{ “Cyberattacks”: { “Last Update RSS”: “2025-07-08T17:24:58.867859+00:00”, “Last Update json”: “2025-07-08T17:25:01.008821+00:00”, “Number”: 2425 }, “Groups”: { “Last Update”: “2025-07-08T17:09:02.494188+00:00”, “Numbers”: 273 }, “Last Updates”: { “BTC Transactions”: “2025-01-20T11:18:01.771520+00:00”, “Infostealers”: “2025-07-08T17:17:13.913258+00:00”, “TTPs”: “2025-01-20T11:18:01.727523+00:00”, “Vulnerabilities”: “2025-05-25T13:59:53.450154+00:00” }, “Victims”: { “Last Update CSV”: “2025-07-08T17:24:59.420849+00:00”, “Last Update RSS”: “2025-07-08T17:24:59.130854+00:00”, “Last Update json”: “2025-07-08T17:17:54.911519+00:00”, “Numbers”: 20665 } }
[ { “activity”: “Not Found”, “attackdate”: “2025-07-08 17:17:09.562150”, “claim_url”: “http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/\/topic.php?id=I7SJU535XjpRra”, “country”: “US”, “description”: “United States”, “discovered”: “2025-07-08 17:17:54.602405”, “domain”: “www.wfmt.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/49e2f51cbd2cda119fca04a7476ec52e.png”, “url”: “https:\/\/www.ransomware.live\/id\/V2ZtdEBwbGF5”, “victim”: “Wfmt” }, { “activity”: “Not Found”, “attackdate”: “2025-07-08 17:16:22.322833”, “claim_url”: “http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/\/topic.php?id=WAin06XgTbVfTg”, “country”: “US”, “description”: “United States”, “discovered”: “2025-07-08 17:17:07.713816”, “domain”: “www.woodpatel.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/86fe4c99d86579e94efd4692c95e41f7.png”, “url”: “https:\/\/www.ransomware.live\/id\/V29vZCwgUGF0ZWwgJiBBc3NvY2lhdGVzQHBsYXk=”, “victim”: “Wood, Patel & Associates” }, { “activity”: “Energy”, “attackdate”: “2025-07-08 17:15:32.990759”, “claim_url”: “http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/\/topic.php?id=oi6jsjwS9drIA”, “country”: “US”, “description”: “United States”, “discovered”: “2025-07-08 17:16:20.575979”, “domain”: “www.tyreeoil.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/0c5cf9b82212defeacb741203ff47197.png”, “url”: “https:\/\/www.ransomware.live\/id\/VHlyZWUgT2lsQHBsYXk=”, “victim”: “Tyree Oil” }, { “activity”: “Not Found”, “attackdate”: “2025-07-08 16:19:39.084764”, “claim_url”: “”, “country”: “US”, “description”: “Why did the ransomware victims’ law firm start offering yoga classes?\nBecause they wanted to teach their clients how to stay flexible when dealing with unexpected \”attacks\”!\n\nA law firm that helps ransomware victims got hit themselves? Looks like they have not just clients in hostage, but their own data too!\n\nThe archive contains data of the following companies: \nhttps:\/\/thesandersfirm.com\/\nhttps:\/\/aronovaassociates.com\/\nhttps:\/\/sgafirm.com\/\nhttps:\/\/milberg.com\/\n\nP.S.\nWe get it, you\u2019re some top-notch lawyers doing everything you can to dodge the fallout with legal tricks, but you still have a shot at a sweet deal for now.Geo: USA – Leak size: 3 TB – Contains: Sensitive information”, “discovered”: “2025-07-08 16:19:41.206118”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “sarcoma”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TWlsYmVyZ0BzYXJjb21h”, “victim”: “Milberg” }, { “activity”: “Healthcare”, “attackdate”: “2025-07-08 15:26:55.324831”, “claim_url”: “”, “country”: “US”, “description”: “Florida Hand Center Florida Hand Center specializes in non-surgical and minimally invasive treatments for hand, wrist, and elbow conditions, serving patients in Punta Gorda, Port Charlotte, and Fort Myers, Florida.”, “discovered”: “2025-07-08 15:26:57.670699”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “rhysida”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/RmxvcmlkYSBIYW5kIENlbnRlckByaHlzaWRh”, “victim”: “Florida Hand Center” }, { “activity”: “Not Found”, “attackdate”: “2025-07-08 11:56:01.747067”, “claim_url”: “http:\/\/vmjfieomxhnfjba57sd6jjws2ogvowjgxhhfglsikqvvrnrajbmpxqqd.onion\/?p=438”, “country”: “IR”, “description”: “Iran International has been successfully hacked. All of the network\u2019s systems, servers, and communication infrastructure have been fully compromised and infected. A complete internal data dump has been extracted. This includes: Confidential internal and external communications Personal and security details of staff members Identities and contact logs of media liaisons Bank records, financial contracts, and\u2026”, “discovered”: “2025-07-08 11:56:29.595425”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “handala”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/66ae0c22e059ddf1a91b3d113d22ba59.png”, “url”: “https:\/\/www.ransomware.live\/id\/SXJhbiBJbnRlcm5hdGlvbmFsQGhhbmRhbGE=”, “victim”: “Iran International” }, { “activity”: “Not Found”, “attackdate”: “2025-07-08 06:17:29.156344”, “claim_url”: “”, “country”: “”, “description”: “https:\/\/bigsilvermanu.com Big Silver was established as a small company in 1993 in a part of Bangkok, the capital of Thailand. With Italian machinery, updated technology, and proper know-how: these fundamental factors make Big Silver worldwide accepted in the field of\u2026”, “discovered”: “2025-07-08 06:17:31.514715”, “domain”: “bigsilvermanu.com”, “duplicates”: [], “extrainfos”: [], “group”: “d4rk4rmy”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-08 16:26:16”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/QklHIFNJTFZFUkBkNHJrNHJteQ==”, “victim”: “BIG SILVER” }, { “activity”: “Not Found”, “attackdate”: “2025-07-08 06:17:25.600856”, “claim_url”: “”, “country”: “ZA”, “description”: “https:\/\/mafate.co.za It was established at Steelport, under the entrepreneurial spirit of its Director Mr Mahlaka Lucas Makuwa in the year 2002. it is a competent and competitive black owned Mining supply Company that delivers quality products and services into the local\u2026”, “discovered”: “2025-07-08 06:17:27.076851”, “domain”: “mafate.co.za”, “duplicates”: [], “extrainfos”: [], “group”: “d4rk4rmy”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-08 16:26:42”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TUFGQVRFIEJVU0lORVNTIEVOVEVSUFJJU0VAZDRyazRybXk=”, “victim”: “MAFATE BUSINESS ENTERPRISE” }, { “activity”: “Education”, “attackdate”: “2025-07-08 06:17:21.148376”, “claim_url”: “”, “country”: “PR”, “description”: “https:\/\/www.uprrp.edu The University of Puerto Rico R\u00edo Piedras Campus is the oldest and largest higher learning institution in the Caribbean. Founded in 1903, the R\u00edo Piedras Campus stands out for its academic excellence, its diverse academic offerings, and its vibrant\u2026”, “discovered”: “2025-07-08 06:17:23.394515”, “domain”: “uprrp.edu”, “duplicates”: [], “extrainfos”: [], “group”: “d4rk4rmy”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Azorult”: 14, “DarkCrystal”: 4, “Generic Stealer”: 33, “Lumma”: 40, “Raccoon”: 66, “RedLine”: 145, “StealC”: 16, “Taurus”: 2, “UNKNOWN”: 8, “Vidar”: 15 }, “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-08 16:27:16”, “users”: 207, “users_url”: 79 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/VW5pdmVyc2l0eSBvZiBQdWVydG8gUmljb1LDrW8gUGllZHJhcyBDYW1wdXNAZDRyazRybXk=”, “victim”: “University of Puerto RicoR\u00edo Piedras Campus” }, { “activity”: “Healthcare”, “attackdate”: “2025-07-07 23:25:37.761850”, “claim_url”: “http:\/\/santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion\/\/pharmaron-com”, “country”: “CN”, “description”: “[AI generated] Pharmaron is a global drug research and development service provider. The company offers a range of services including drug discovery, preclinical development, clinical trial services, chemistry, manufacturing and controls (CMC), and pharmaceutical R&D services. Based in China, it has operations in North America and Europe, aiming to serve the international pharmaceutical industry.”, “discovered”: “2025-07-07 23:26:07.287254”, “domain”: “PHARMARON.COM”, “duplicates”: [], “extrainfos”: [], “group”: “clop”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/b9e489cfb805072376d3d526bc751e27.png”, “url”: “https:\/\/www.ransomware.live\/id\/UEhBUk1BUk9OLkNPTUBjbG9w”, “victim”: “PHARMARON.COM” }, { “activity”: “Not Found”, “attackdate”: “2025-07-07 23:24:41.290718”, “claim_url”: “http:\/\/santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion\/\/pilotthomas-com”, “country”: “US”, “description”: “[AI generated] Pilot Thomas Logistics is a US-based company leading in the provision of fuel, lubricants, and chemicals for various industries. It caters to national and international operators in the sector of marine, drilling, exploration and production. The company also offers services such as transportation, equipment, and workforce needs for several industries. Pilot Thomas is committed to health, safety, environment, and quality.”, “discovered”: “2025-07-07 23:25:13.811940”, “domain”: “PILOTTHOMAS.COM”, “duplicates”: [], “extrainfos”: [], “group”: “clop”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/52adfdf7cdefbd4650c018ca67f425d5.png”, “url”: “https:\/\/www.ransomware.live\/id\/UElMT1RUSE9NQVMuQ09NQGNsb3A=”, “victim”: “PILOTTHOMAS.COM” }, { “activity”: “Technology”, “attackdate”: “2025-07-07 23:05:18.289974”, “claim_url”: “”, “country”: “TW”, “description”: “https:\/\/www.twds.com.tw Provide network access services, providing the most suitable network access solutions from different specifications of network requirements, network environment, etc. At the same time, network stress testing services are also provided to ensure that your network can withstand high\u2026”, “discovered”: “2025-07-07 23:05:24.674603”, “domain”: “twds.com.tw”, “duplicates”: [], “extrainfos”: [], “group”: “d4rk4rmy”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 23:05:45”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/VGFpd2FuIERpZ2l0YWwgU3RyZWFtaW5nIENvIEx0ZEBkNHJrNHJteQ==”, “victim”: “Taiwan Digital Streaming Co Ltd” }, { “activity”: “Technology”, “attackdate”: “2025-07-07 23:05:13.894501”, “claim_url”: “”, “country”: “PL”, “description”: “https:\/\/www.elzab.com.pl From the first Polish minicomputer to electric car charging stations and responsive web applications. Silesian reliability, European design, recognizable brand among fiscal devices. ELZAB from ELZAB Street. 50 years of tradition of innovative constructions that have changed the course\u2026”, “discovered”: “2025-07-07 23:05:16.235125”, “domain”: “elzab.com.pl”, “duplicates”: [], “extrainfos”: [], “group”: “d4rk4rmy”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Lumma”: 14, “Mystic”: 2, “Raccoon”: 26, “RedLine”: 14, “StealC”: 4, “UNKNOWN”: 2, “Vidar”: 2 }, “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 23:06:21”, “users”: 39, “users_url”: 9 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/RUxaQUJAZDRyazRybXk=”, “victim”: “ELZAB” }, { “activity”: “Not Found”, “attackdate”: “2025-07-07 22:52:40.985915”, “claim_url”: “http:\/\/j3dp6okmaklajrsk6zljl5sfa2vpui7j2w6cwmhmmqhab6frdfbphhid.onion#silverdalebc”, “country”: “US”, “description”: “[AI generated] N\/A”, “discovered”: “2025-07-07 22:53:07.890121”, “domain”: “silverdalebc.com”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:52:23”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/dd29607fd0335dcac1021bca0436f80c.png”, “url”: “https:\/\/www.ransomware.live\/id\/c2lsdmVyZGFsZWJjLmNvbUBzYWZlcGF5”, “victim”: “silverdalebc.com” }, { “activity”: “Healthcare”, “attackdate”: “2025-07-07 22:51:51.260512”, “claim_url”: “http:\/\/j3dp6okmaklajrsk6zljl5sfa2vpui7j2w6cwmhmmqhab6frdfbphhid.onion#chirurgiemaxillo”, “country”: “CA”, “description”: “Le Dr Nimaat Pertick vous offre des traitements pour les dents de sagesse, les implants dentaires, la greffe osseuse et la chirurgie orthognatique.”, “discovered”: “2025-07-07 22:52:18.267720”, “domain”: “chirurgiemaxillo.com”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:51:32”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f589fd1f7551c29ee03a0c8f42468a47.png”, “url”: “https:\/\/www.ransomware.live\/id\/Y2hpcnVyZ2llbWF4aWxsby5jb21Ac2FmZXBheQ==”, “victim”: “chirurgiemaxillo.com” }, { “activity”: “Healthcare”, “attackdate”: “2025-07-07 22:50:57.395813”, “claim_url”: “http:\/\/j3dp6okmaklajrsk6zljl5sfa2vpui7j2w6cwmhmmqhab6frdfbphhid.onion#lowcostspayneuterindiana”, “country”: “US”, “description”: “[AI generated] LowCostSpayNeuterIndiana.org is an organization based in Indiana that aims to control the pet population and reduce euthanasia rates by providing affordable spay and neuter services. They cater to cats, dogs, and feral cats, providing medical services like vaccinations, heartworm testing, and microchipping in addition to population control measures.”, “discovered”: “2025-07-07 22:51:28.844723”, “domain”: “lowcostspayneuterindiana.org”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:50:39”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a82852b8dd137ef131295d96f838a056.png”, “url”: “https:\/\/www.ransomware.live\/id\/bG93Y29zdHNwYXluZXV0ZXJpbmRpYW5hLm9yZ0BzYWZlcGF5”, “victim”: “lowcostspayneuterindiana.org” }, { “activity”: “Education”, “attackdate”: “2025-07-07 22:50:08.048596”, “claim_url”: “http:\/\/j3dp6okmaklajrsk6zljl5sfa2vpui7j2w6cwmhmmqhab6frdfbphhid.onion#avgouleaschool”, “country”: “GR”, “description”: “[AI generated] N\/A”, “discovered”: “2025-07-07 22:50:35.192267”, “domain”: “avgouleaschool.gr”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 26, “employees_url”: 4, “infostealer_stats”: { “Lumma”: 28, “Predator”: 2, “Raccoon”: 10, “RedLine”: 60, “StealC”: 4 }, “thirdparties”: 59, “thirdparties_domain”: 19, “update”: “2025-07-07 22:49:52”, “users”: 28, “users_url”: 10 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/d6b266d4d1bb894c8ee081201f8689c2.png”, “url”: “https:\/\/www.ransomware.live\/id\/YXZnb3VsZWFzY2hvb2wuZ3JAc2FmZXBheQ==”, “victim”: “avgouleaschool.gr” }, { “activity”: “Not Found”, “attackdate”: “2025-07-07 22:49:17.360427”, “claim_url”: “http:\/\/j3dp6okmaklajrsk6zljl5sfa2vpui7j2w6cwmhmmqhab6frdfbphhid.onion#lewis”, “country”: “UK”, “description”: “[AI generated] N\/A”, “discovered”: “2025-07-07 22:49:45.691233”, “domain”: “lewis-manning.org.uk”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:49:00”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/00c2399f4740a0d50033e14afdb23566.png”, “url”: “https:\/\/www.ransomware.live\/id\/bGV3aXMtbWFubmluZy5vcmcudWtAc2FmZXBheQ==”, “victim”: “lewis-manning.org.uk” }, { “activity”: “Not Found”, “attackdate”: “2025-07-07 22:48:27.759798”, “claim_url”: “http:\/\/j3dp6okmaklajrsk6zljl5sfa2vpui7j2w6cwmhmmqhab6frdfbphhid.onion#wmat”, “country”: “US”, “description”: “[AI generated] N\/A”, “discovered”: “2025-07-07 22:48:55.010477”, “domain”: “wmat.nsn.us”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:48:09”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/ba4d7a5d77838876d4b389030e8fc5d0.png”, “url”: “https:\/\/www.ransomware.live\/id\/d21hdC5uc24udXNAc2FmZXBheQ==”, “victim”: “wmat.nsn.us” }, { “activity”: “Not Found”, “attackdate”: “2025-07-07 22:47:36.032411”, “claim_url”: “http:\/\/j3dp6okmaklajrsk6zljl5sfa2vpui7j2w6cwmhmmqhab6frdfbphhid.onion#cascobay”, “country”: “US”, “description”: “[AI generated] Casco Bay is a conservation organization based in Maine, United States. The primary aim of the company is to improve the water quality of the Casco Bay. They conduct research, advocate, and implement protective measures for combatting pollution. Their initiatives include Clean Water Act enforcement, green infrastructure promotion, education programs about pollution prevention, water quality monitoring, and baykeeping for Casco Bay.”, “discovered”: “2025-07-07 22:48:05.221964”, “domain”: “cascobay.org”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:17:27”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/ca54335ef4d68360affd938b590f5a79.png”, “url”: “https:\/\/www.ransomware.live\/id\/Y2FzY29iYXkub3JnQHNhZmVwYXk=”, “victim”: “cascobay.org” }, { “activity”: “Not Found”, “attackdate”: “2025-07-07 22:47:06.760205”, “claim_url”: “http:\/\/j3dp6okmaklajrsk6zljl5sfa2vpui7j2w6cwmhmmqhab6frdfbphhid.onion#profile”, “country”: “US”, “description”: “[AI generated] N\/A”, “discovered”: “2025-07-07 22:47:34.098751”, “domain”: “profile-ind.com”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:16:37”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/47212cb78b286cd7cc74ca96f12d3b32.png”, “url”: “https:\/\/www.ransomware.live\/id\/cHJvZmlsZS1pbmQuY29tQHNhZmVwYXk=”, “victim”: “profile-ind.com” }, { “activity”: “Not Found”, “attackdate”: “2025-07-07 22:46:37.195912”, “claim_url”: “http:\/\/j3dp6okmaklajrsk6zljl5sfa2vpui7j2w6cwmhmmqhab6frdfbphhid.onion#relucent”, “country”: “US”, “description”: “[AI generated] N\/A”, “discovered”: “2025-07-07 22:47:04.663943”, “domain”: “relucent.com”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:15:48”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f4acb943460e233e75ece025806b1136.png”, “url”: “https:\/\/www.ransomware.live\/id\/cmVsdWNlbnQuY29tQHNhZmVwYXk=”, “victim”: “relucent.com” }, { “activity”: “Not Found”, “attackdate”: “2025-07-07 22:46:05.941590”, “claim_url”: “http:\/\/j3dp6okmaklajrsk6zljl5sfa2vpui7j2w6cwmhmmqhab6frdfbphhid.onion#fmsarchitects”, “country”: “US”, “description”: “[AI generated] FMS Architects, established in 1983, is a UK based architectural firm that is influenced by modernist principles. With experience in educational, commercial, and residential sectors, their architects work closely with clients and co-consultants to deliver bespoke architectural outcomes. Their ambition is to create buildings which optimize spatial potential and minimize environmental impact. They are committed to leading on sustainability within the design and construction industry.”, “discovered”: “2025-07-07 22:46:35.080511”, “domain”: “fmsarchitects.com”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:14:55”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/0af035d779e3f971741113e1a0813ed7.png”, “url”: “https:\/\/www.ransomware.live\/id\/Zm1zYXJjaGl0ZWN0cy5jb21Ac2FmZXBheQ==”, “victim”: “fmsarchitects.com” }, { “activity”: “Not Found”, “attackdate”: “2025-07-07 22:45:30.001423”, “claim_url”: “http:\/\/j3dp6okmaklajrsk6zljl5sfa2vpui7j2w6cwmhmmqhab6frdfbphhid.onion#ppa-eng”, “country”: “”, “description”: “[AI generated] N\/A”, “discovered”: “2025-07-07 22:46:01.084061”, “domain”: “ppa-eng.com.org”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:13:52”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/6d5cd7f8ae6919bc15578f4ae27639fc.png”, “url”: “https:\/\/www.ransomware.live\/id\/cHBhLWVuZy5jb20ub3JnQHNhZmVwYXk=”, “victim”: “ppa-eng.com.org” }, { “activity”: “Healthcare”, “attackdate”: “2025-07-07 22:44:54.947276”, “claim_url”: “http:\/\/j3dp6okmaklajrsk6zljl5sfa2vpui7j2w6cwmhmmqhab6frdfbphhid.onion#caredig”, “country”: “GB”, “description”: “[AI generated] N\/A”, “discovered”: “2025-07-07 22:45:27.844817”, “domain”: “caredig.co.uk”, “duplicates”: [], “extrainfos”: [], “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:12:56”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/dda7882fb9369f2e2d4c3987c5e93f81.png”, “url”: “https:\/\/www.ransomware.live\/id\/Y2FyZWRpZy5jby51a0BzYWZlcGF5”, “victim”: “caredig.co.uk” }, { “activity”: “Healthcare”, “attackdate”: “2025-07-07 22:14:31.932690”, “claim_url”: “https:\/payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion\/detail_post\/Vl7kgk4ikeixwrXDYhrE”, “country”: “US”, “description”: “[AI generated] Crenshaw Community Hospital is a medical facility based in Luverne, Alabama. Established in 1967, it offers a wide range of comprehensive health care services. In addition to an emergency department, the not-for-profit hospital operates outpatient clinics, laboratory and radiology services, and rehab facilities. The hospital remains committed to meeting the healthcare needs of Crenshaw County and the surrounding communities.”, “discovered”: “2025-07-07 22:15:00.138822”, “domain”: “crenshawcommunityhospital.com”, “duplicates”: [], “extrainfos”: { “data_size”: “53GB” }, “group”: “payoutsking”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:14:13”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/23adbb8f35444c55f68c611c29352d4b.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q3JlbnNoYXcgQ29tbXVuaXR5IEhvc3BpdGFsQHBheW91dHNraW5n”, “victim”: “Crenshaw Community Hospital” }, { “activity”: “Manufacturing”, “attackdate”: “2025-07-07 22:13:24.113153”, “claim_url”: “https:\/payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion\/detail_post\/JsUQzT31KGLFyR1sFcut”, “country”: “IT”, “description”: “[AI generated] Rhea Vendors Group SpA is an Italy-based global company specializing in manufacturing vending machines for hot and cold drinks and snacks. Founded in 1960, the company utilizes advanced technology and innovative designs to deliver high-quality products. Their products range from custom-designed vending machines to fully automatic coffee machines. They cater to a broad range of industries, including offices, retail, and hospitality.”, “discovered”: “2025-07-07 22:13:50.750744”, “domain”: “rheavendors.com”, “duplicates”: [], “extrainfos”: { “data_size”: “1.7TB” }, “group”: “payoutsking”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Lumma”: 6 }, “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:10:46”, “users”: 3, “users_url”: 3 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/36ac6f9058b14906f716d8bc87d2040a.png”, “url”: “https:\/\/www.ransomware.live\/id\/UmhlYSBWZW5kb3JzIEdyb3VwIFNwQUBwYXlvdXRza2luZw==”, “victim”: “Rhea Vendors Group SpA” }, { “activity”: “Not Found”, “attackdate”: “2025-07-07 22:10:36.431601”, “claim_url”: “https:\/payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion\/detail_post\/vue8olEpCoRNFL56HpU6”, “country”: “ES”, “description”: “[AI generated] N\/A”, “discovered”: “2025-07-07 22:10:40.537942”, “domain”: “ltlevante.com”, “duplicates”: [], “extrainfos”: { “data_size”: “916GB” }, “group”: “payoutsking”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “RedLine”: 4, “StealC”: 2 }, “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:10:20”, “users”: 2, “users_url”: 1 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TFRMQHBheW91dHNraW5n”, “victim”: “LTL” }, { “activity”: “Not Found”, “attackdate”: “2025-07-07 22:10:12.154990”, “claim_url”: “”, “country”: “DE”, “description”: “”, “discovered”: “2025-07-07 22:10:14.047527”, “domain”: “s****.com”, “duplicates”: [], “extrainfos”: { “data_size”: “2.5TB” }, “group”: “payoutsking”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:09:52”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/UyoqKipIQHBheW91dHNraW5n”, “victim”: “S****H” }, { “activity”: “Not Found”, “attackdate”: “2025-07-07 20:17:05.874113”, “claim_url”: “http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/\/topic.php?id=bSi3nETDg90X8c”, “country”: “US”, “description”: “United States”, “discovered”: “2025-07-07 20:17:50.776571”, “domain”: “www.leepub.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/6e8bf524a5b6437409a6af9640852908.png”, “url”: “https:\/\/www.ransomware.live\/id\/TGVlIFB1YmxpY2F0aW9uc0BwbGF5”, “victim”: “Lee Publications” }, { “activity”: “Construction”, “attackdate”: “2025-07-07 20:16:18.847901”, “claim_url”: “http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/\/topic.php?id=Tth6gT72We6OUY”, “country”: “US”, “description”: “United States”, “discovered”: “2025-07-07 20:17:03.807101”, “domain”: “www.alliedbuildings.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/e420772d577edcdd5e45c352bc894d2b.png”, “url”: “https:\/\/www.ransomware.live\/id\/QWxsaWVkIFN0ZWVsIEJ1aWxkaW5nc0BwbGF5”, “victim”: “Allied Steel Buildings” }, { “activity”: “Construction”, “attackdate”: “2025-07-07 20:15:29.836879”, “claim_url”: “http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/\/topic.php?id=sYC4WPnyMbCUJQ”, “country”: “US”, “description”: “United States”, “discovered”: “2025-07-07 20:16:16.982347”, “domain”: “www.advancereadymix.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/30d820045621808c8c39f0432cb68376.png”, “url”: “https:\/\/www.ransomware.live\/id\/QWR2YW5jZSBSZWFkeSBNaXhAcGxheQ==”, “victim”: “Advance Ready Mix” }, { “activity”: “Financial Services”, “attackdate”: “2025-07-07 16:41:59.708023”, “claim_url”: “”, “country”: “US”, “description”: “PennantPark is an independent middle market credit prov\nider specializing in targeted exposure to core middle m\narket credit.\n\nWe are ready to upload more than 6 GB of documents such\nas: employee documents (SSNs, IDs, passports, DLs, and\nso on), financial data, confidential reports, client d\nata, etc.\n\nWe have made the process of downloading company data as\nsimple as possible for our users. All you need is any \ntorrent client (like Vuze, Utorrent, qBittorrent or Tra\nnsmission to use magnet links). You will find the torre\nnt file above.\n\n Open uTorrent, or any another torrent client.\n Add torrent file or paste the magnet URL to upload \nthe data safely.\n Password: pennantpark.com\n\nMAGNET URL:\nmagnet:?xt=urn:btih:8699898E899408169F9FE893112C1ED8A66\n0285B&dn=pennantpark.com&tr=udp:\/\/tracker.openbittorren\nt.com:80\/announce&tr=udp:\/\/tracker.opentrackr.org:1337\/\nannounce\n”, “discovered”: “2025-07-07 16:42:04.435985”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/UGVubmFudFBhcmtAYWtpcmE=”, “victim”: “PennantPark” }, { “activity”: “Not Found”, “attackdate”: “2025-07-07 15:44:20.855503”, “claim_url”: “”, “country”: “IT”, “description”: “Studio Verna Societ\u00e0 Professionale offers integrated ec\nonomic, tax and legal advice to businesses and third se\nctor entities, with a highly personalized approach to t\nhe needs of the client and the sector in which it opera\ntes.\n\nHere is the access to 7 GB of documents such as: financ\nial data (audits, payment details, reports, invoices), \nclient financial data, agreements, project information,\nemployee information, etc.\n\nWe have made the process of downloading company data as\nsimple as possible for our users. All you need is any \ntorrent client (like Vuze, Utorrent, qBittorrent or Tra\nnsmission to use magnet links). You will find the torre\nnt file above.\n\n Open uTorrent, or any another torrent client.\n Add torrent file or paste the magnet URL to upload \nthe data safely.\n Password: sleepyhollowcc.org\n\nMAGNET URL:\nmagnet:?xt=urn:btih:9632AFDC95E139AA46CE7C2FD7977EFC208\n91B24&dn=studioverna.it&tr=udp:\/\/tracker.openbittorrent\n.com:80\/announce&tr=udp:\/\/tracker.opentrackr.org:1337\/a\nnnounce\n”, “discovered”: “2025-07-07 15:44:23.498589”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/U3R1ZGlvIFZlcm5hU29jaWV0w6AgUHJvZmVzc2lvbmFsZUBha2lyYQ==”, “victim”: “Studio VernaSociet\u00e0 Professionale” }, { “activity”: “Not Found”, “attackdate”: “2025-07-07 14:51:48.535414”, “claim_url”: “”, “country”: “BR”, “description”: “”, “discovered”: “2025-07-07 14:51:49.638817”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “cloak”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Tm9zKioqKioqKipvbS5ickBjbG9haw==”, “victim”: “Nos********om.br” }, { “activity”: “Not Found”, “attackdate”: “2025-07-07 14:51:44.922396”, “claim_url”: “”, “country”: “DE”, “description”: “”, “discovered”: “2025-07-07 14:51:46.489551”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “cloak”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/V3MqKioqKioqLmRlQGNsb2Fr”, “victim”: “Ws*******.de” }, { “activity”: “Business Services”, “attackdate”: “2025-07-07 13:15:35.253048”, “claim_url”: “”, “country”: “US”, “description”: “The archive contains data of the following companies: \nhttps:\/\/thesandersfirm.com\/\nhttps:\/\/aronovaassociates.com\/\nhttps:\/\/sgafirm.com\/\nhttps:\/\/milberg.com\/Geo: USA – Leak size: 3 TB – Contains: Files”, “discovered”: “2025-07-07 13:15:37.415603”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “sarcoma”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/aHR0cHM6Ly90aGVzYW5kZXJzZmlybS5jb20vQHNhcmNvbWE=”, “victim”: “https:\/\/thesandersfirm.com\/” }, { “activity”: “Education”, “attackdate”: “2025-07-07 03:00:00.000000”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/686b9aeec7b82dfe0b820d1f”, “country”: “US”, “description”: “Jubilee Jobs is one of the longest-serving and best non-profit workforce development providers in the Greater Washington Region. Jubilee Jobs programs offers hope for jobseekers all over Washington, DC as they strive to overcome often extensive barriers that result from unemployment, learning disabilities, former incarceration, and alcohol\/substance abuse. Some individuals desire to leave behind reliance on public subsidies. Others start with little work experience, large gaps in work history, communication or language barriers, low education or weak job proficiency. Jubilee Jobs sees beyond these circumstances and assists every applicant as they take steps toward a better life. At Jubilee Jobs, we pride ourselves on encouraging every applicant throughout the entire job process. The process begins with initial meetings with job counselors, moves to workshops (interviewing skills, conflict resolution, goal-setting) and ends with the individual obtaining a job.\r Employees: 32\r Revenue:$5 Million\r Industry: Business Services\r Downloaded: 10GB\r Phone Number:(202) 667-8970”, “discovered”: “2025-07-07 10:46:50.378837”, “domain”: “jubileejobs.org”, “duplicates”: [], “extrainfos”: [], “group”: “incransom”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 10:46:03”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/7af283f8fdea212f9ce018fe70f11d4c.png”, “url”: “https:\/\/www.ransomware.live\/id\/anViaWxlZWpvYnMub3JnQGluY3JhbnNvbQ==”, “victim”: “jubileejobs.org” }, { “activity”: “Technology”, “attackdate”: “2025-07-07 02:56:00.000000”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/686b9a0bc7b82dfe0b8200b7”, “country”: “US”, “description”: “TSAworld Inc. specializes in providing a wide range of office equipment and supplies including projectors, printers, copiers, and scanners, as well as their associated parts and maintenance kits. Their products cater to clients seeking technical expertise and quality office solutions. The company also offers resources such as credit applications and an exchange program to enhance customer support. Operating from Peachtree Corners, GA, TSAworld emphasizes customer service and support for all their offerings.\r Employees: 25\r Industry: Retail\r Downloaded: 25GB\r Phone Number:(770) 417-2323”, “discovered”: “2025-07-07 10:47:41.573083”, “domain”: “tsaworld.com”, “duplicates”: [], “extrainfos”: [], “group”: “incransom”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “RedLine”: 2 }, “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 10:46:57”, “users”: 1, “users_url”: 1 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/4fa8bc9d306eac57214d1cc17d54685c.png”, “url”: “https:\/\/www.ransomware.live\/id\/dHNhd29ybGQuY29tQGluY3JhbnNvbQ==”, “victim”: “tsaworld.com” }, { “activity”: “Technology”, “attackdate”: “2025-07-07 00:57:49.256000”, “claim_url”: “http:\/\/lynxchatly4zludmhmi75jrwhycnoqvkxb4prohxmyzf4euf5gjxroad.onion\/leaks\/686b1b8dcc2d2d4e6872bec3”, “country”: “SG”, “description”: “\r”, “discovered”: “2025-07-07 01:00:16.159691”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “lynx”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/90cc4b949a5b53ad3f4e7d45252cfe17.png”, “url”: “https:\/\/www.ransomware.live\/id\/SVRBQ0NFU1MgUFRFLiBMVEQuQGx5bng=”, “victim”: “ITACCESS PTE. LTD.” }, { “activity”: “Not Found”, “attackdate”: “2025-07-07 00:00:00.000000”, “claim_url”: “http:\/\/tzhwmgguyxrg6q3tu4q3gvopcjynrhw6ryx2bdl5ghisdkyunfua5xyd.onion\/blog\/0f09749244704dd7eda6e563ddd286eb4bd7ab0138dfefbc93a237c6179c0b21\/”, “country”: “”, “description”: “Satanlock project will be shut down”, “discovered”: “2025-07-07 11:16:25.579156”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “satanlockv2”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/1ef3a772f247974c2b3329a2ffdf9356.png”, “url”: “https:\/\/www.ransomware.live\/id\/U2F0YW5sb2NrIHByb2plY3Qgd2lsbCBiZSBzaHV0IGRvd25Ac2F0YW5sb2NrdjI=”, “victim”: “Satanlock project will be shut down” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2025-07-07 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=640a96d5-9aec-30a3-bf63-74f517f26891”, “country”: “IT”, “description”: “Ridewill, is a retail company specializing in sports merchandise and equipment. The company deals with the sale of sporting goods, mainly related to the cycling sector. Our team managed to breach Cenomi Retail network. We hacked Ridewill and …”, “discovered”: “2025-07-07 14:18:06.632755”, “domain”: “ridewill.it”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Atomic”: 6, “Azorult”: 54, “CRYPTBOT”: 8, “Lumma”: 532, “Mystic”: 4, “Raccoon”: 294, “RedLine”: 684, “StealC”: 90, “Taurus”: 2, “UNKNOWN”: 18, “Vidar”: 134 }, “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 14:17:17”, “users”: 1133, “users_url”: 28 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/e27f3af6f0071f2c2a96278695ad7aa9.png”, “url”: “https:\/\/www.ransomware.live\/id\/UmlkZXdpbGwgU1JMQHFpbGlu”, “victim”: “Ridewill SRL” }, { “activity”: “Manufacturing”, “attackdate”: “2025-07-07 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=fc583e64-61a6-3ccc-bb47-61f82c403476”, “country”: “IT”, “description”: “Since 1974, Volpato Industrie has been working with the aim of continuously improving the technical and aesthetic quality of its products. An approach totally oriented towards customer satisfaction that has allowed the company to develop the …”, “discovered”: “2025-07-08 06:48:13.832895”, “domain”: “www.volpatoindustrie.it”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/794c310c48157d4e901984608166670c.png”, “url”: “https:\/\/www.ransomware.live\/id\/dm9scGF0b2luZHVzdHJpZS5pdEBxaWxpbg==”, “victim”: “volpatoindustrie.it” }, { “activity”: “Manufacturing”, “attackdate”: “2025-07-06 11:53:49.573066”, “claim_url”: “https:\/\/handala-hack.to\/freedom-wood-doors-ltd-hacked\/”, “country”: “”, “description”: “Freedom Wood Doors Ltd Hacked Freedom Wood Doors Ltd, a manufacturer of interior doors based in Hod HaSharon, has experienced a data leak. The compromised information includes: Full client lists (including private residences, contractors, and several government-linked entities), Invoices, delivery schedules, internal price quotes, Technical specifications and door schematics for custom projects 92GB Dumped PoC\u2026”, “discovered”: “2025-07-06 11:54:21.557006”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “handala”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/26312a76a085196cbb9cf41a89ba2a5b.png”, “url”: “https:\/\/www.ransomware.live\/id\/RnJlZWRvbSBXb29kIERvb3JzIEx0ZEBoYW5kYWxh”, “victim”: “Freedom Wood Doors Ltd” }, { “activity”: “Consumer Services”, “attackdate”: “2025-07-06 11:09:54.842307”, “claim_url”: “http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=db1mri0OAb6e9J”, “country”: “US”, “description”: “United States”, “discovered”: “2025-07-06 11:10:44.225764”, “domain”: “www.whimhospitality.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/9d4475008c2ffbe8821debabc06cbba3.png”, “url”: “https:\/\/www.ransomware.live\/id\/V2hpbSBIb3NwaXRhbGl0eUBwbGF5”, “victim”: “Whim Hospitality” }, { “activity”: “Healthcare”, “attackdate”: “2025-07-06 03:06:38.615281”, “claim_url”: “http:\/\/novatd4577pzlvdyy42slydhrhru7fpcflbbxlajcmbfrgzyeis6d3id.onion\/eurofins”, “country”: “FR”, “description”: “Eurofins Scientific is a global network of life sciences companies that offers a comprehensive range of analytical testing services to clients across various industries. The organization is recognized as a world leader in areas such as food, environmental, pharmaceutical, and cosmetic product testing…”, “discovered”: “2025-07-06 03:06:43.406613”, “domain”: “eurofins.fr”, “duplicates”: [], “extrainfos”: { “data_size”: “300 GB” }, “group”: “nova”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Generic Stealer”: 1, “Lumma”: 7, “Raccoon”: 10, “RedLine”: 10, “Vidar”: 1 }, “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-06 09:02:57”, “users”: 16, “users_url”: 8 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a06151d63920b104be5db1424f5db9ff.png”, “url”: “https:\/\/www.ransomware.live\/id\/RXVyb2ZpbnNAbm92YQ==”, “victim”: “Eurofins” }, { “activity”: “Healthcare”, “attackdate”: “2025-07-06 00:00:00.000000”, “claim_url”: “http:\/\/tzhwmgguyxrg6q3tu4q3gvopcjynrhw6ryx2bdl5ghisdkyunfua5xyd.onion\/blog\/3483b78af6ee44881238e7fc60509b54c0e83edce7687f606c2682e60ab9b981\/”, “country”: “ID”, “description”: “Klinik Dr. Indrajana”, “discovered”: “2025-07-06 02:11:10.161059”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “satanlockv2”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/839fa7a2c2633d7b1916b56309ff1b80.png”, “url”: “https:\/\/www.ransomware.live\/id\/aHR0cHM6Ly9rbGluaWtkcmluZHJhamFuYS5jb20vQHNhdGFubG9ja3Yy”, “victim”: “https:\/\/klinikdrindrajana.com\/” }, { “activity”: “Not Found”, “attackdate”: “2025-07-05 21:43:29.933074”, “claim_url”: “http:\/\/wugurgyscp5rxpihef5vl6b6m5ont3b6sezhl7boboso2enib2k3q6qd.onion#hong-kong-victim”, “country”: “HK”, “description”: “(To be disclosed)…”, “discovered”: “2025-07-05 21:43:54.540276”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “devman”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/6e764c470206e7a5aa4c6d2f323a0aed.png”, “url”: “https:\/\/www.ransomware.live\/id\/SG9uZyBLb25nIFZpY3RpbUBkZXZtYW4=”, “victim”: “Hong Kong Victim” }, { “activity”: “Construction”, “attackdate”: “2025-07-05 21:43:01.510902”, “claim_url”: “http:\/\/wugurgyscp5rxpihef5vl6b6m5ont3b6sezhl7boboso2enib2k3q6qd.onion#china-harbour-engineering-company”, “country”: “CN”, “description”: “450000 USD”, “discovered”: “2025-07-05 21:43:26.975263”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “devman”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/bd27c7140ced15a9bfc17057b394ab20.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q2hpbmEgSGFyYm91ciBFbmdpbmVlcmluZyBDb21wYW55QGRldm1hbg==”, “victim”: “China Harbour Engineering Company” }, { “activity”: “Not Found”, “attackdate”: “2025-07-05 21:42:30.684435”, “claim_url”: “http:\/\/wugurgyscp5rxpihef5vl6b6m5ont3b6sezhl7boboso2enib2k3q6qd.onion#tbd-hong-kong”, “country”: “HK”, “description”: “TBD…”, “discovered”: “2025-07-05 21:42:54.764368”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “devman”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/6c90687edd9bf851728114c1170f39aa.png”, “url”: “https:\/\/www.ransomware.live\/id\/VEJEIEhPTkcgS09OR0BkZXZtYW4=”, “victim”: “TBD HONG KONG” }, { “activity”: “Not Found”, “attackdate”: “2025-07-05 21:42:02.516747”, “claim_url”: “http:\/\/wugurgyscp5rxpihef5vl6b6m5ont3b6sezhl7boboso2enib2k3q6qd.onion#cglbcom”, “country”: “”, “description”: “1000000 USD”, “discovered”: “2025-07-05 21:42:26.188427”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “devman”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/1b2c64bbdec97356bd5f18036e2dbd51.png”, “url”: “https:\/\/www.ransomware.live\/id\/YyoqKipnbCpiKi5jb21AZGV2bWFu”, “victim”: “c****gl*b*.com” }, { “activity”: “Technology”, “attackdate”: “2025-07-05 21:41:35.642054”, “claim_url”: “http:\/\/wugurgyscp5rxpihef5vl6b6m5ont3b6sezhl7boboso2enib2k3q6qd.onion#takachihocojp”, “country”: “JP”, “description”: “1000000 USD”, “discovered”: “2025-07-05 21:42:00.529264”, “domain”: “takachiho.co.jp”, “duplicates”: [], “extrainfos”: [], “group”: “devman”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-05 21:41:17”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/693d5e13820c2c08189f1216c51633c3.png”, “url”: “https:\/\/www.ransomware.live\/id\/dGFrYWNoaWhvLmNvLmpwQGRldm1hbg==”, “victim”: “takachiho.co.jp” }, { “activity”: “Technology”, “attackdate”: “2025-07-05 21:40:49.243055”, “claim_url”: “http:\/\/wugurgyscp5rxpihef5vl6b6m5ont3b6sezhl7boboso2enib2k3q6qd.onion#elemateccom”, “country”: “JP”, “description”: “10000000 USD”, “discovered”: “2025-07-05 21:41:13.723923”, “domain”: “elematec.com”, “duplicates”: [], “extrainfos”: [], “group”: “devman”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-05 21:40:31”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/40aa32793d932e7e9da52ac4ba1e7917.png”, “url”: “https:\/\/www.ransomware.live\/id\/ZWxlbWF0ZWMuY29tQGRldm1hbg==”, “victim”: “elematec.com” }, { “activity”: “Technology”, “attackdate”: “2025-07-05 21:40:03.077847”, “claim_url”: “http:\/\/wugurgyscp5rxpihef5vl6b6m5ont3b6sezhl7boboso2enib2k3q6qd.onion#goteccom”, “country”: “CH”, “description”: “6450000 USD”, “discovered”: “2025-07-05 21:40:27.155691”, “domain”: “gotec.com”, “duplicates”: [], “extrainfos”: [], “group”: “devman”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-05 21:39:44”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/2315f9a77e4f7d5f57a8130f697c64c7.png”, “url”: “https:\/\/www.ransomware.live\/id\/Z290ZWMuY29tQGRldm1hbg==”, “victim”: “gotec.com” }, { “activity”: “Not Found”, “attackdate”: “2025-07-05 14:41:04.000000”, “claim_url”: “http:\/\/arcuufpr5xxbbkin4mlidt7itmr6znlppk63jbtkeguuhszmc5g7qdyd.onion\/?p=513”, “country”: “MX”, “description”: “rgmexico.com.mx\nRG Mexico, 30 years of providing peace of mind and security in: We have a s\u2026”, “discovered”: “2025-07-05 16:14:01.938059”, “domain”: “rgmexico.com.mx”, “duplicates”: [], “extrainfos”: [], “group”: “arcusmedia”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-05 19:28:44”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/ba8097cf1a5673d2a7f935832a49ea20.png”, “url”: “https:\/\/www.ransomware.live\/id\/UkcgTWV4aWNvQGFyY3VzbWVkaWE=”, “victim”: “RG Mexico” }, { “activity”: “Not Found”, “attackdate”: “2025-07-05 14:40:54.000000”, “claim_url”: “http:\/\/arcuufpr5xxbbkin4mlidt7itmr6znlppk63jbtkeguuhszmc5g7qdyd.onion\/?p=515”, “country”: “”, “description”: “bdgroup.com.bd\nToday, BD Group products are a household name in Bangladesh and enjoyed by o\u2026”, “discovered”: “2025-07-05 16:14:34.644493”, “domain”: “bdgroup.com.bd”, “duplicates”: [], “extrainfos”: [], “group”: “arcusmedia”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-05 19:28:19”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/edafd0fc73cafbce59d336047e06f0db.png”, “url”: “https:\/\/www.ransomware.live\/id\/QkQgR3JvdXBAYXJjdXNtZWRpYQ==”, “victim”: “BD Group” }, { “activity”: “Technology”, “attackdate”: “2025-07-05 14:40:41.000000”, “claim_url”: “http:\/\/arcuufpr5xxbbkin4mlidt7itmr6znlppk63jbtkeguuhszmc5g7qdyd.onion\/?p=517”, “country”: “CA”, “description”: “assetlabs.com\nStreamline365 provides a data intelligence platform designed to transform inv\u2026”, “discovered”: “2025-07-05 16:15:03.496762”, “domain”: “assetlabs.com”, “duplicates”: [], “extrainfos”: [], “group”: “arcusmedia”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-05 19:27:40”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/df9c37aa7f14bece22dc43c6f4c6f06c.png”, “url”: “https:\/\/www.ransomware.live\/id\/QXNzZXRsYWJzQGFyY3VzbWVkaWE=”, “victim”: “Assetlabs” }, { “activity”: “Agriculture and Food Production”, “attackdate”: “2025-07-05 13:07:35.356756”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=ac195db9-3752-4efb-b115-5c2ae11e58d3”, “country”: “US”, “description”: “Silver Lining Herbs specializes in herbal supplements for horses, dogs, and humans, providing natural health products aimed at enhancing the well-being of both pets and their owners. Their range includes various formulations that address health needs such as immune support, joint health, and digestive function. The company is family-owned and has over 25 years of experience in promoting animal health and performance. With a focus on education and optimal care, they offer product bundles designed to ensure the wellness of all family members, including pets.”, “discovered”: “2025-07-05 13:55:53.690740”, “domain”: “www.silverliningherbs.com”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/c86d2f8b6e514c1d4e9d0ccee5a23af5.png”, “url”: “https:\/\/www.ransomware.live\/id\/U2lsdmVyIExpbmluZyBIZXJic0BkcmFnb25mb3JjZQ==”, “victim”: “Silver Lining Herbs” }, { “activity”: “Not Found”, “attackdate”: “2025-07-05 00:00:00.000000”, “claim_url”: “http:\/\/flock4cvoeqm4c62gyohvmncx6ck2e7ugvyqgyxqtrumklhd5ptwzpqd.onion\/?p=465”, “country”: “”, “description”: “The Board Of S******h S**w LLP You Operate one of the world\u2019s largest firms With approximately 900 lawyers across 18 [\u2026]”, “discovered”: “2025-07-05 09:46:58.100592”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “flocker”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/cf2047b8c04d66311391765f062a7bb0.png”, “url”: “https:\/\/www.ransomware.live\/id\/UyoqKioqKmguY29tQGZsb2NrZXI=”, “victim”: “S******h.com” }, { “activity”: “Construction”, “attackdate”: “2025-07-04 23:12:54.362085”, “claim_url”: “http:\/\/ebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion\/leaks.phphttp:\/\/fe3klmmbb7upoybd45ayjkxebqxaxukleu2w56kgo67rcnrxlalrxdad.onion\/index.php?p=”, “country”: “US”, “description”: “Your Building Centers (YBC) is a Pennsylvania-based company with 14 locations throughout Central Pennsylvania. For generations, they have been supplying contractors, builders, remodelers and amateur enthusiasts with name brand building materials. With roots dating back to the early 1900s, YBC and its predecessor companies have created a legacy deeply connected to the communities they serve. Their commitment goes beyond selling materials – they have become the backbone of local neighborhoods, growing with the people and businesses they support. Moving forward, they remain focused on maintaining that connection in the 21st century.”, “discovered”: “2025-07-04 23:13:21.944855”, “domain”: “ybconline.com”, “duplicates”: [], “extrainfos”: [], “group”: “interlock”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-04 23:12:37”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/d1c989ddc5065487db523801402640c8.png”, “url”: “https:\/\/www.ransomware.live\/id\/WW91ciBCdWlsZGluZyBDZW50ZXJzQGludGVybG9jaw==”, “victim”: “Your Building Centers” }, { “activity”: “Public Sector”, “attackdate”: “2025-07-04 18:30:00.000000”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/68653213ba689080139d80d9”, “country”: “US”, “description”: “Gardendale Fire and Rescue is currently providing services to our community with a roster consisting of a fulltime Fire Chief, Fire Marshal and eighteen (18) Fire\/Medics. The Department provides all fire, medical ALS [Advance Life Support] and various technical services to our community of approximately 50 square miles. The Department currently operates out of Fire Station #1 located at 1811 Decatur Highway. Fire Department administrators and city officials are working towards the construction of two additional satellite stations in the western and eastern areas of the city to cover the growing number of new subdivisions and businesses we are experiencing. Through the dedication, knowledge and experience within our department staff, we feel we can provide the citizens and patrons of Gardendale with the finest protection, best services, and the highest quality of life possible.Revenue: $5 Million\r Employees: 91\r Industry: Government\r Downloaded: 45GB\r Phone Number:(205) 631-8789”, “discovered”: “2025-07-04 18:48:17.086464”, “domain”: “cityofgardendale.com”, “duplicates”: [], “extrainfos”: [], “group”: “incransom”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-04 18:47:30”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/46601b965fdb40198eabf54a55b16703.png”, “url”: “https:\/\/www.ransomware.live\/id\/Y2l0eW9mZ2FyZGVuZGFsZS5jb21AaW5jcmFuc29t”, “victim”: “cityofgardendale.com” }, { “activity”: “Telecommunication”, “attackdate”: “2025-07-04 09:05:45.415479”, “claim_url”: “http:\/\/imncrewwfkbjkhr2oylerfm5qtbzfphhmpcfag43xc2kfgvluqtlgoid.onion\/files\/data\/apn.com.zip”, “country”: “”, “description”: “Asia Pacific Network is a Texas-based, Premier Provider of VoIP services to the US and all major continents around the globe. We utilize Tier-1 Carriers and a top-of-the-line, carrier-grade setup to provide consistent and reliable service to our customers connecting through our facility in One Wilshire Building, in the high-tech heart of downtown Los Angeles, CA, where over 220 carriers are similarly housed. We also have offices and representatives in the Philippines to better cater to the booming Call Center industry in the country.”, “discovered”: “2025-07-04 09:05:49.481747”, “domain”: “Apntelecom.com”, “duplicates”: [], “extrainfos”: [], “group”: “IMNCrew”, “infostealer”: “”, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/QXBudGVsZWNvbS5jb21ASU1OQ3Jldw==”, “victim”: “Apntelecom.com” }, { “activity”: “Not Found”, “attackdate”: “2025-07-04 07:47:02.043780”, “claim_url”: “https:\/\/handala-hack.to\/niflaot-hatzuna-ltd-hacked\/”, “country”: “IL”, “description”: “Niflaot Hatzuna Ltd Hacked They called it just catering. Food service. Logistics. A contractor with clean paperwork. But now the silence has cracked. Niflaot Hatzuna Ltd. the company trusted to feed government buildings, detention centers, and quiet facilities with no nameplates , has been compromised. The data is out: procurement orders, delivery logs, staff lists,\u2026”, “discovered”: “2025-07-04 07:47:29.008752”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “handala”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/2b49720ee3300628a767511525d12107.png”, “url”: “https:\/\/www.ransomware.live\/id\/TmlmbGFvdCBIYXR6dW5hIEx0ZEBoYW5kYWxh”, “victim”: “Niflaot Hatzuna Ltd” }, { “activity”: “Education”, “attackdate”: “2025-07-04 01:01:00.000000”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/6865c1dcba68908013a563b2”, “country”: “US”, “description”: “C.B. King Memorial School, Inc. is a private, nonprofit agency that provides services to persons with developmental delays or disabilities. “, “discovered”: “2025-07-04 01:25:32.189377”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “incransom”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/74934bbbe5fe98bd5df47c1bd5112a8e.png”, “url”: “https:\/\/www.ransomware.live\/id\/QyBCIEtpbmcgTWVtb3JpYWwgU2Nob29sKGJyYW5jaClAaW5jcmFuc29t”, “victim”: “C B King Memorial School(branch)” }, { “activity”: “Not Found”, “attackdate”: “2025-07-04 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=3e86deef-c8fb-3fa0-b5c4-a6cdabd6a606”, “country”: “GB”, “description”: “We are a Manchester-based, proven property investment specialist with a 20-year history in the property investment business. We specialise in identifying and sourcing high-yield property investments for clients across the UK and overseas. Our …”, “discovered”: “2025-07-04 10:06:51.168192”, “domain”: “knightknox.com”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Azorult”: 4, “RedLine”: 10, “StealC”: 2, “Vidar”: 6 }, “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-04 10:06:03”, “users”: 11, “users_url”: 2 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a2f49f260f21d9a7d185bec37739a03c.png”, “url”: “https:\/\/www.ransomware.live\/id\/a25pZ2h0a25veEBxaWxpbg==”, “victim”: “knightknox” }, { “activity”: “Hospitality and Tourism”, “attackdate”: “2025-07-04 00:00:00.000000”, “claim_url”: “”, “country”: “US”, “description”: “DKN Hotels is a leading hotel and hospitality management company,\noffering comprehensive hotel management services.\n\nWe are ready to upload more than 30 GB of corporate documents. Nu\nmerous financial files, confidentiality agreements, personal docu\nments and other personal data (DOB, address, driver license and s\no on), lots of project docs, etc.\n”, “discovered”: “2025-07-04 15:10:17.441598”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/REtOIEhvdGVsc0Bha2lyYQ==”, “victim”: “DKN Hotels” }, { “activity”: “Not Found”, “attackdate”: “2025-07-04 00:00:00.000000”, “claim_url”: “”, “country”: “US”, “description”: “Corinthian Media is a service-driven, results-oriented media buyi\nng and planning company.\n\nWe are ready to upload more than 7 GB of corporate documents. Det\nailed financial data, credit card scans, personal documents scans\n, medical information, NDAs, etc.\n”, “discovered”: “2025-07-04 15:10:21.412985”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Q29yaW50aGlhbiBNZWRpYUBha2lyYQ==”, “victim”: “Corinthian Media” }, { “activity”: “Not Found”, “attackdate”: “2025-07-04 00:00:00.000000”, “claim_url”: “http:\/\/tzhwmgguyxrg6q3tu4q3gvopcjynrhw6ryx2bdl5ghisdkyunfua5xyd.onion\/blog\/4821b80070a6e4cec911a0f632e4702e30d7342375f19a0ad50809abd1ebc631\/”, “country”: “IT”, “description”: “Viggiani\u202fBullone\u202fGirardi”, “discovered”: “2025-07-04 21:53:45.728452”, “domain”: “studionotarile.com”, “duplicates”: [], “extrainfos”: [], “group”: “satanlockv2”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-04 21:53:02”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f3dff5dc8eded39508a9b7ec7d37b2a3.png”, “url”: “https:\/\/www.ransomware.live\/id\/c3R1ZGlvbm90YXJpbGUuY29tQHNhdGFubG9ja3Yy”, “victim”: “studionotarile.com” }, { “activity”: “Education”, “attackdate”: “2025-07-04 00:00:00.000000”, “claim_url”: “http:\/\/tzhwmgguyxrg6q3tu4q3gvopcjynrhw6ryx2bdl5ghisdkyunfua5xyd.onion\/blog\/8e727d2c25e6977f456254dcd8be14b8586951d2816d3ef3d8afb06b1de3f3ad\/”, “country”: “TH”, “description”: “fkk.ac.th”, “discovered”: “2025-07-04 21:54:59.426541”, “domain”: “fkk.ac.th”, “duplicates”: [], “extrainfos”: [], “group”: “satanlockv2”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-04 21:54:16”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/ee1c4bac5b95e73c5d2b867f3259bd5a.png”, “url”: “https:\/\/www.ransomware.live\/id\/ZmtrLmFjLnRoQHNhdGFubG9ja3Yy”, “victim”: “fkk.ac.th” }, { “activity”: “Healthcare”, “attackdate”: “2025-07-03 22:22:07.582091”, “claim_url”: “http:\/\/ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion\/news\/arlingtonohw”, “country”: “US”, “description”: “[AI generated] N\/A”, “discovered”: “2025-07-03 22:22:36.842968”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “everest”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/75c98fd5248fe467c46c070cb0fd576f.png”, “url”: “https:\/\/www.ransomware.live\/id\/QXJsaW5ndG9uIE9jY3VwYXRpb25hbCBIZWFsdGggYW5kIFdlbGxuZXNzIC0gRnVsbCBsZWFrIHB1Ymxpc2hlZEBldmVyZXN0”, “victim”: “Arlington Occupational Health and Wellness – Full leak published” }, { “activity”: “Healthcare”, “attackdate”: “2025-07-03 22:21:31.846813”, “claim_url”: “http:\/\/ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion\/news\/avanticmedicallab”, “country”: “”, “description”: “[AI generated] N\/A”, “discovered”: “2025-07-03 22:22:04.578024”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “everest”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/04f78ee68689179fe887716f38d262ab.png”, “url”: “https:\/\/www.ransomware.live\/id\/QXZhbnRpYyBNZWRpY2FsIExhYiAtIEZ1bGwgbGVhayBwdWJsaXNoZWRAZXZlcmVzdA==”, “victim”: “Avantic Medical Lab – Full leak published” }, { “activity”: “Public Sector”, “attackdate”: “2025-07-03 16:24:34.000000”, “claim_url”: “http:\/\/xfv4jzckytb4g3ckwemcny3ihv4i5p4lqzdpi624cxisu35my5fwi5qd.onion\/detail?id=093c08d4751eb7e8886bcecfd65e90b7”, “country”: “US”, “description”: “The Prosecuting Attorneys’ Council of Georgia (PAC) The Prosecuting Attorneys’ Council of Georgia (PAC) is the overarching judicial branch government agency supporting Georgia prosecutors and their staff.”, “discovered”: “2025-07-06 10:38:02.364470”, “domain”: “pacga.org”, “duplicates”: [], “extrainfos”: { “ransom”: 500000 }, “group”: “medusa”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Lumma”: 4 }, “thirdparties”: 1, “thirdparties_domain”: 1, “update”: “2025-07-06 10:43:59”, “users”: 2, “users_url”: 2 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a62b4feb7241d551417369201e1e7784.png”, “url”: “https:\/\/www.ransomware.live\/id\/UHJvc2VjdXRpbmcgQXR0b3JuZXlzJyBDb3VuY2lsIG9mIEdlb3JnaWFAbWVkdXNh”, “victim”: “Prosecuting Attorneys’ Council of Georgia” }, { “activity”: “Construction”, “attackdate”: “2025-07-03 15:22:14.817408”, “claim_url”: “http:\/\/k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion\/topic.php?id=1qyGcWRjsObWxv”, “country”: “US”, “description”: “United States”, “discovered”: “2025-07-03 15:22:40.387691”, “domain”: “www.jfcelectric.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/0c88c108a6b1b92fbd29050373d38faf.png”, “url”: “https:\/\/www.ransomware.live\/id\/SkZDIEVsZWN0cmljQHBsYXk=”, “victim”: “JFC Electric” }, { “activity”: “Not Found”, “attackdate”: “2025-07-03 15:21:47.983495”, “claim_url”: “http:\/\/j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion\/topic.php?id=sbg9NZdYpkwo3n”, “country”: “CA”, “description”: “Canada”, “discovered”: “2025-07-03 15:22:12.566693”, “domain”: “www.metricss.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “modifications”: [ { “date”: “2025-07-03 20:56:17”, “description”: “Update country” } ], “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/087283ce6b2c6a5abc7b534c5dfbb55e.png”, “url”: “https:\/\/www.ransomware.live\/id\/TWV0cmljQHBsYXk=”, “victim”: “Metric” }, { “activity”: “Agriculture and Food Production”, “attackdate”: “2025-07-03 15:20:57.784455”, “claim_url”: “http:\/\/j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion\/topic.php?id=lJtJmKABwI2ILG”, “country”: “CA”, “description”: “Canada”, “discovered”: “2025-07-03 15:21:21.168799”, “domain”: “www.biofloral.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “modifications”: [ { “date”: “2025-07-03 20:56:01”, “description”: “Update country” } ], “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/67920ce557e8766041ad6dd4f737919c.png”, “url”: “https:\/\/www.ransomware.live\/id\/QmlvZmxvcmFsQHBsYXk=”, “victim”: “Biofloral” }, { “activity”: “Construction”, “attackdate”: “2025-07-03 15:20:32.330987”, “claim_url”: “http:\/\/j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion\/topic.php?id=8w5RpDBolKjSRa”, “country”: “US”, “description”: “United States”, “discovered”: “2025-07-03 15:20:55.957285”, “domain”: “www.lydig.com”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/453ad52bbf4816b79f263c81f9b52ae2.png”, “url”: “https:\/\/www.ransomware.live\/id\/THlkaWcgQ29uc3RydWN0aW9uQHBsYXk=”, “victim”: “Lydig Construction” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2025-07-03 14:09:59.618108”, “claim_url”: “”, “country”: “CA”, “description”: “Del Corona & Scardigli Canada provides a variety of log\nistics services for all your import, export and triangu\nlar shipments: air, sea and land transport, warehousing\nand distribution, etc.\n\nHere is the access to 15 GB of corporate data. Employee\ninformation (DOB, address, phones and so on), financia\nl data (audits, payment details, reports), lots of clie\nnt data, correspondence, contracts and agreements, NDAs\n, etc.\n\nWe have made the process of downloading company data as\nsimple as possible for our users. All you need is any \ntorrent client (like Vuze, Utorrent, qBittorrent or Tra\nnsmission to use magnet links). You will find the torre\nnt file above.\n\n Open uTorrent, or any another torrent client.\n Add torrent file or paste the magnet URL to upload \nthe data safely.\n Archives have no password.\n\nMAGNET URL:\nmagnet:?xt=urn:btih:314DD13DD910EF4D32E93768FE9F4010DF9\n3DC3A&dn=dcscanada.com&tr=udp:\/\/tracker.openbittorrent.\ncom:80\/announce&tr=udp:\/\/tracker.opentrackr.org:1337\/an\nnounce\n”, “discovered”: “2025-07-03 14:10:02.182927”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “akira”, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/RGVsIENvcm9uYSAmU2NhcmRpZ2xpIENhbmFkYUBha2lyYQ==”, “victim”: “Del Corona &Scardigli Canada” }, { “activity”: “Public Sector”, “attackdate”: “2025-07-03 13:09:33.955822”, “claim_url”: “http:\/\/leak7y2247fj7dbb35rpfyxuyaqtwbshiwxp6h35ttzlhrxmhvi4fead.onion\/ramajudicial”, “country”: “CO”, “description”: “The University of Zagreb Faculty of Science (Croatian: Prirodoslovno-matemati\u010dki fakultet, PMF) is a prominent faculty within the University of Zagreb, Croatia, dedicated to education…”, “discovered”: “2025-07-03 13:09:36.350361”, “domain”: “”, “duplicates”: [], “extrainfos”: [], “group”: “nova”, “screenshot”: “https:\/\/images.ransomware.live\/victims\/085518f168b5eab3deb13bb234c730ea.png”, “url”: “https:\/\/www.ransomware.live\/id\/UmFtYSBqdWRpY2lhbCBjb2xvbWJpYUBub3Zh”, “victim”: “Rama judicial colombia” }, { “activity”: “Not Found”, “attackdate”: “2025-07-03 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=ba0cbc8a-c70a-3f76-9665-72ac1623cc27”, “country”: “JP”, “description”: “Cenomi Retail, founded in 1990, is a retail company specializing in sports merchandise and equipment. With operations across North America, the Middle East, Africa, and Asia, the company offers both business-to-business and direct-to-consumer …”, “discovered”: “2025-07-03 15:23:39.460319”, “domain”: “www.cenomiretail.com\/sa-en\/contact-us”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/08402e6f21c88abb0af64fe2a87bbd78.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q2Vub21pIFJldGFpbEBxaWxpbg==”, “victim”: “Cenomi Retail” }, { “activity”: “Technology”, “attackdate”: “2025-07-03 00:00:00.000000”, “claim_url”: “http:\/\/5butbkrljkaorg5maepuca25oma7eiwo6a2rlhvkblb4v6mf3ki2ovid.onion\/companies\/78\/universal-software-solutions”, “country”: “US”, “description”: “About UsAt Universal Software Solutions, we are passionate about revolutionizing the way healthcare professionals manage infusion therapy. Our mission is to streamline and enhance the infusion process, ensuring patients receive the best possible care with the utmost efficiency and safety.Who We AreFounded in 2000, Universal Software Solutions is a leader in infusion software solutions, dedicated to transforming healthcare delivery through innovative technology.Our team of experts combines extensive experience in software development, healthcare, and infusion therapy to create cutting-edge solutions that address the complex\u00a0 challenges faced by clinicians and patients alike.What We DoOur flagship product, Healthcare Data Management System (HDMS), is designed to simplify and automate the infusion software and HME\/DME software workflows.With features like automated processes and customizable features, our software enhances accuracy and supports better clinical decision-making. By leveraging advanced technology and user-friendly design, we make it easier for healthcare professionals to focus on what matters most: patient care.Our ValuesInnovation: We are committed to pushing the boundaries of technology to provide cutting-edge solutions that address the evolving needs of the healthcare industry.Collaboration: We believe in working closely with our clients and partners to understand their needs and deliver solutions that exceed their expectations.Excellence: We strive for excellence in everything we do, from product development to customer service, ensuring that our solutions are reliable, efficient, and effective.Why Choose Us?Expertise: Our team brings together a wealth of knowledge in both software development and healthcare, ensuring that our solutions are not only technologically advanced but also clinically relevant.Customer-Centric Approach: We prioritize the needs of our clients, offering personalized support and tailored solutions that address specific challenges and requirements.Commitment to Quality: We adhere to rigorous quality assurance processes to ensure our products are reliable, secure, and meet the highest industry standards.–SQL DB ( including information about end customers: name, surname, date of birth, address, insurance number, telephone, etc. )-Personal information of employees and clients-Documents-Other files https:\/\/universalss.com\/”, “discovered”: “2025-07-04 08:06:14.457997”, “domain”: “universalss.com”, “duplicates”: [], “extrainfos”: [], “group”: “spacebears”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-03 08:10:37”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/ffef5426f04b02234e975057c536fa9e.png”, “url”: “https:\/\/www.ransomware.live\/id\/VW5pdmVyc2FsIFNvZnR3YXJlIFNvbHV0aW9uc0BzcGFjZWJlYXJz”, “victim”: “Universal Software Solutions” }, { “activity”: “Financial Services”, “attackdate”: “2025-07-02 20:01:11.972000”, “claim_url”: “http:\/\/sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion\/leaks\/68659007287910412f2e3d6e”, “country”: “US”, “description”: “Hana Financial, Inc. is a premier specialty commercial finance company based in the United States, focused on providing factoring, asset-based lending, and SBA lending services. Founded in 1994, it ranks among the top ten largest factoring companies in the U.S. and is one of the most active SBA 7(a) lenders nationwide. The company serves a diverse range of clients, offering trade finance and transportation finance solutions tailored to their needs. With over $1.5 billion in annual factoring volume and loan originations, Hana Financial exemplifies a commitment to supporting businesses through innovative financial services.”, “discovered”: “2025-07-05 19:23:41.921881”, “domain”: “www.hanafinancial.com”, “duplicates”: [], “extrainfos”: [], “group”: “sinobi”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/80c599ce0b784e2c47b5b6f3d37449f1.png”, “url”: “https:\/\/www.ransomware.live\/id\/SGFuYSBGaW5hbmNpYWxAc2lub2Jp”, “victim”: “Hana Financial” }, { “activity”: “Not Found”, “attackdate”: “2025-07-02 08:45:13.823770”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=bec9e701-5704-4bab-8e54-39ac7f4571a7”, “country”: “AU”, “description”: “Cahill Seeds is one of the largest seed growers in eastern Montana, established in 1996. The company specializes in identifying, testing, and multiplying seed genetics to support growers and processors. They offer a wide variety of seeds including wheat, peas, lentils, chickpeas, canola, and various forage crops. Cahill Seeds serves clients across eastern Montana, other states, and Canada, working closely with plant breeders to deliver optimal seed solutions.”, “discovered”: “2025-07-07 23:19:19.540436”, “domain”: “www.cahillseeds.com”, “duplicates”: [], “extrainfos”: [], “group”: “dragonforce”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/bcf7f21777b9f337f5eaa153c4207050.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q2FoaWxsIFNlZWRzQGRyYWdvbmZvcmNl”, “victim”: “Cahill Seeds” }, { “activity”: “Not Found”, “attackdate”: “2025-07-02 00:00:00.000000”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/view?uuid=9cc8ca9a-2888-342e-a549-0d136951b1aa”, “country”: “”, “description”: “Punta del Agua is a family-owned dairy company with over 55 years of experience in producing high-quality dairy products. Their extensive product range includes various cheeses, butter, dulce de leche, and powdered milk, all made from premium …”, “discovered”: “2025-07-03 22:40:24.577357”, “domain”: “www.puntadelagua.com.ar”, “duplicates”: [], “extrainfos”: [], “group”: “qilin”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/d20e262a6516c9cdeeb0227f1208f0e6.png”, “url”: “https:\/\/www.ransomware.live\/id\/UHVudGEgRGVsIEFndWFAcWlsaW4=”, “victim”: “Punta Del Agua” }, { “activity”: “Healthcare”, “attackdate”: “2025-07-01 09:05:37.000000”, “claim_url”: “http:\/\/xfv4jzckytb4g3ckwemcny3ihv4i5p4lqzdpi624cxisu35my5fwi5qd.onion\/detail?id=08dc8202f9da7332fd12d1cac28ed5db”, “country”: “US”, “description”: “Sermo is an exclusive online community for licensed physicians, offering a platform for peer-to-peer collaboration, medical crowdsourcing, and real-time discussion of clinical cases. Sermo provides healthcare professionals with tools to connect globally, share insights, and improve patient care through collective knowledge.\nSermo’s corporate office is located at 3 Times Square, 12th Floor, New York, NY 10036, United States, and has 450+ employees.”, “discovered”: “2025-07-06 10:38:30.432805”, “domain”: “sermo.com”, “duplicates”: [], “extrainfos”: { “ransom”: 500000 }, “group”: “medusa”, “infostealer”: { “employees”: 0, “employees_url”: 0, “thirdparties”: 0, “update”: “2024-04-09 17:15:30”, “users”: 536, “users_url”: 38 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/c06329a31a41782cc8ed7bc34e329479.png”, “url”: “https:\/\/www.ransomware.live\/id\/U2VybW9AbWVkdXNh”, “victim”: “Sermo” }, { “activity”: “Not Found”, “attackdate”: “2025-06-30 00:00:00.000000”, “claim_url”: “http:\/\/flock4cvoeqm4c62gyohvmncx6ck2e7ugvyqgyxqtrumklhd5ptwzpqd.onion\/?p=460”, “country”: “KY”, “description”: “To The Board Of Interior Design Group As the Cayman Islands longest-standing interior design company, IDG has a long history”, “discovered”: “2025-07-07 21:46:52.397829”, “domain”: “Idgcayman.com”, “duplicates”: [], “extrainfos”: [], “group”: “flocker”, “infostealer”: “”, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/de190fdc69befbe77b7737c6f7578efc.png”, “url”: “https:\/\/www.ransomware.live\/id\/SWRnY2F5bWFuLmNvbUBmbG9ja2Vy”, “victim”: “Idgcayman.com” }, { “activity”: “Healthcare”, “attackdate”: “2025-06-27 15:58:01.000000”, “claim_url”: “http:\/\/xfv4jzckytb4g3ckwemcny3ihv4i5p4lqzdpi624cxisu35my5fwi5qd.onion\/detail?id=6579b5dcf61746b7759b766166332400”, “country”: “US”, “description”: “Founded in 1996, Southwest CARE Center (SCC) is well known as a center of excellence for the care and treatment of people living with HIV in New Mexico. SCC is the largest provider of treatment for people living with Hepatitis C in northern New Mexico. SCC is also the largest clinical research site in New Mexico for studies of new treatments for both HIV and Hepatitis C. In September of 2015 SCC opened its doors in Albuquerque providing the same high standard of HIV care SCC is known for. Southwest CARE Center’s focus is to provide a compassionate, patient-centered environment where everyone can feel comfortable and respected while receiving the highest quality health care available.\ncompany is headquartered in 901 W Alameda Street Santa Fe, NM 87501. The total amount of data leakage is 143.9 GB”, “discovered”: “2025-07-06 10:38:57.788951”, “domain”: “southwestcare.org”, “duplicates”: [], “extrainfos”: { “ransom”: 200000 }, “group”: “medusa”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-06 10:43:04”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/ce2ba1c61e4734cc7e87fd8e4cd3d23d.png”, “url”: “https:\/\/www.ransomware.live\/id\/U291dGh3ZXN0IENBUkUgQ2VudGVyQG1lZHVzYQ==”, “victim”: “Southwest CARE Center” }, { “activity”: “Not Found”, “attackdate”: “2025-06-27 08:18:00.000000”, “claim_url”: “https:\/payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion\/detail_post\/2mI3qv14Gm6K5IcIVqcP”, “country”: “IT”, “description”: “[AI generated] Silent Gliss Italia is a branch of the global company, Silent Gliss, that specialises in the production and distribution of high-quality, innovative window treatments. The Switzerland-based company provides a wide range of products including curtain and blind systems. Silent Gliss Italia follows the parent company’s commitment to exceptional Swiss quality, precision, and careful attention to detail in design.”, “discovered”: “2025-07-07 22:28:47.090805”, “domain”: “silentgliss.it”, “duplicates”: [], “extrainfos”: { “data_size”: “414GB” }, “group”: “payoutsking”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Lumma”: 2, “Raccoon”: 6, “StealC”: 2 }, “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:28:00”, “users”: 4, “users_url”: 6 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/5fda08dc234f68f5bbd6895bdf3cd1d4.png”, “url”: “https:\/\/www.ransomware.live\/id\/U2lsZW50IEdsaXNzIEl0YWxpYUBwYXlvdXRza2luZw==”, “victim”: “Silent Gliss Italia” }, { “activity”: “Healthcare”, “attackdate”: “2025-06-27 08:16:00.000000”, “claim_url”: “https:\/payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion\/detail_post\/YMUjz75x9S7iKQVEoEjd”, “country”: “FR”, “description”: “[AI generated] EvoluPharm is a leading player in the pharmaceutical sector in France. The company offers an innovative model providing solutions and services for pharmacists, including a wide range of generic and specialty pharmaceuticals. They aim to optimize and digitize pharmacies through various management tools, marketing solutions and training. They also emphasize environmentally friendly practices.”, “discovered”: “2025-07-07 22:29:37.627467”, “domain”: “evolupharm.fr”, “duplicates”: [], “extrainfos”: { “data_size”: “858GB” }, “group”: “payoutsking”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Lumma”: 6, “Raccoon”: 4, “RedLine”: 2 }, “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:28:53”, “users”: 6, “users_url”: 7 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/684c850fd3aa126ae6aed935c73f6edd.png”, “url”: “https:\/\/www.ransomware.live\/id\/RXZvbHVQaGFybUBwYXlvdXRza2luZw==”, “victim”: “EvoluPharm” }, { “activity”: “Healthcare”, “attackdate”: “2025-06-27 08:13:00.000000”, “claim_url”: “https:\/payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion\/detail_post\/5p2EHbutxBZj61evrdE1”, “country”: “CA”, “description”: “[AI generated] Bariatix Nutrition is a company specializing in the field of medical nutrition therapy. The company develops and manufactures a wide range of high protein, low carb food products specifically designed to meet the dietary needs of bariatric patients. Their products are clinically tested and used by doctors to help patients lose weight and maintain a healthy lifestyle post-surgery. Their offerings include protein supplements, meal replacements, protein bars, and vitamin and mineral supplements, among others.”, “discovered”: “2025-07-07 22:30:27.931160”, “domain”: “bariatrix.com”, “duplicates”: [], “extrainfos”: { “data_size”: “204GB” }, “group”: “payoutsking”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:29:42”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/92449969f7b2a19a52b2e28e18eb082e.png”, “url”: “https:\/\/www.ransomware.live\/id\/QkFSSUFUUklYIE5VVFJJVElPTkBwYXlvdXRza2luZw==”, “victim”: “BARIATRIX NUTRITION” }, { “activity”: “Manufacturing”, “attackdate”: “2025-06-27 08:09:00.000000”, “claim_url”: “https:\/payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion\/detail_post\/2lrF7AcC1hTdUbUyrIRz”, “country”: “US”, “description”: “[AI generated] Belmont Engineered Plastics is a manufacturing company located in Belmont, Michigan. It specializes in producing high-quality plastic products through injection molding, heavy gauge thermoforming and other complex processes. The firm caters to a wide range of industries, including automotive, medical, consumer products and more. In addition to manufacturing, they also provide design, engineering, and assembly services, ensuring a comprehensive solution for clients.”, “discovered”: “2025-07-07 22:31:20.381839”, “domain”: “beplastics.com”, “duplicates”: [], “extrainfos”: { “data_size”: “850GB” }, “group”: “payoutsking”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:30:33”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/6a3270be6785a8968531f9b47e519f64.png”, “url”: “https:\/\/www.ransomware.live\/id\/QmVsbW9udCBFbmdpbmVlcmVkIFBsYXN0aWNzQHBheW91dHNraW5n”, “victim”: “Belmont Engineered Plastics” }, { “activity”: “Education”, “attackdate”: “2025-06-27 08:05:32.691973”, “claim_url”: “https:\/payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion\/detail_post\/chnYzXRfSeoWiVb49nEg”, “country”: “US”, “description”: “[AI generated] The Institute of Culinary Education (ICE) is a reputable culinary school based in New York City, USA. Founded in 1975, ICE offers a wide range of professional certificate programs in culinary arts, pastry & baking, hospitality management, and culinary technology, among others. The Institute is known for its modern facilities, experienced faculty, and strong industry connections.”, “discovered”: “2025-07-07 22:16:03.422442”, “domain”: “ice.edu”, “duplicates”: [], “extrainfos”: { “data_size”: “1.5TB” }, “group”: “payoutsking”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Azorult”: 22, “Lumma”: 30, “Predator”: 2, “Raccoon”: 18, “RedLine”: 28, “Vidar”: 6 }, “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:15:16”, “users”: 67, “users_url”: 12 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/42b12bd5f09324c4a35620382b5893d6.png”, “url”: “https:\/\/www.ransomware.live\/id\/SW5zdGl0dXRlIG9mIEN1bGluYXJ5IEVkdWNhdGlvbkBwYXlvdXRza2luZw==”, “victim”: “Institute of Culinary Education” }, { “activity”: “Construction”, “attackdate”: “2025-06-27 08:03:26.093338”, “claim_url”: “https:\/payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion\/detail_post\/Zft4JTSjCELxKLjp9JgW”, “country”: “US”, “description”: “[AI generated] CR Architecture + Design is a US-based company that specializes in providing architectural and design solutions. The firm delivers expertise across various sectors including housing, education, hospitality, and government. The team of architects, interior designers, and graphic designers work together, drawing on their different perspectives to create both functional and innovative spaces. They balance aesthetic concerns with practical requirements, ensuring successful project outcomes.”, “discovered”: “2025-07-07 22:16:53.966673”, “domain”: “cr-architects.com”, “duplicates”: [], “extrainfos”: { “data_size”: “2TB” }, “group”: “payoutsking”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:16:08”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/d516e24901e963b2651f00dfb9548871.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q1IgQXJjaGl0ZWN0dXJlICsgRGVzaWduQHBheW91dHNraW5n”, “victim”: “CR Architecture + Design” }, { “activity”: “Manufacturing”, “attackdate”: “2025-06-27 08:00:16.233504”, “claim_url”: “https:\/payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion\/detail_post\/oKY1d9ecPiblLrKXQb8y”, “country”: “DE”, “description”: “[AI generated] KOLBUS is a leading international manufacturer of machines and tools for bookbinders, print shops, and packaging companies. Headquartered in Germany, the company\u2019s innovative solutions include packaging production lines, bookbinding systems, and luxury packaging. Additionally, KOLBUS offers spare parts, conversions, and upgrades services for its machinery. Established in 1775, the company has a rich history and significant experience in the printing and packaging industry.”, “discovered”: “2025-07-07 22:17:44.367882”, “domain”: “kolbus.de”, “duplicates”: [], “extrainfos”: { “data_size”: “6.6TB” }, “group”: “payoutsking”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:16:58”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a682c9cf4cf7046f777c7c1b8771c08e.png”, “url”: “https:\/\/www.ransomware.live\/id\/S09MQlVTQHBheW91dHNraW5n”, “victim”: “KOLBUS” }, { “activity”: “Construction”, “attackdate”: “2025-06-27 07:55:06.000000”, “claim_url”: “https:\/payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion\/detail_post\/Q59jiLNJNmdfh1GLySWC”, “country”: “US”, “description”: “[AI generated] Arch-Con Corporation is a Texas-based general contractor offering construction services for multiple industries. Its expertise spans commercial, industrial, retail, healthcare, hospitality, community, and corporate interiors. Besides traditional construction services, Arch-Con offers pre-construction planning such as feasibility studies, value engineering options, and constructability reviews.”, “discovered”: “2025-07-07 22:18:13.633868”, “domain”: “arch-con.com”, “duplicates”: [ { “attackdate”: “2024-09-13 12:08:06.000000”, “date”: “2025-07-07 22:18:13.707670”, “group”: “hunters”, “link”: “https:\/\/www.ransomware.live\/id\/QXJjaC1Db25AaHVudGVycw==” } ], “extrainfos”: { “data_size”: “2.7TB” }, “group”: “payoutsking”, “infostealer”: { “employees”: 0, “employees_url”: 0, “thirdparties”: 0, “update”: “2024-04-09 17:14:56”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/b1ecb5682e5c67334cc45e065b834fb7.png”, “url”: “https:\/\/www.ransomware.live\/id\/QXJjaC1Db24gQ29ycG9yYXRpb25AcGF5b3V0c2tpbmc=”, “victim”: “Arch-Con Corporation” }, { “activity”: “Education”, “attackdate”: “2025-06-27 07:47:35.871397”, “claim_url”: “https:\/payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion\/detail_post\/9hBxLOOPn1pZxCJ26DuZ”, “country”: “US”, “description”: “[AI generated] Gateway Community, also known as Gateway Community Services, is a non-profit organization based in the U.S. Their mission is to provide comprehensive and effective services for individuals and families affected by addictive diseases, mental health disorders, and homelessness. They offer assistance through education, prevention, treatment, and housing programs.”, “discovered”: “2025-07-07 22:19:02.367544”, “domain”: “gatewaycommunity.com”, “duplicates”: [], “extrainfos”: { “data_size”: “890GB” }, “group”: “payoutsking”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 22:18:19”, “users”: 2, “users_url”: 1 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/2ac8361f54bc7648c2710fe7a90a2f6f.png”, “url”: “https:\/\/www.ransomware.live\/id\/R2F0ZXdheSBDb21tdW5pdHlAcGF5b3V0c2tpbmc=”, “victim”: “Gateway Community” }, { “activity”: “Consumer Services”, “attackdate”: “2025-06-26 00:00:00.000000”, “claim_url”: “http:\/\/j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion\/topic.php?id=oGuKyC8rPMs3oX”, “country”: “CA”, “description”: “Canada”, “discovered”: “2025-07-03 15:21:46.090787”, “domain”: “www.allchoice.ca”, “duplicates”: [], “extrainfos”: [], “group”: “play”, “infostealer”: “”, “press”: { “link”: “https:\/\/www.ransomware.live\/id\/YWxsY2hvaWNlLmNhQDIwMjUtMDYtMjY=”, “source”: “https:\/\/www.facebook.com\/allchoicerentals\/posts\/pfbid02QmiLkzyxKaAju7a9SbRGELFwtM6uEvzBnVdVGhvMXKhtXZ1H9gHSLzip27BG9ds2l”, “summary”: “Le 26 juin 2025, All Choice Rentals Ltd. a subi une attaque par ransomware affectant une partie de son r\u00e9seau interne, rapidement contenue par l’\u00e9quipe informatique avec l\u2019aide d\u2019experts en cybers\u00e9curit\u00e9. Les syst\u00e8mes ont \u00e9t\u00e9 restaur\u00e9s \u00e0 partir de sauvegardes s\u00e9curis\u00e9es, et les op\u00e9rations de location fonctionnent normalement, bien que des donn\u00e9es clients puissent avoir \u00e9t\u00e9 consult\u00e9es. L\u2019entreprise poursuit son enqu\u00eate, reste transparente, et contactera les personnes concern\u00e9es tout en renfor\u00e7ant ses mesures de cybers\u00e9curit\u00e9.” }, “screenshot”: “https:\/\/images.ransomware.live\/victims\/bdf3ce889c7ea70ed842fe2714e3d449.png”, “url”: “https:\/\/www.ransomware.live\/id\/QWxsIENob2ljZSBSZW50YWxzQHBsYXk=”, “victim”: “All Choice Rentals” }, { “activity”: “Public Sector”, “attackdate”: “2025-06-25 10:43:34.718180”, “claim_url”: “”, “country”: “US”, “description”: “gatewaycsb.org”, “discovered”: “2025-07-07 14:54:08.919538”, “domain”: “gatewaycsb.org”, “duplicates”: [], “extrainfos”: [], “group”: “kawa4096”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 14:53:49”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Z2F0ZXdheWNzYi5vcmdAa2F3YTQwOTY=”, “victim”: “gatewaycsb.org” }, { “activity”: “Not Found”, “attackdate”: “2025-06-22 19:47:48.119058”, “claim_url”: “”, “country”: “DE”, “description”: “www.heimhaus.de”, “discovered”: “2025-07-07 11:55:03.194176”, “domain”: “heimhaus.de”, “duplicates”: [], “extrainfos”: [], “group”: “kawa4096”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Azorult”: 2, “Lumma”: 26, “Raccoon”: 8, “RedLine”: 6 }, “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-07 11:54:46”, “users”: 25, “users_url”: 7 }, “press”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/aGVpbWhhdXMuZGVAa2F3YTQwOTY=”, “victim”: “heimhaus.de” }, { “activity”: “Telecommunication”, “attackdate”: “2025-06-13 20:52:42.000000”, “claim_url”: “http:\/\/xfv4jzckytb4g3ckwemcny3ihv4i5p4lqzdpi624cxisu35my5fwi5qd.onion\/detail?id=717827e2bb718297c13e650dffff90b5”, “country”: “IN”, “description”: “Sun Direct is a leading provider of direct-to-home (DTH) television services in India. The company offers a wide range of television channels and packages tailored to meet the diverse entertainment needs of its customers. With a focus on delivering high-quality content and innovative technology, Sun Direct aims to provide seamless viewing experiences. Its intended clients include residential households and businesses looking for reliable satellite television solutions.\ncompany is headquartered in 73 Mrc Nagar Main Rd, Avadi, Tamil Nadu, India.”, “discovered”: “2025-07-06 10:39:24.563745”, “domain”: “sundirect.in”, “duplicates”: [], “extrainfos”: { “ransom”: 200000 }, “group”: “medusa”, “infostealer”: { “employees”: 15, “employees_url”: 3, “infostealer_stats”: { “Azorult”: 137, “CRYPTBOT”: 63, “DarkCrystal”: 5, “Ficker”: 17, “Generic Stealer”: 1402, “Lumma”: 1114, “Mystic”: 3, “Predator”: 17, “Raccoon”: 929, “RedLine”: 1958, “StealC”: 377, “Taurus”: 6, “UNKNOWN”: 75, “Vidar”: 335 }, “thirdparties”: 27, “thirdparties_domain”: 7, “update”: “2025-07-06 10:42:38”, “users”: 6499, “users_url”: 100 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/4f4ab32225a7b986c173a097c681f2ae.png”, “url”: “https:\/\/www.ransomware.live\/id\/U3VuIERpcmVjdEBtZWR1c2E=”, “victim”: “Sun Direct” }, { “activity”: “Manufacturing”, “attackdate”: “2025-06-13 15:54:53.000000”, “claim_url”: “http:\/\/xfv4jzckytb4g3ckwemcny3ihv4i5p4lqzdpi624cxisu35my5fwi5qd.onion\/detail?id=4ccf794413114f4fdd42a1591ddf73f9”, “country”: “US”, “description”: “R&W is an engineering company. (https:\/\/rweng.com\/) Company is headquartered in 9615 SW Allen Blvd., Suite 107 Beaverton, OR 97005. The total amount of data leakage is 676.5 GB”, “discovered”: “2025-07-06 10:39:52.976294”, “domain”: “rweng.com”, “duplicates”: [], “extrainfos”: { “ransom”: 100000 }, “group”: “medusa”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “thirdparties”: 0, “thirdparties_domain”: 0, “update”: “2025-07-06 10:42:05”, “users”: 0, “users_url”: 0 }, “press”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/3cb6ace46151d865e81e5aed573a1429.png”, “url”: “https:\/\/www.ransomware.live\/id\/UiZXIEVuZ2luZWVyaW5nQG1lZHVzYQ==”, “victim”: “R&W Engineering” } ]