “victim”: “Sampol” }, { “activity”: “Technology”, “attackdate”: “2026-04-15 13:35:20.255887”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/astraya”, “country”: “”, “description”: “[AI generated] Astreya is a US-based IT managed services company headquartered in Sunnyvale, California. It provides technology workforce solutions, IT support, infrastructure management, and digital workplace services to large enterprises. Operating primarily in the information technology services industry, Astreya partners with major technology firms globally, delivering staffing and managed IT services across multiple countries while maintaining its core operations in the United States.”, “discovered”: “2026-04-15 13:35:36.811458”, “domain”: “astreya.com”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-15 13:35:01”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/cf343247be891e2aab1486bb33aee62c.png”, “url”: “https:\/\/www.ransomware.live\/id\/QXN0cmV5YUBjb2luYmFzZWNhcnRlbA==”, “victim”: “Astreya” }, { “activity”: “Business Services”, “attackdate”: “2026-04-15 13:34:38.401548”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/cog”, “country”: “US”, “description”: “[AI generated] Cognizant is a multinational information technology and professional services company headquartered in Teaneck, New Jersey, USA. It operates in the IT services and consulting industry, offering digital transformation, technology, and business process outsourcing services. Founded in 1994, Cognizant serves clients across healthcare, financial services, manufacturing, and retail sectors globally, with major delivery centers in India.”, “discovered”: “2026-04-15 13:34:57.809297”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/8d9a9a0d1bda9ad0d421d9449d76c112.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q29nbml6YW50QGNvaW5iYXNlY2FydGVs”, “victim”: “Cognizant” }, { “activity”: “Business Services”, “attackdate”: “2026-04-15 11:18:27.238441”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=06c26b79-4599-4008-8434-79fb6415c22e”, “country”: “”, “description”: “Empower Group has positioned itself in this space as a hub for it’s clients to access these different types of funding products. Empower Group has leveraged partnerships with the top lenders in the space to better service Empower Group’s client’s specific needs. Through Empower Group’s relationships, with access to more than 40 private finance institutions, Empower Group prides ourselves at being able to meet Empower Group’s clients right where they are to service their specific needs for working capital. Empower Group is committed to continually growing and evolving with the industry as a service to Empower Group’s partners; both business owners and lenders alike.”, “discovered”: “2026-04-16 11:31:30.473241”, “domain”: “goempowergroup.com”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-16 11:30:31”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/06b28153e9f8cff6cf4e166e901608dd.png”, “url”: “https:\/\/www.ransomware.live\/id\/RW1wb3dlciBHcm91cEBkcmFnb25mb3JjZQ==”, “victim”: “Empower Group” }, { “activity”: “Energy”, “attackdate”: “2026-04-15 11:01:42.645324”, “claim_url”: “http:\/\/lamashtux5j74mcm7lwwgn5yrvuwtrpxjoyendif3v3hrztjesfoyayd.onion\/post\/72196be43f72a424ca72de5127a3cdbf”, “country”: “”, “description”: “Volterres, a subsidiary of the Eiffage group, is reinventing the supply of green electricity for businesses and public sector players.\r\n”, “discovered”: “2026-04-15 11:01:58.682220”, “domain”: “volterres.fr”, “duplicates”: [], “extrainfos”: [], “group”: “lamashtu”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-15 11:01:23”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f454e9eef6a9611f8e85b0edefeeb880.png”, “url”: “https:\/\/www.ransomware.live\/id\/Vk9MVEVSUklFU0BsYW1hc2h0dQ==”, “victim”: “VOLTERRIES” }, { “activity”: “Healthcare”, “attackdate”: “2026-04-15 09:54:27.106151”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=745d9b0c-738f-4dbe-b203-1b404f2cbd39”, “country”: “DE”, “description”: “bela-pharm GmbH specializes in the production of veterinary pharmaceuticals aimed at enhancing animal health. Their product range includes solutions for various livestock such as pigs, cattle, poultry, horses, sheep, goats, and small pets. The company serves veterinarians and international clients, offering expertise in drug production and approval. Committed to quality and innovation, bela-pharm focuses on ensuring safe and effective treatments for animals worldwide.”, “discovered”: “2026-04-15 10:40:38.205987”, “domain”: “www.bela-pharm.com”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/3b28a6e8eab5eecbacf729d17828d578.png”, “url”: “https:\/\/www.ransomware.live\/id\/YmVsYSAtIHBoYXJtQGRyYWdvbmZvcmNl”, “victim”: “bela – pharm” }, { “activity”: “Not Found”, “attackdate”: “2026-04-15 09:27:11.598924”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=eef14cd1-1d68-4f9a-a8e2-3a4c7b94bf63”, “country”: “”, “description”: “McCor is a leading real estate and property management company in Canada, specializing in commercial, retail, and residential property management services. The company offers a comprehensive range of services including investment management, advisory services, leasing, and project management, targeting clients involved in real estate developments. McCor prides itself on building long-term partnerships through innovation, collaboration, and a strong focus on value creation. Their proactive approach ensures high levels of tenant satisfaction and operational efficiency, catering to a diverse clientele across various market segments”, “discovered”: “2026-04-15 10:42:02.811527”, “domain”: “mccor.ca”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-15 10:40:41”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TWNDT1JAZHJhZ29uZm9yY2U=”, “victim”: “McCOR” }, { “activity”: “Business Services”, “attackdate”: “2026-04-15 09:26:19.562740”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=2558ad00-e293-441a-b326-9bedc8fcb40a”, “country”: “”, “description”: “Curtis Design Group specializes in home architecture and design, creating beautiful and livable spaces tailored to the needs of families and developers. They focus on understanding client dreams and site specifics to produce detailed blueprints that reflect those visions. The company emphasizes a collaborative approach, ensuring clients are delighted with the final designs before working with builders. Their services extend beyond Utah, aiming to create homes that endure and bring joy for generations.”, “discovered”: “2026-04-15 10:43:30.531019”, “domain”: “curtisdesigngroup.com”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-15 10:42:06”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/e4706f65918f0c9b0daffff5125edc28.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q3VydGlzIERlc2lnbiBHcm91cEBkcmFnb25mb3JjZQ==”, “victim”: “Curtis Design Group” }, { “activity”: “Manufacturing”, “attackdate”: “2026-04-15 00:00:00.000000”, “claim_url”: “”, “country”: “”, “description”: “Fletcher Chrysler Dodge Jeep Ram is a dealership located in Frank\nlin, IN, offering a wide selection of new and used Chrysler, Dodg\ne, Jeep, and Ram vehicles. They serve clients in Franklin, Indian\napolis, Shelbyville, and surrounding areas, providing assistance \nin vehicle purchasing, financing options, and automotive services\n.\n\nWe will upload 28gb of corporate data soon. Personal data of empl\noyees (passports, DLs, SSNs and others), financials, contracts an\nd agreements, client files, and so on.\n”, “discovered”: “2026-04-15 12:03:36.319097”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/RmxldGNoZXIgQ2hyeXNsZXIgUHJvZHVjdHNAYWtpcmE=”, “victim”: “Fletcher Chrysler Products” }, { “activity”: “Not Found”, “attackdate”: “2026-04-15 00:00:00.000000”, “claim_url”: “”, “country”: “CA”, “description”: “Established in 1983, CIR Realty is a real estate brokerage in Can\nada, serving the Central and Southern Alberta markets. They are h\neadquartered in Calgary, Alberta.\n\nWe will upload 25gb of corporate data soon. Detailed personal dat\na of employees (names, emails, addresses, phones, photos, persona\nl documents) and clients (names, emails, addresses, driver licens\nes, phones, payment detailed, account details and so on), detaile\nd financials, contracts and agreements, lots of client files, pro\njects, NDA, internal confidential files and so on.\n”, “discovered”: “2026-04-15 13:29:47.906509”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Q0lSIFJlYWx0eUBha2lyYQ==”, “victim”: “CIR Realty” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2026-04-15 00:00:00.000000”, “claim_url”: “”, “country”: “US”, “description”: “Truckload Carriers Association is a national trade association fo\ncused on the truckload segment of the motor carrier industry.\n\nWe will upload 21gb of corporate data soon. Personal data of empl\noyees, detailed financials, contracts and agreements, customer an\nd partner files, projects, etc.\n”, “discovered”: “2026-04-15 14:58:22.388124”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/VHJ1Y2tsb2FkIENhcnJpZXJzIEFzc29jaWF0aW9uQGFraXJh”, “victim”: “Truckload Carriers Association” }, { “activity”: “Technology”, “attackdate”: “2026-04-15 00:00:00.000000”, “claim_url”: “”, “country”: “IL”, “description”: “Status: STATUS: NEGOTIATING | Sector: property management | internal projects, 4 million sent\/received mails with attachments, userbase, Airbnb and booking.com data stolen from guesty DATA SIZE: 700GB | Deadline: 9d 8h”, “discovered”: “2026-04-15 19:08:31.637742”, “domain”: “www.guesty.com”, “duplicates”: [], “extrainfos”: [], “group”: “vect”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Z3Vlc3R5LCBMSVRFTExNL1RSSVZZIENBTVBBSUdOIChURUFNUENQKUB2ZWN0”, “victim”: “guesty, LITELLM\/TRIVY CAMPAIGN (TEAMPCP)” }, { “activity”: “Healthcare”, “attackdate”: “2026-04-15 00:00:00.000000”, “claim_url”: “”, “country”: “AU”, “description”: “FriendlyCare Pharmacy offers a wide range of health and beauty products, including cosmetics, skincare, personal care, and medical devices. Their services cater to various health needs such as asthma care, diabetes management, and first aid supplies. The pharmacy targets a diverse clientele, including individuals seeking general health products, beauty enthusiasts, and families in need of baby care items. With multiple store locations and a commitment to customer satisfaction, they provide a price match guarantee and free shipping on orders over $99.”, “discovered”: “2026-04-15 20:47:05.756189”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “kairos”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/RnJpZW5kbHlDYXJlIFBoYXJtYWN5QGthaXJvcw==”, “victim”: “FriendlyCare Pharmacy” }, { “activity”: “Technology”, “attackdate”: “2026-04-14 21:35:12.050841”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/idera”, “country”: “”, “description”: “[AI generated] Flash Charm Inc is a software company associated with Idera, Inc., a US-based technology firm headquartered in Houston, Texas. Idera develops and provides database management, developer tools, and test management software solutions. Its products support database administrators and developers across multiple platforms. Flash Charm Inc appears to operate as a subsidiary or affiliated entity within Idera’s broader portfolio of software brands serving enterprise IT markets.”, “discovered”: “2026-04-14 21:35:28.542754”, “domain”: “idera.com”, “duplicates”: [], “extrainfos”: [], “group”: “coinbasecartel”, “infostealer”: { “employees”: 2, “employees_url”: 2, “infostealer_stats”: { “Azorult”: 9, “Generic Stealer”: 36, “Lumma”: 31, “Mystic”: 1, “Raccoon”: 20, “RedLine”: 49, “StealC”: 8, “UNKNOWN”: 2, “Vidar”: 3 }, “thirdparties”: 21, “thirdparties_domain”: 14, “update”: “2026-04-14 21:34:54”, “users”: 169, “users_url”: 17 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/c93fda85c7c5dc293ca79a2d2f110e48.png”, “url”: “https:\/\/www.ransomware.live\/id\/Rmxhc2ggQ2hhcm0gSU5DIC0gKElERVJBKUBjb2luYmFzZWNhcnRlbA==”, “victim”: “Flash Charm INC – (IDERA)” }, { “activity”: “Manufacturing”, “attackdate”: “2026-04-14 20:23:04.560485”, “claim_url”: “http:\/\/lamashtux5j74mcm7lwwgn5yrvuwtrpxjoyendif3v3hrztjesfoyayd.onion\/post\/8da3233a0fc6f66616e5d6042c2ae0a8”, “country”: “QC”, “description”: “Pi\u00e8ces d’Auto Lacroix is a Canadian company specializing in the retail distribution of automotive parts and accessories across several locations in Quebec.”, “discovered”: “2026-04-14 20:23:16.768843”, “domain”: “palacroix.com”, “duplicates”: [], “extrainfos”: [], “group”: “lamashtu”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 20:22:45”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/61096aa45a12bd14564ea5f1d6be375e.png”, “url”: “https:\/\/www.ransomware.live\/id\/TEFDUk9JWEBsYW1hc2h0dQ==”, “victim”: “LACROIX” }, { “activity”: “Technology”, “attackdate”: “2026-04-14 20:21:55.235455”, “claim_url”: “http:\/\/krybitqsdzwmhnitvwuhvsntfgf2wrhxveyxroxpc44c6gkft2cqldyd.onion\/blog\/65dc321e50f74c6fd042423cf707e16ef0ff3b265b0049db4d6c17249dbfb76a\/”, “country”: “”, “description”: “Next time, don’t play with the big boys.\n\nThe response will be fast….”, “discovered”: “2026-04-14 20:22:16.615122”, “domain”: “Hacked 0APT”, “duplicates”: [], “extrainfos”: [], “group”: “krybit”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/ef61e6c8e8f26a51d5d21d365046bdf0.png”, “url”: “https:\/\/www.ransomware.live\/id\/SGFja2VkIDBBUFRAa3J5Yml0”, “victim”: “Hacked 0APT” }, { “activity”: “Healthcare”, “attackdate”: “2026-04-14 20:06:02.389513”, “claim_url”: “http:\/\/m3ksukzn2glzfdvlusohril7n3iyk4z4fudf6mm22lwhpbpt5aiee5qd.onion#Gastroenterology%20%26%20Hepatology%20of%20CNY”, “country”: “NY”, “description”: “Website: gandhofcny.com\nZoominfo: https:\/\/www.zoominfo.com\/c\/gastroenterology–hepatology-of-cny-pc\/346091487\n\nData sample, whole internal data will be sold if they wouldn’t pay ransom.\n\nAlso Digestive Disease Center of CNY, LLC (ddcofcny.com)\n\nGI practice + AAAHC-accredited endoscopy center. Syracuse, New York, USA.\n\nFull database for sale \u2014 167,303 patients, 124,761 SSN, 49,798 with sensitive diagnoses:\n- 167,303 patients \u2014 124,761 with SSN, 166,402 (99%) with address, 164,296 (98%) with phone, 85,318 (51%) with email\n- 1,093,863 diagnoses (ICD-10), 1,547,142 medications, 186,246 pathology specimens with narrative reports\n- Sensitive (dx + meds): 49,798 patients \u2014 44,861 with SSN. Mental health: 43,902 | Substance\/Alcohol: 5,111 | STIs: 2,779 | Cancer: 2,708 | Hepatitis C: 1,906\n- Includes notable individuals (politicians, businesspeople, public figures)”, “discovered”: “2026-04-14 20:06:20.603210”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “exitium”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/7edcdddf77066328a0e943248e0931db.png”, “url”: “https:\/\/www.ransomware.live\/id\/R2FzdHJvZW50ZXJvbG9neSAmIEhlcGF0b2xvZ3kgb2YgQ05ZQGV4aXRpdW0=”, “victim”: “Gastroenterology & Hepatology of CNY” }, { “activity”: “Consumer Services”, “attackdate”: “2026-04-14 16:49:47.922835”, “claim_url”: “http:\/\/hptqq2o2qjva7lcaaq67w36jihzivkaitkexorauw7b2yul2z6zozpqd.onion\/post\/KGan5zh1NKkLgZjJkdq5jUzLeUfvSO0x”, “country”: “US”, “description”: “It offers refrigerators, freezers, wall ovens, washers, and electric ranges.”, “discovered”: “2026-04-14 16:50:03.110859”, “domain”: “www.coastappliances.com”, “duplicates”: [], “extrainfos”: { “data_size”: “250 GB” }, “group”: “chaos”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/08391e1f6c80c6ab67f20f65ce9c773d.png”, “url”: “https:\/\/www.ransomware.live\/id\/Y29hc3RhcHBsaWFuY2VzLmNvbUBjaGFvcw==”, “victim”: “coastappliances.com” }, { “activity”: “Business Services”, “attackdate”: “2026-04-14 16:49:10.776768”, “claim_url”: “http:\/\/hptqq2o2qjva7lcaaq67w36jihzivkaitkexorauw7b2yul2z6zozpqd.onion\/post\/GhKwrjbUfSi9CAxsiPlUSnOSeYeK6DWP”, “country”: “DE”, “description”: “Founded in 1983, ITC Construction Group is a Commercial and Residential Construction company that specializes in residential high rises, mixed-use developments, and select commercial projects.”, “discovered”: “2026-04-14 16:49:25.694144”, “domain”: “www.itc-group.com”, “duplicates”: [], “extrainfos”: { “data_size”: “150 GB” }, “group”: “chaos”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/4fa1d4c4a0730b30b2c309753dbf468c.png”, “url”: “https:\/\/www.ransomware.live\/id\/aXRjLWdyb3VwLmNvbUBjaGFvcw==”, “victim”: “itc-group.com” }, { “activity”: “Not Found”, “attackdate”: “2026-04-14 16:11:36.283772”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=698b5229-4f01-4707-a64c-0dc5b42b9a5f”, “country”: “”, “description”: “Capnor specializes in laser scanning, engineering, and 3D data management services, offering a comprehensive range of solutions including design engineering, reverse engineering, and dimensional control. Their services cater to various industries such as oil and gas, marine, chemical, power, pulp and paper, automotive, steel, and food. Capnor utilizes advanced technologies like drone inspections and 3D modeling to enhance project efficiency and accuracy. The company is dedicated to providing innovative solutions that improve project lifecycle phases and ensure quality and safety”, “discovered”: “2026-04-14 16:55:03.604678”, “domain”: “applycapnor.com”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 16:54:03”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/8c92bae7ed64d9807521bb2e5bc7bfa8.png”, “url”: “https:\/\/www.ransomware.live\/id\/QXBwbHkgQ2Fwbm9yQGRyYWdvbmZvcmNl”, “victim”: “Apply Capnor” }, { “activity”: “Business Services”, “attackdate”: “2026-04-14 14:35:59.214152”, “claim_url”: “http:\/\/krybitxdpxohsmjooeb3gbgpmdddreh6mnflzac6bnezz74b7yje67yd.onion\/blog\/404e2516d4022752f93dc9844fb4712339199312accc129b66a85bcb379cda09\/”, “country”: “MX”, “description”: “Asesor\u00eda Uriel is a consultancy and management firm located in Soria, specialized in providing services to individuals,…”, “discovered”: “2026-04-14 14:36:17.957505”, “domain”: “asesoriauriel.com”, “duplicates”: [], “extrainfos”: [], “group”: “krybit”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 14:35:39”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/09891d1582ec3b8a2b83f8d8a14f2d99.png”, “url”: “https:\/\/www.ransomware.live\/id\/YXNlc29yaWF1cmllbC5jb21Aa3J5Yml0”, “victim”: “asesoriauriel.com” }, { “activity”: “Consumer Services”, “attackdate”: “2026-04-14 14:35:22.873711”, “claim_url”: “http:\/\/krybitxdpxohsmjooeb3gbgpmdddreh6mnflzac6bnezz74b7yje67yd.onion\/blog\/7e4d2cc0b26635dfe620f21d6729f4cd122f8f73c1a95c65bf38693f4a6f0751\/”, “country”: “TH”, “description”: “Unipest Company Limited specializes in pest control services, including the elimination of termites, ants, cockroaches, …”, “discovered”: “2026-04-14 14:35:36.737239”, “domain”: “unipest.co.th”, “duplicates”: [], “extrainfos”: [], “group”: “krybit”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 14:35:03”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/d97d64c5f7d963ffefd5758c9d0f6303.png”, “url”: “https:\/\/www.ransomware.live\/id\/dW5pcGVzdC5jby50aEBrcnliaXQ=”, “victim”: “unipest.co.th” }, { “activity”: “Not Found”, “attackdate”: “2026-04-14 14:34:42.039589”, “claim_url”: “http:\/\/krybitxdpxohsmjooeb3gbgpmdddreh6mnflzac6bnezz74b7yje67yd.onion\/blog\/bc5723b509285febe34720381141a5509f50a50f44f48f250c899b37ff117b41\/”, “country”: “TR”, “description”: “Palladium Teknoloji ve M\u00fchendislik Ltd. \u015eti. is a private Turkish company operating in the field of industrial enginee…”, “discovered”: “2026-04-14 14:34:57.010238”, “domain”: “palladium.gen.tr”, “duplicates”: [], “extrainfos”: [], “group”: “krybit”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 14:34:22”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/100733e76c12ea93179255bb6389c770.png”, “url”: “https:\/\/www.ransomware.live\/id\/cGFsbGFkaXVtLmdlbi50ckBrcnliaXQ=”, “victim”: “palladium.gen.tr” }, { “activity”: “Business Services”, “attackdate”: “2026-04-14 14:34:05.666240”, “claim_url”: “http:\/\/krybitxdpxohsmjooeb3gbgpmdddreh6mnflzac6bnezz74b7yje67yd.onion\/blog\/59817f58a05bc6e9720a72bfca2c7857539f7a9ee0e56f52b937752d26bde155\/”, “country”: “BR”, “description”: “SECRAN Group is a trusted partner with over 40 years of experience, focusing on providing a comprehensive portfolio of b…”, “discovered”: “2026-04-14 14:34:18.238952”, “domain”: “secran.com.br”, “duplicates”: [], “extrainfos”: [], “group”: “krybit”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 14:33:46”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/79f236929259d7e24fdde9343dc6455f.png”, “url”: “https:\/\/www.ransomware.live\/id\/c2VjcmFuLmNvbS5ickBrcnliaXQ=”, “victim”: “secran.com.br” }, { “activity”: “Not Found”, “attackdate”: “2026-04-14 14:33:29.481639”, “claim_url”: “http:\/\/krybitxdpxohsmjooeb3gbgpmdddreh6mnflzac6bnezz74b7yje67yd.onion\/blog\/9f0cdb3a132b8c6cbd7e2edace269a145da2fcb8ee744931c4e7bdf61180bcd2\/”, “country”: “”, “description”: “We apologize for this data leak, but it did not affect our operations. The error was in the server settings; the phpMyAd…”, “discovered”: “2026-04-14 14:33:42.878765”, “domain”: “Some 0APT false claims”, “duplicates”: [], “extrainfos”: [], “group”: “krybit”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/9b369163af6edf043b131b5ff43ef48e.png”, “url”: “https:\/\/www.ransomware.live\/id\/U29tZSAwQVBUIGZhbHNlIGNsYWltc0BrcnliaXQ=”, “victim”: “Some 0APT false claims” }, { “activity”: “Business Services”, “attackdate”: “2026-04-14 13:09:57.393546”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=407fd775-a942-4759-ab2b-ddd81b5932cc”, “country”: “US”, “description”: “The Talsi Regional Chamber of Commerce is committed to serving as a leading business-oriented organization and improving the quality of life in the community by fostering regional economic prosperity.”, “discovered”: “2026-04-14 14:14:08.799109”, “domain”: “www.tulsachamber.com”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/dHVsc2FjaGFtYmVyLmNvbUBkcmFnb25mb3JjZQ==”, “victim”: “tulsachamber.com” }, { “activity”: “Construction”, “attackdate”: “2026-04-14 13:02:34.322991”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=fcfc9d37-cabe-44dd-9c33-ba7ccd1e7f4d”, “country”: “”, “description”: “Breslin Builders is a general contractor specializing in design and construction, based in Las Vegas, Nevada, and serving the Las Vegas Valley and Southern Nevada since 1980.\nThe company specializes in a wide range of commercial construction services, including pre-development, design, and construction, as well as construction management for various types of projects, such as apartment buildings, retail spaces, and hotel complexes.”, “discovered”: “2026-04-14 14:15:32.964223”, “domain”: “breslinbuilders.com”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 14:14:11”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/YnJlc2xpbmJ1aWxkZXJzLmNvbUBkcmFnb25mb3JjZQ==”, “victim”: “breslinbuilders.com” }, { “activity”: “Not Found”, “attackdate”: “2026-04-14 12:54:52.316069”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=f0a6c94f-b964-4b83-a15c-63c8f17955ff”, “country”: “”, “description”: ” Jacmel Enterprise Inc. offers a wide range of IT services, including Microsoft Dynamics solutions, project services such as data cabling and server configuration, as well as cloud services using Microsoft Office 365.”, “discovered”: “2026-04-14 12:57:40.844193”, “domain”: “je-nyc.com”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 12:56:16”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a216f12c2aa5979655e03a73f05bf378.png”, “url”: “https:\/\/www.ransomware.live\/id\/amUtbnljLmNvbUBkcmFnb25mb3JjZQ==”, “victim”: “je-nyc.com” }, { “activity”: “Manufacturing”, “attackdate”: “2026-04-14 12:50:50.449496”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=814f56ab-0d7f-473f-abad-b239deb9abcd”, “country”: “GB”, “description”: “Preproduction Plastics Inc. is a company specializing in structural foam injection molding and gas-assisted injection molding.”, “discovered”: “2026-04-14 12:59:01.387593”, “domain”: “www.ppiplastics.com”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/0243d7ae930ed5186e5a4fab60ee1e8b.png”, “url”: “https:\/\/www.ransomware.live\/id\/cHBpcGxhc3RpY3MuY29tQGRyYWdvbmZvcmNl”, “victim”: “ppiplastics.com” }, { “activity”: “Business Services”, “attackdate”: “2026-04-14 12:47:20.655414”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=abf898a3-5883-4657-a4f0-a336b44a231e”, “country”: “BR”, “description”: “Nova Fire Protection Inc. specializes in sprinkler fire suppression systems, \noffering design, installation, repair, inspection, and testing services to homeowners and \nbusinesses in the Chicago area. Their team is ready to tackle projects of any scale, from residential homes to large \ncommercial buildings, providing comprehensive fire safety solutions. The company also provides \n24\/7 emergency services and system upgrades to maintain their effectiveness. With years of experience \nin the region, Nova Fire Protection is committed to protecting lives and property across various communities. “, “discovered”: “2026-04-14 13:00:37.396562”, “domain”: “novafp.com”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 12:59:06”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f17b7e53a2c08ce9d193f5b79376f9e9.png”, “url”: “https:\/\/www.ransomware.live\/id\/bm92YWZwLmNvbUBkcmFnb25mb3JjZQ==”, “victim”: “novafp.com” }, { “activity”: “Technology”, “attackdate”: “2026-04-14 12:42:39.130424”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=83b95c5a-633b-4f5d-9309-8aa68a611bcf”, “country”: “US”, “description”: “Advanced Programs, Incorporated (API) specializes in providing secure, high-quality integrated \nsystem solutions designed specifically for government and industrial clients, particularly in the fields of intelligence, defense, and foreign policy. \nThe product portfolio includes TEMPEST-certified computers, networking equipment, and secure communication devices that \nmeet stringent security standards. API retrofits existing products from leading manufacturers and develops new \ndesigns to ensure reliability in high-risk environments. The company\u2019s typical customers are program management offices \nresponsible for deploying and maintaining secure IT solutions in remote locations.”, “discovered”: “2026-04-14 13:02:19.162882”, “domain”: “advprograms.com”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 13:00:45”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/7ba901e86e95ffbf6ccb47b6fd1f6a3c.png”, “url”: “https:\/\/www.ransomware.live\/id\/YWR2cHJvZ3JhbXMuY29tQGRyYWdvbmZvcmNl”, “victim”: “advprograms.com” }, { “activity”: “Business Services”, “attackdate”: “2026-04-14 12:34:15.504885”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=9b6e3e04-9791-4e93-ad79-beb5974076ce”, “country”: “US”, “description”: “IMA Design Group, Inc. specializes in master planning, development services, and landscape architecture, with a particular focus on creating exceptional spaces for its clients. \nThe company is distinguished by its unique artistic approach and strives to ensure maximum cost-effectiveness in its projects. \nThe company\u2019s portfolio includes a wide range of projects\u2014from affordable and student housing to commercial spaces\u2014located both in California and beyond.\nThe company strives to help clients create socially oriented environments that harmoniously blend recreational elements with modern technology.”, “discovered”: “2026-04-14 13:03:56.286063”, “domain”: “imadesign.com”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 13:02:22”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/5d53f46fa94e9ede4b33ae515a5b6640.png”, “url”: “https:\/\/www.ransomware.live\/id\/aW1hZGVzaWduLmNvbUBkcmFnb25mb3JjZQ==”, “victim”: “imadesign.com” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2026-04-14 12:29:46.794975”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=8db5a061-8ab7-446a-9c8e-c00b77adf62c”, “country”: “CA”, “description”: “Tremcar Drummond Inc. manufactures and designs high-quality textile machinery and equipment. The company was founded in 1962”, “discovered”: “2026-04-14 13:05:06.722049”, “domain”: “www.tremcar.com”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/43fd2f2dc78bd2ddbb6e5e6ecda65b91.png”, “url”: “https:\/\/www.ransomware.live\/id\/dHJlbWNhci5jb21AZHJhZ29uZm9yY2U=”, “victim”: “tremcar.com” }, { “activity”: “Business Services”, “attackdate”: “2026-04-14 12:23:04.475669”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=c47d2fb2-1f75-422f-ba73-d89a787826a3”, “country”: “”, “description”: “Gloyer-Taylor Laboratories, Inc. (GTL) is a high-tech company specializing in providing revolutionary technologies for the aerospace industry. Its product portfolio includes advanced composite cryogenic tanks, propulsion systems, as well as aerospace system design and analysis services. GTL serves customers in the aerospace sector, with a particular focus on innovative solutions for launch vehicles and high-temperature structures. The company also collaborates with organizations such as NASA to develop cutting-edge technologies for space exploration.”, “discovered”: “2026-04-14 13:06:15.741556”, “domain”: “gtlcompany.com”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 13:05:09”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/22250f916ec06ac97d48b1f5d74a0b94.png”, “url”: “https:\/\/www.ransomware.live\/id\/Z3RsY29tcGFueS5jb21AZHJhZ29uZm9yY2U=”, “victim”: “gtlcompany.com” }, { “activity”: “Business Services”, “attackdate”: “2026-04-14 12:18:40.401174”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=c64d7c32-4781-4cb0-9415-08581b25281d”, “country”: “US”, “description”: “Graphic Information Systems Inc. specializes in the custom production of barcode labels, product number\/identification labels, and warehouse signage, serving businesses \nthat require inventory management solutions. They also offer a wide range of promotional products and apparel to enhance a company\u2019s brand recognition. Their services include the installation of warehouse labels and signs, as well as design services. Based in Cincinnati, Ohio, GIS strives to provide high-quality, affordable products to improve warehouse operations and marketing efforts.”, “discovered”: “2026-04-14 13:07:39.538933”, “domain”: “graphicinfo.com”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 13:06:18”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/47b307b0fd2c25f418a479c81bd7e176.png”, “url”: “https:\/\/www.ransomware.live\/id\/Z3JhcGhpY2luZm8uY29tQGRyYWdvbmZvcmNl”, “victim”: “graphicinfo.com” }, { “activity”: “Consumer Services”, “attackdate”: “2026-04-14 12:11:36.225526”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=04a980e8-5299-465c-bf27-621fa02e8daf”, “country”: “”, “description”: “Million Dollar Baby Co. was founded in 1990 and is a proudly family-owned business based in Los Angeles. Since then, MDB has grown to include seven distinct children\u2019s furniture brands, each with its own style, aesthetic, and price point, while offering some of the most eco-friendly and award-winning designs in the industry. Our products are available at retailers such as Target and Amazon, as well as specialty stores like Pottery Barn Kids and Crate & Barrel. The parent company, Million Dollar Baby Co., includes our brands: Babyletto, daVinci, Nursery Works, and Namesake.\n”, “discovered”: “2026-04-14 13:09:08.388230”, “domain”: “milliondollarbabyco.com”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “RedLine”: 1 }, “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 13:07:42”, “users”: 1, “users_url”: 1 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/cfc0717cca9d39e59dbfba59d676763f.png”, “url”: “https:\/\/www.ransomware.live\/id\/bWlsbGlvbmRvbGxhcmJhYnljby5jb21AZHJhZ29uZm9yY2U=”, “victim”: “milliondollarbabyco.com” }, { “activity”: “Manufacturing”, “attackdate”: “2026-04-14 12:03:27.023497”, “claim_url”: “http:\/\/lamashtux5j74mcm7lwwgn5yrvuwtrpxjoyendif3v3hrztjesfoyayd.onion\/post\/f38d9c6b2ab7f32218aaad1f043b0180”, “country”: “”, “description”: “Over 100 Years of Engineering. Now Pioneering the Future of Sustainable Cleaning.\r\nFrom mechanical pool cleaners in the 1920s to submerged, no drain robotic\r\nsystems used across 40+ countries. “, “discovered”: “2026-04-14 12:03:39.011803”, “domain”: “wedarobotics.com”, “duplicates”: [], “extrainfos”: [], “group”: “lamashtu”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 12:03:07”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/6da3081507d55dd615d34ccf4ca6092a.png”, “url”: “https:\/\/www.ransomware.live\/id\/V0VEQSBST0JPVElDU0BsYW1hc2h0dQ==”, “victim”: “WEDA ROBOTICS” }, { “activity”: “Healthcare”, “attackdate”: “2026-04-14 10:29:27.779093”, “claim_url”: “”, “country”: “”, “description”: “psychplus.com zoominfo.com\/c\/psychplus\/1319245304 PsychPlus is a Houston-based mental health company founded in 2019\u20132020, offering virtual and in-person care via licensed psychiatrists and therapists. It focuses on accessibility by accepting 99% of commercial insurances (including Medicare\/Medicaid), providing same\/next-day appointments, and enabling 24\/7 online booking through its app and EHR platform, with over 200 providers and plans to expand into 20 new U.S. markets in 2025”, “discovered”: “2026-04-14 10:29:29.164216”, “domain”: “psychplus.com”, “duplicates”: [], “extrainfos”: [], “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:29:08”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/UHN5Y2hQbHVzQHRoZWdlbnRsZW1lbg==”, “victim”: “PsychPlus” }, { “activity”: “Manufacturing”, “attackdate”: “2026-04-14 10:29:04.196929”, “claim_url”: “”, “country”: “GB”, “description”: “ukelectronics.co.uk zoominfo.com\/c\/uk-electronics-ltd\/51921022 UK Electronics specializes in the manufacture of high-quality electronic assemblies, offering a comprehensive range of services including PCB assembly, mechanical assembly, and testing. With over 40 years of experience, they provide full turnkey solutions from concept to manufacture, catering to various industries such as military, aviation, medical, and manufacturing”, “discovered”: “2026-04-14 10:29:05.365808”, “domain”: “ukelectronics.co.uk”, “duplicates”: [], “extrainfos”: [], “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:28:44”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/VUsgRWxlY3Ryb25pY3NAdGhlZ2VudGxlbWVu”, “victim”: “UK Electronics” }, { “activity”: “Construction”, “attackdate”: “2026-04-14 00:00:00.000000”, “claim_url”: “”, “country”: “”, “description”: “R. L. Larson Excavating Inc., is an excavating contractor based i\nn St. Cloud, MN. \n\nWe will upload 30gb of corporate data soon. Personal data of empl\noyees (DLs, w9 forms and others), financials, drawings and specif\nications, contracts and agreements, projects, and so on.\n”, “discovered”: “2026-04-14 12:49:30.564332”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/UiBMIExhcnNvbiBFeGNhdmF0aW5nQGFraXJh”, “victim”: “R L Larson Excavating” }, { “activity”: “Consumer Services”, “attackdate”: “2026-04-14 00:00:00.000000”, “claim_url”: “”, “country”: “US”, “description”: “ServiceMaster Services, Inc. is a privately owned and operated co\nmmercial contract cleaning company. Founded in 1974, ServiceMaste\nr specializes on servicing office buildings and other large facil\nities. It is headquartered in Memphis, Tennessee.\n\nWe will upload corporate data soon. Personal data of employees (p\nassports, 20 DLs, SSNs and others), financials, contracts and ag\nreements, client files, and so on.\n”, “discovered”: “2026-04-14 14:07:30.140920”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/U2VydmljZU1hc3RlciBDbGVhbiBzZXJ2aWNlc0Bha2lyYQ==”, “victim”: “ServiceMaster Clean services” }, { “activity”: “Agriculture and Food Production”, “attackdate”: “2026-04-14 00:00:00.000000”, “claim_url”: “”, “country”: “QC”, “description”: “La Tuilerie is your local home renovation shop that helps homeown\ners and contractors find the perfect ceramic tiles, mosaics, and \nflooring. They focus on giving customers high-quality materials w\nith great personal service.\n\nWe will upload 11gb of corporate data soon. Personal data of empl\noyees, financials, contracts and agreements, lots of client files\n, projects, etc.\n”, “discovered”: “2026-04-14 15:35:15.460685”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TGEgVHVpbGVyaWVAYWtpcmE=”, “victim”: “La Tuilerie” }, { “activity”: “Not Found”, “attackdate”: “2026-04-14 00:00:00.000000”, “claim_url”: “”, “country”: “IT”, “description”: “CSA S.p.A. is a company that provides a broad range of quality pr\noducts and services tailored to the shipping industry, emphasizin\ng safety and customer satisfaction. Their offerings include ship \nservices, liner agency, and logistics, all designed to meet the h\nighest international standards.\n\nWe will upload 10gb of corporate data soon. Personal data of empl\noyees, financials, contracts and agreements, client files, and a \nlot of other internal files.\n”, “discovered”: “2026-04-14 15:35:18.487464”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Q1NBIFNwQUBha2lyYQ==”, “victim”: “CSA SpA” }, { “activity”: “Manufacturing”, “attackdate”: “2026-04-14 00:00:00.000000”, “claim_url”: “”, “country”: “AR”, “description”: “Indesmalla is a family business with two production plants, one w\nith raschel machines and the other with Ketten machines. It produ\nces knitted weft (circular) fabric and knitted and finished weft \nfabrics in different weights, draws and elasticity.\n\nWe will upload corporate data soon. Personal data of employees, f\ninancials, contracts and agreements, lots of client files, projec\nts, NDA, internal confidential files and so on.\n”, “discovered”: “2026-04-15 12:03:39.340762”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/SU5ERVNNQUxMQUBha2lyYQ==”, “victim”: “INDESMALLA” }, { “activity”: “Healthcare”, “attackdate”: “2026-04-13 09:27:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/fe10588cc70183ad263865cacfe96b96”, “country”: “US”, “description”: “Located inside the Med-Surg Complex; Decatur Diagnostic Lab is a privately owned lab servicing the D…”, “discovered”: “2026-04-14 10:45:18.576840”, “domain”: “decaturdiagnosticlab.net”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:44:42”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/b76cbe8ffc72cdeabe8131601f693dc2.png”, “url”: “https:\/\/www.ransomware.live\/id\/ZGVjYXR1cmRpYWdub3N0aWNsYWIubmV0QGxvY2tiaXQ1”, “victim”: “decaturdiagnosticlab.net” }, { “activity”: “Not Found”, “attackdate”: “2026-04-13 08:20:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/4fa8270015958266c4c3f6866f6f46d7”, “country”: “DO”, “description”: “ABOUT THE GROUP Somos un grupo empresarial con m\u00e1s de 60 a\u00f1os de experiencia, sirviendo con entusia…”, “discovered”: “2026-04-14 10:45:52.988194”, “domain”: “marti.do”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:45:21”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/2e529401316f3dcbb9da0c18c2da39de.png”, “url”: “https:\/\/www.ransomware.live\/id\/bWFydGkuZG9AbG9ja2JpdDU=”, “victim”: “marti.do” }, { “activity”: “Healthcare”, “attackdate”: “2026-04-13 08:14:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/9f98bc6c2e7cb045ef87df9ceb43ee19”, “country”: “MX”, “description”: “N\u00facleo de Diagn\u00f3stico N\u00facleo de Diagn\u00f3stico es un laboratorio de an\u00e1lisis cl\u00ednicos ubicado en Guada…”, “discovered”: “2026-04-14 10:46:27.234995”, “domain”: “nucleodediagnostico.mx”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:45:56”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/0da6b8782e42ae8aae5b8109b2b244d1.png”, “url”: “https:\/\/www.ransomware.live\/id\/bnVjbGVvZGVkaWFnbm9zdGljby5teEBsb2NrYml0NQ==”, “victim”: “nucleodediagnostico.mx” }, { “activity”: “Manufacturing”, “attackdate”: “2026-04-11 07:59:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/ab4e5c1cd83cb07eaafdb3ef43f58558”, “country”: “ES”, “description”: “Cegasa is a leading European company specializing in innovative energy solutions, particularly lithi…”, “discovered”: “2026-04-14 10:47:01.501211”, “domain”: “cegasa.com”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:46:30”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/b74aa225d4be30e15b2acbee8bf66653.png”, “url”: “https:\/\/www.ransomware.live\/id\/Y2VnYXNhLmNvbUBsb2NrYml0NQ==”, “victim”: “cegasa.com” }, { “activity”: “Financial Services”, “attackdate”: “2026-04-09 05:31:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/8a65d62506b2d1b2570b3e894e71e15e”, “country”: “VE”, “description”: “Fondonorma is a Venezuelan certification company that helps businesses prove they meet quality and s…”, “discovered”: “2026-04-14 10:47:38.222473”, “domain”: “fondonorma.org.ve”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:47:07”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/e23ab30af5d88226c0624850d8463cdc.png”, “url”: “https:\/\/www.ransomware.live\/id\/Zm9uZG9ub3JtYS5vcmcudmVAbG9ja2JpdDU=”, “victim”: “fondonorma.org.ve” }, { “activity”: “Public Sector”, “attackdate”: “2026-04-09 05:28:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/bbaac87b25aaf8c1f764b7fca126c0dc”, “country”: “PE”, “description”: “La Comunidad Andina (CAN) es un organismo internacional de integraci\u00f3n subregional fundado el 26 de…”, “discovered”: “2026-04-14 10:48:12.060390”, “domain”: “comunidadandina.org”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:47:41”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/047fd173dd3b397ac05ac4e7d029730f.png”, “url”: “https:\/\/www.ransomware.live\/id\/Y29tdW5pZGFkYW5kaW5hLm9yZ0Bsb2NrYml0NQ==”, “victim”: “comunidadandina.org” }, { “activity”: “Not Found”, “attackdate”: “2026-04-06 23:30:17.529000”, “claim_url”: “http:\/\/lynxchatly4zludmhmi75jrwhycnoqvkxb4prohxmyzf4euf5gjxroad.onion\/leaks\/69d442099c439c5f45f25fd7”, “country”: “”, “description”: “Stonehenge Co Ltd is a company that operates in the Commercial & Residential Construction industry. It employs 250to499 people and has 10Mto25M of revenue. The company is headquartered in Phra Nakhon Si Ayutthaya, Phra Nakhon Si Ayutthaya, Thailand.”, “discovered”: “2026-04-14 19:07:29.994665”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “lynx”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/84641e3a7c0182f835d6bd17778165c1.png”, “url”: “https:\/\/www.ransomware.live\/id\/U3RvbmVoZW5nZUBseW54”, “victim”: “Stonehenge” }, { “activity”: “Technology”, “attackdate”: “2026-04-05 09:10:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/2e84bd195247a45faa74902578f2ef22”, “country”: “IT”, “description”: “WIBEATS is an independent Asset Management and Loans Service groups, highly specialised in the selec…”, “discovered”: “2026-04-14 10:48:46.017063”, “domain”: “wibeats.it”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:48:15”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/757d01d9fb9b9089b02d406cb52da002.png”, “url”: “https:\/\/www.ransomware.live\/id\/d2liZWF0cy5pdEBsb2NrYml0NQ==”, “victim”: “wibeats.it” }, { “activity”: “Agriculture and Food Production”, “attackdate”: “2026-04-05 07:53:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/5429d2c74d54ec6da98a470c2f48d1bd”, “country”: “JP”, “description”: “Earth Protect Co., Ltd Thinking about what we can do to protect and create tomorrow's global…”, “discovered”: “2026-04-14 10:49:19.857517”, “domain”: “earthprotect.co.jp”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:48:48”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/bf54b3729558afc17b57218eea3f99c4.png”, “url”: “https:\/\/www.ransomware.live\/id\/ZWFydGhwcm90ZWN0LmNvLmpwQGxvY2tiaXQ1”, “victim”: “earthprotect.co.jp” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2026-04-05 00:00:00.000000”, “claim_url”: “”, “country”: “MX”, “description”: “- Internal Documents- Employee Data”, “discovered”: “2026-04-14 17:35:51.993904”, “domain”: “www.dtroylogistics.com”, “duplicates”: [], “extrainfos”: { “data_size”: “360GB” }, “group”: “nightspire”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/RC1Ucm95IExvZ2lzdGljc0BuaWdodHNwaXJl”, “victim”: “D-Troy Logistics” }, { “activity”: “Manufacturing”, “attackdate”: “2026-04-03 15:59:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/87b1fcc2f27f800858ca030b21fef20e”, “country”: “HK”, “description”: “The Shun Hing Group (\u4fe1\u8208\u96c6\u5718) is a prominent Hong Kong-based conglomerate founded in 1953, primarily kn…”, “discovered”: “2026-04-14 10:49:56.236762”, “domain”: “shunhinggroup.com”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:49:25”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/b9171084939189aaadeecd7052dc2029.png”, “url”: “https:\/\/www.ransomware.live\/id\/c2h1bmhpbmdncm91cC5jb21AbG9ja2JpdDU=”, “victim”: “shunhinggroup.com” }, { “activity”: “Manufacturing”, “attackdate”: “2026-04-03 15:50:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/43b17c6157880975105f7ff8034b3661”, “country”: “RO”, “description”: “You are welcome in our offices across Central and Eastern Europe. With international presence since…”, “discovered”: “2026-04-14 10:50:31.307476”, “domain”: “aplast.ro”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:50:00”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/70630cfef09b14f14f74c22ecb7f9938.png”, “url”: “https:\/\/www.ransomware.live\/id\/YXBsYXN0LnJvQGxvY2tiaXQ1”, “victim”: “aplast.ro” }, { “activity”: “Not Found”, “attackdate”: “2026-04-03 14:07:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/c126309e63f127e42b053d663736428a”, “country”: “IT”, “description”: “Servizi all'avanguardia a Ravenna Nato nel 1992 dall'unione delle principali realt\u00e0 coope…”, “discovered”: “2026-04-14 10:51:04.876308”, “domain”: “seleniaravenna.it”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:50:34”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/530468df595411dde23fe051aa4cfb82.png”, “url”: “https:\/\/www.ransomware.live\/id\/c2VsZW5pYXJhdmVubmEuaXRAbG9ja2JpdDU=”, “victim”: “seleniaravenna.it” }, { “activity”: “Healthcare”, “attackdate”: “2026-04-03 14:04:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/66b50491d737d542be2708632f80942d”, “country”: “”, “description”: “Vitex Pharmaceuticals is Australia's leading contract manufacturer specializing in vitamins, mi…”, “discovered”: “2026-04-14 10:51:54.961450”, “domain”: “vitexpharma.com”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:51:23”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/36666e8657189395d88bbaa27231013e.png”, “url”: “https:\/\/www.ransomware.live\/id\/dml0ZXhwaGFybWEuY29tQGxvY2tiaXQ1”, “victim”: “vitexpharma.com” }, { “activity”: “Manufacturing”, “attackdate”: “2026-04-03 13:56:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/aaf3f2ed04d803c0befe664feec979a0”, “country”: “PT”, “description”: “Tal como o nosso vidro, somos transparentes, seguros e resistentes. Com mais de 30 anos na ind\u00fastri…”, “discovered”: “2026-04-14 10:52:29.123116”, “domain”: “vitropor.pt”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:51:58”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/cd3fdf8fb059c0ce3a6e8dc57e4beba5.png”, “url”: “https:\/\/www.ransomware.live\/id\/dml0cm9wb3IucHRAbG9ja2JpdDU=”, “victim”: “vitropor.pt” }, { “activity”: “Hospitality and Tourism”, “attackdate”: “2026-04-03 13:52:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/f4c3d7e351be8e2fc506c506fdfc043a”, “country”: “FR”, “description”: “Villa Romane, constructeur de maison \u00e0 Perpignan Fond\u00e9e en 1982, Villa Romane est une entreprise fa…”, “discovered”: “2026-04-14 10:53:02.728267”, “domain”: “villa-romane.fr”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:52:32”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/cafa09899623950617619e4e25532e50.png”, “url”: “https:\/\/www.ransomware.live\/id\/dmlsbGEtcm9tYW5lLmZyQGxvY2tiaXQ1”, “victim”: “villa-romane.fr” }, { “activity”: “Business Services”, “attackdate”: “2026-04-03 13:50:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/f3f85c6d129371a31960935069bb979d”, “country”: “IT”, “description”: “Agenzia Unipol Assicurazioni 39547 Prato – Pegasus srl Agenzia 39547 Prato R.U.I. N. A000671187- P….”, “discovered”: “2026-04-14 10:53:40.873422”, “domain”: “pegasussrl.com”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:53:10”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/ca745d9835d6202345125579eca7bdd4.png”, “url”: “https:\/\/www.ransomware.live\/id\/cGVnYXN1c3NybC5jb21AbG9ja2JpdDU=”, “victim”: “pegasussrl.com” }, { “activity”: “Not Found”, “attackdate”: “2026-04-03 13:35:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/4f0211de29729f02ae8e55657d820c2b”, “country”: “”, “description”: “Fond\u00e9e en 1954, l\u2019entreprise MEYZIE TP est sp\u00e9cialis\u00e9e dans les travaux de terrassements routiers et…”, “discovered”: “2026-04-14 10:54:16.244169”, “domain”: “meyzietp.com”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:53:44”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/0aa92ffd3330a775d87361569f621d40.png”, “url”: “https:\/\/www.ransomware.live\/id\/bWV5emlldHAuY29tQGxvY2tiaXQ1”, “victim”: “meyzietp.com” }, { “activity”: “Public Sector”, “attackdate”: “2026-04-03 13:28:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/13744344206ec4cb841cc232af093afd”, “country”: “CZ”, “description”: “Historie m\u011bsta Jemnice M\u011bsto Jemnice je spr\u00e1vn\u00edm, hospod\u00e1\u0159sk\u00fdm a kulturn\u00edm st\u0159ediskem kraje mezi Da…”, “discovered”: “2026-04-14 10:54:49.943553”, “domain”: “mesto-jemnice.cz”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:54:19”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/9ac6eeb86a158ea5e9b8d4f7379e0347.png”, “url”: “https:\/\/www.ransomware.live\/id\/bWVzdG8tamVtbmljZS5jekBsb2NrYml0NQ==”, “victim”: “mesto-jemnice.cz” }, { “activity”: “Manufacturing”, “attackdate”: “2026-04-03 13:07:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/8aa129dcac8ee270dd2de768be2b8a56”, “country”: “US”, “description”: “Douglass Truck Bodies specializes in the manufacturing and design of standard and custom truck bodie…”, “discovered”: “2026-04-14 10:55:27.359773”, “domain”: “douglasstruckbodies.com”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:54:55”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/57a7483bd18155177c44f5f68ee82f89.png”, “url”: “https:\/\/www.ransomware.live\/id\/ZG91Z2xhc3N0cnVja2JvZGllcy5jb21AbG9ja2JpdDU=”, “victim”: “douglasstruckbodies.com” }, { “activity”: “Agriculture and Food Production”, “attackdate”: “2026-04-03 13:06:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/c1bde493c2d5b49db7824ae746389c1c”, “country”: “AT”, “description”: “Verwaltung Unter dem Motto \”Weg vom Kostenumleger und hin zum Dienstleister\” hat sich die Gesch\u00e4fts…”, “discovered”: “2026-04-14 10:56:06.631874”, “domain”: “awvgrazerfeld.at”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:55:33”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f9f756478bd5da5652ff1ce4214cb680.png”, “url”: “https:\/\/www.ransomware.live\/id\/YXd2Z3JhemVyZmVsZC5hdEBsb2NrYml0NQ==”, “victim”: “awvgrazerfeld.at” }, { “activity”: “Not Found”, “attackdate”: “2026-04-03 13:00:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/179df44036efeb7da32c0002ccd9dfc3”, “country”: “IT”, “description”: “Il consorzio CON.TR.AR. nasce nel 1985 dall\u2019aggregazione di alcuni padroncini artigiani che sentiron…”, “discovered”: “2026-04-14 10:56:40.417606”, “domain”: “contrar.it”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:56:09”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/67b7398747497bff231d8554d7cdd6cb.png”, “url”: “https:\/\/www.ransomware.live\/id\/Y29udHJhci5pdEBsb2NrYml0NQ==”, “victim”: “contrar.it” }, { “activity”: “Not Found”, “attackdate”: “2026-04-03 12:53:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/ce887ccfa0dd84e59ec8341d9f040e4e”, “country”: “CZ”, “description”: “Z\u00e1kladn\u00ed \u0161kola a Mate\u0159sk\u00e1 \u0161kola F. Hrub\u00edna Hav\u00ed\u0159ov-Podles\u00ed”, “discovered”: “2026-04-14 10:57:14.214582”, “domain”: “zsfh.cz”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:56:43”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/8119b3d7c4e6692cb43f57ce839fe751.png”, “url”: “https:\/\/www.ransomware.live\/id\/enNmaC5jekBsb2NrYml0NQ==”, “victim”: “zsfh.cz” }, { “activity”: “Manufacturing”, “attackdate”: “2026-04-03 12:50:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/86f78122ae31c73d46ef258497fa6477”, “country”: “IT”, “description”: “Wineuropa is a web agency based in Arezzo that specializes in web marketing, SEO services, and websi…”, “discovered”: “2026-04-14 10:57:49.555552”, “domain”: “milanocavi.com”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:57:18”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f42f366c9432ed1e8264bfee96ec0466.png”, “url”: “https:\/\/www.ransomware.live\/id\/bWlsYW5vY2F2aS5jb21AbG9ja2JpdDU=”, “victim”: “milanocavi.com” }, { “activity”: “Not Found”, “attackdate”: “2026-04-03 12:45:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/a9c9feec1a75387b9f56b655bb8fe615”, “country”: “”, “description”: “Abu Hatim Co LLC is an Excellent Grade Engineering Construction Company established in 1991, special…”, “discovered”: “2026-04-14 10:58:24.191391”, “domain”: “abuhatim.com”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:57:52”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/21d2d388baaf6289a3cab07446e31cb5.png”, “url”: “https:\/\/www.ransomware.live\/id\/YWJ1aGF0aW0uY29tQGxvY2tiaXQ1”, “victim”: “abuhatim.com” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2026-04-03 12:43:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/33cd3932416d997324162442e6ef7cb8”, “country”: “EG”, “description”: “Mercedes-Benz, founded in 1967 and headquartered in Giza, Egypt, is a automobile dealer and motor ve…”, “discovered”: “2026-04-14 10:58:57.952841”, “domain”: “gas.mercedes-benz.com.eg”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:58:27”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/598f40d6f74e82dfefc7da504b24c830.png”, “url”: “https:\/\/www.ransomware.live\/id\/Z2FzLm1lcmNlZGVzLWJlbnouY29tLmVnQGxvY2tiaXQ1”, “victim”: “gas.mercedes-benz.com.eg” }, { “activity”: “Not Found”, “attackdate”: “2026-04-02 00:00:00.000000”, “claim_url”: “”, “country”: “US”, “description”: “Source Code of BK Tomorrow”, “discovered”: “2026-04-14 13:43:14.787158”, “domain”: “www.bktomorrow.com\/en”, “duplicates”: [], “extrainfos”: { “data_size”: “6GB” }, “group”: “nightspire”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/QksgVG9tb3Jyb3dAbmlnaHRzcGlyZQ==”, “victim”: “BK Tomorrow” }, { “activity”: “Technology”, “attackdate”: “2026-04-01 00:00:00.000000”, “claim_url”: “”, “country”: “TW”, “description”: “gem.com.tw zoominfo.com\/c\/gem-terminal-industry-co-ltd\/46452181 Gem Terminal Ind. Co., Ltd. is engaged in the manufacture and sale of terminals used for electronic communication, automobile transportation and electrical plugs. The Company also offers ceramic ferrules, bushings and modules. During the year ended December 31, 2007, the Company obtained approximately 92% of its total revenue from terminals”, “discovered”: “2026-04-14 10:28:37.811908”, “domain”: “gem.com.tw”, “duplicates”: [], “extrainfos”: [], “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-02 08:58:02”, “users”: 0, “users_url”: 0 }, “press”: { “link”: “https:\/\/www.ransomware.live\/id\/Z2VtLmNvbS50d0AyMDI2LTA0LTAx”, “source”: “https:\/\/emops.twse.com.tw\/server-java\/t05sr01_1_e?&isNew=Y&seq_no=1&spoke_time=165538&spoke_date=20260401&co_id=2460”, “summary”: “Certains syst\u00e8mes informatiques des filiales de Gem Terminal Industry, notamment Suzhou Gem Opto-Electronics Terminal Co., Ltd et Vietnam Gem Electronic and Metal Co., Ltd, ont \u00e9t\u00e9 victimes d’une cyberattaque le 1er avril 2026. L’\u00e9quipe de s\u00e9curit\u00e9 a imm\u00e9diatement activ\u00e9 des mesures de d\u00e9fense et de r\u00e9cup\u00e9ration, tandis que des experts externes ont \u00e9t\u00e9 engag\u00e9s pour assister dans l’investigation. Bien que les syst\u00e8mes soient actuellement restaur\u00e9s par phases, l’incident n’a pas d’impact mat\u00e9riel sur les op\u00e9rations de l’entreprise selon l’\u00e9valuation actuelle.” }, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/R0VNIFRlcm1pbmFsQHRoZWdlbnRsZW1lbg==”, “victim”: “GEM Terminal” }, { “activity”: “Not Found”, “attackdate”: “2026-03-20 00:00:00.000000”, “claim_url”: “”, “country”: “”, “description”: “intracare.co.nz zoominfo.com\/c\/intra-ltd\/430152179 IntraCare is New Zealand’s leading private centre of excellence for advanced image-guided medical diagnostics and interventions, founded in 1990 in Auckland. It specialises in three areas: Interventional Cardiology, Electrophysiology, and Interventional Radiology, with over 30 practising specialists treating more than 2,000 patients per year. The clinic operates from two locations \u2014 Allevia Hospital Epsom and Southern Cross Hospital North Shore \u2014 and is internationally recognized for pioneering procedures like TAVI, implanting the first device in the Asia-Pacific region in 2008”, “discovered”: “2026-04-14 10:28:41.961182”, “domain”: “intracare.co.nz”, “duplicates”: [], “extrainfos”: [], “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-02 18:45:06”, “users”: 0, “users_url”: 0 }, “press”: { “link”: “https:\/\/www.ransomware.live\/id\/aW50cmFjYXJlLmNvLm56QDIwMjYtMDMtMjA=”, “source”: “https:\/\/intracare.co.nz\/information-regarding-cyber-incident\/”, “summary”: “L’organisation de sant\u00e9 IntraCare a signal\u00e9 un incident de cybers\u00e9curit\u00e9 impliquant un acc\u00e8s non autoris\u00e9 \u00e0 son r\u00e9seau le 20 mars 2026, ce qui a conduit \u00e0 l’arr\u00eat temporaire de ses syst\u00e8mes informatiques et \u00e0 la suspension des proc\u00e9dures m\u00e9dicales. L’entreprise a engag\u00e9 des experts en cybers\u00e9curit\u00e9 externes et collabor\u00e9 avec les autorit\u00e9s n\u00e9o-z\u00e9landaises pour enqu\u00eater sur l’incident et s\u00e9curiser les donn\u00e9es, tout en assurant que la qualit\u00e9 des soins aux patients n’\u00e9tait pas compromise. Les services ont \u00e9t\u00e9 r\u00e9tablis le 30 mars 2026, et l’organisation a confirm\u00e9 qu’elle n’avait jamais subi d’incident de ce type auparavant.” }, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/SW50cmFAdGhlZ2VudGxlbWVu”, “victim”: “Intra” }, { “activity”: “Public Sector”, “attackdate”: “2026-03-05 17:21:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/00c859168837cbf0d4606f84b4d39ed7”, “country”: “US”, “description”: “The Town of Orange, Virginia, is the seat of Orange County and serves as its business center, offeri…”, “discovered”: “2026-04-14 10:59:46.007508”, “domain”: “townoforangeva.gov”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:59:15”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/7d59adc0138affa1dfa14fa47304a2a4.png”, “url”: “https:\/\/www.ransomware.live\/id\/dG93bm9mb3JhbmdldmEuZ292QGxvY2tiaXQ1”, “victim”: “townoforangeva.gov” }, { “activity”: “Technology”, “attackdate”: “2026-03-04 13:27:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/8a094297f844e798772725e2ecb9419b”, “country”: “BA”, “description”: “SportVision is a sports gear shop that helps athletes and fitness fans find exactly what they need….”, “discovered”: “2026-04-14 11:00:28.435466”, “domain”: “sportvision.ba”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2026-04-14 10:59:52”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/04d023f36694e1558edab3bed94b99f6.png”, “url”: “https:\/\/www.ransomware.live\/id\/c3BvcnR2aXNpb24uYmFAbG9ja2JpdDU=”, “victim”: “sportvision.ba” }, { “activity”: “Education”, “attackdate”: “2026-02-09 00:00:00.000000”, “claim_url”: “http:\/\/efs3fkrjyvqsk7nugzteelo5i5jxoch5ziqhf37dzmmlmzzlymhawmid.onion\/index.php?p=”, “country”: “PL”, “description”: “The Faculty of Management at the University of Warsaw is a leading institution in the field of business education, offering a wide range of undergraduate and graduate programs that combine theory with practical experience. However, it is not known for its high level of security and data storage reliability, resulting in the leak of data on students, instructors, and leading professors, as well as student projects and papers.”, “discovered”: “2026-04-15 19:15:18.072523”, “domain”: “uw.edu.pl”, “duplicates”: [], “extrainfos”: [], “group”: “interlock”, “infostealer”: { “employees”: 37, “employees_url”: 28, “infostealer_stats”: { “Acreed”: 6, “Atomic”: 3, “Azorult”: 68, “CRYPTBOT”: 11, “Ficker”: 3, “Generic Stealer”: 616, “Lumma”: 666, “Mystic”: 3, “Raccoon”: 233, “RedLine”: 782, “StealC”: 117, “UNKNOWN”: 34, “Vidar”: 83 }, “thirdparties”: 200, “thirdparties_domain”: 49, “update”: “2026-03-24 11:19:58”, “users”: 2723, “users_url”: 100 }, “press”: { “link”: “https:\/\/www.ransomware.live\/id\/dXcuZWR1LnBsQDIwMjYtMDItMDk=”, “source”: “https:\/\/naukawpolsce.pl\/aktualnosci\/news%2C111749%2Cgawkowski-zidentyfikowano-atak-hakerski-na-czesc-infrastruktury-it”, “summary”: “Uniwersytet Warszawski potwierdzi\u0142 obecno\u015b\u0107 z\u0142o\u015bliwego oprogramowania typu ransomware w swojej infrastrukturze IT, kt\u00f3re zosta\u0142o zidentyfikowane w styczniu 2026 roku. Wicepremier Krzysztof Gawkowski oraz rzeczniczka uczelni dr Anna Modzelewska zaznaczyli, \u017ce dotychczasowe ustalenia nie wskazuj\u0105 na nieuprawniony dost\u0119p do danych osobowych student\u00f3w czy pracownik\u00f3w. W zwi\u0105zku z incydentem uczelnia zg\u0142osi\u0142a zdarzenie do s\u0142u\u017cb pa\u0144stwowych, w tym do CERT Polska i policji, a tak\u017ce podj\u0119\u0142a dzia\u0142ania maj\u0105ce na celu ograniczenie skutk\u00f3w ataku i usuni\u0119cie zagro\u017cenia.” }, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f2967a53a6f78395f3f4111347fda4f8.png”, “url”: “https:\/\/www.ransomware.live\/id\/VW5pd2Vyc3l0ZXQgV2Fyc3phd3NraUBpbnRlcmxvY2s=”, “victim”: “Uniwersytet Warszawski” }, { “activity”: “Manufacturing”, “attackdate”: “2026-02-04 07:49:00.000000”, “claim_url”: “http:\/\/lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion\/post\/c12e5c622022fe3694473c0b3bc513a9”, “country”: “BR”, “description”: “Fast Tecnologia Industrial specializes in industrial equipment and systems for wastewater treatment…”, “discovered”: “2026-04-14 11:01:28.034548”, “domain”: “fastindustria.com.br”, “duplicates”: [], “extrainfos”: [], “group”: “lockbit5”, “infostealer”: { “employees”: 1, “employees_url”: 1, “infostealer_stats”: { “RedLine”: 4, “StealC”: 1 }, “thirdparties”: 2, “thirdparties_domain”: 2, “update”: “2026-04-14 11:00:57”, “users”: 4, “users_url”: 2 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/8c9650fbfef40a0b5658f813b73bb44c.png”, “url”: “https:\/\/www.ransomware.live\/id\/ZmFzdGluZHVzdHJpYS5jb20uYnJAbG9ja2JpdDU=”, “victim”: “fastindustria.com.br” }, { “activity”: “Technology”, “attackdate”: “2025-10-05 10:48:01.393927”, “claim_url”: “”, “country”: “US”, “description”: “Status: STATUS: NEGOTIATING | Sector: Business Services | Internal projects, secrets, api keys etc DATA SIZE: 250GB | Deadline: 8d 8h”, “discovered”: “2026-04-15 19:08:36.473129”, “domain”: “www.spglobal.com\/en”, “duplicates”: [ { “attackdate”: “2025-10-05 10:48:01.393927”, “date”: “2026-04-15 19:08:36.546418”, “group”: “shinyhunters”, “link”: “https:\/\/www.ransomware.live\/id\/UyZQIEdsb2JhbCAoc3BnbG9iYWwuY29tKUBzaGlueWh1bnRlcnM=” } ], “extrainfos”: [], “group”: “vect”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/UyZQR0xPQkFMLCBMaXRlTExNL1RyaXZ5IGNhbXBhaWduIChUZWFtUENQKUB2ZWN0”, “victim”: “S&PGLOBAL, LiteLLM\/Trivy campaign (TeamPCP)” } ]