Ransomware Stats

[ { “activity”: “Hospitality and Tourism”, “attackdate”: “2026-06-08T01:28:09.027138+00:00”, “claim_url”: “http:\/\/payloadrz5yw227brtbvdqpnlhq3rdcdekdnn3rgucbcdeawq2v6vuyd.onion\/posts\/ae4b423a-d339-450c-b3fe-dbfd6d46c601”, “country”: “”, “data_size”: null, “description”: “Plaza Lama is a retail company based in the Dominican Republic that offers a wide range of products including electronics, home goods, clothing, and groceries. The company aims to provide quality products at competitive prices to meet the needs of its diverse clientele. Plaza Lama serves both individual consumers and businesses, making it a go-to destination for shopping in the region. With multiple locations, it strives to enhance the shopping experience through excellent customer service and a variety of offerings”, “discovered”: “2026-06-08T01:28:39.452568+00:00”, “domain”: “”, “group”: “payload”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/3c86fa4c903bcea687132e0d74f072d1.png”, “url”: “https:\/\/www.ransomware.live\/id\/UGxhemEgTGFtYUBwYXlsb2Fk”, “victim”: “Plaza Lama” }, { “activity”: “Manufacturing”, “attackdate”: “2026-06-08T01:27:26.640020+00:00”, “claim_url”: “http:\/\/payloadrz5yw227brtbvdqpnlhq3rdcdekdnn3rgucbcdeawq2v6vuyd.onion\/posts\/8103c710-bffc-458d-9b3a-9cb2fe9d8817”, “country”: “VN”, “data_size”: null, “description”: “Hansoll Textile, established in 1992, is a global textile manufacturer specializing in knit apparel production and export. The company serves markets in the United States, Europe, and Japan with operations across Asia and Central America. As a B2B enterprise, Hansoll Textile maintains manufacturing facilities and warehouses to support its international textile business. The company focuses on business integrity as a core value while maintaining a presence in both Asian and North American markets”, “discovered”: “2026-06-08T01:27:57.591658+00:00”, “domain”: “”, “group”: “payload”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/aa0e8db0eaa6ea684b3215142d1ad388.png”, “url”: “https:\/\/www.ransomware.live\/id\/SGFuc29sbCBUZXh0aWxlIGluIFZpZXRuYW1AcGF5bG9hZA==”, “victim”: “Hansoll Textile in Vietnam” }, { “activity”: “Hospitality and Tourism”, “attackdate”: “2026-06-08T01:26:42.295660+00:00”, “claim_url”: “http:\/\/payloadrz5yw227brtbvdqpnlhq3rdcdekdnn3rgucbcdeawq2v6vuyd.onion\/posts\/4b9503f3-44bc-4c7a-bfac-68ca31acaa75”, “country”: “”, “data_size”: null, “description”: “Attana Hotels & Resorts is a premier Malaysian hospitality group that offers uniquely local experiences designed to make travelers feel at home. With a portfolio that includes various hotels and resorts, they focus on providing crafted experiences complemented by attentive service. Their target clients are guests seeking distinctive and memorable stays, enhanced by local culture and hospitality. Attana is committed to continuously evolving their offerings to inspire and energize their guests.”, “discovered”: “2026-06-08T01:27:15.781561+00:00”, “domain”: “”, “group”: “payload”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/ee4bc8cd07f490e8418209ee1182ee8d.png”, “url”: “https:\/\/www.ransomware.live\/id\/VmlsbGVhIEhvdGVscyBpbiBBdHRhbmFIb3RlbHNAcGF5bG9hZA==”, “victim”: “Villea Hotels in AttanaHotels” }, { “activity”: “Hospitality and Tourism”, “attackdate”: “2026-06-06T17:08:43+00:00”, “claim_url”: “http:\/\/ejzl7cjxmkx7lzhiqwidmrwtfjv45pkczbc4fnyaut3t7gll3yaiq5id.onion\/blog?uuid=908e35ca-0693-37f1-9b4d-05b2e59a59f1”, “country”: “”, “data_size”: null, “description”: “Confidential data will be published soon”, “discovered”: “2026-06-06T17:20:51.678304+00:00”, “domain”: “www.utourworld.com”, “group”: “blackwater”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/16c4f66557a6f7f25966a31416c7b0de.png”, “url”: “https:\/\/www.ransomware.live\/id\/d3d3LnV0b3Vyd29ybGQuY29tQGJsYWNrd2F0ZXI=”, “victim”: “www.utourworld.com” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2026-06-06T13:22:58.664735+00:00”, “claim_url”: “http:\/\/j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion\/topic.php?id=64thX5rrKSMtGp”, “country”: “GB”, “data_size”: null, “description”: “United States”, “discovered”: “2026-06-06T13:23:12.128367+00:00”, “domain”: “www.pearsonford.com”, “group”: “play”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/2dd7ec4dbaf6844d1ac218e2fa1b1c5c.png”, “url”: “https:\/\/www.ransomware.live\/id\/UGVhcnNvbiBGb3JkQHBsYXk=”, “victim”: “Pearson Ford” }, { “activity”: “Business Services”, “attackdate”: “2026-06-06T12:00:00+00:00”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/6a1ecd41d152110a6aed661c”, “country”: “US”, “data_size”: null, “description”: “www.personadental.com\r \r Persona Dental offers personalized dental care for families in Sartell, MN, focusing on both general and specialized services such as cosmetic dentistry, dental implants, and solutions for snoring and sleep apnea. The clinic prides itself on creating a comfortable environment and empowering patients to make informed decisions about their dental health. With a friendly and experienced team, they provide comprehensive care under one roof, ensuring convenience for their clients. Persona Dental is dedicated to building confidence and achieving the best smiles for their patients”, “discovered”: “2026-06-06T12:22:30.003188+00:00”, “domain”: “kelmreuter.com”, “group”: “incransom”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-06T12:22:01”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/37747ad5eaa7e240e401ca5821db9362.png”, “url”: “https:\/\/www.ransomware.live\/id\/a2VsbXJldXRlci5jb21AaW5jcmFuc29t”, “victim”: “kelmreuter.com” }, { “activity”: “Education”, “attackdate”: “2026-06-06T09:24:28.223823+00:00”, “claim_url”: “http:\/\/novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion\/universitas-nasional”, “country”: “ID”, “data_size”: null, “description”: “Universitas Nasional (UNAS) is an educational institution that offers a wide range of academic programs, including undergraduate and postgraduate degrees across various faculties such as Social Sciences, Law, Economics, and Health Sciences. The university aims to provide quality education and has implemented a robust internal quality assurance system. UNAS serves students from diverse backgrounds, including those pursuing regular and recognition of prior learning (RPL) pathways. Additionally, the university engages in research, community service, and hosts international conferences to enhance academic collaboration – Nova Provide tree and samples from stolen data to the company when its get in touch with support department.”, “discovered”: “2026-06-06T09:24:42.365093+00:00”, “domain”: “unas.ac.id”, “group”: “nova”, “infostealer”: { “employees”: 4, “employees_url”: 4, “infostealer_stats”: { “Azorult”: 39, “CRYPTBOT”: 9, “Generic Stealer”: 267, “Lumma”: 392, “Predator”: 3, “Raccoon”: 197, “RedLine”: 628, “StealC”: 95, “Taurus”: 1, “UNKNOWN”: 25, “Vidar”: 54 }, “last_employee_compromised”: “2025-10-26T05:05:06.489000+00:00”, “last_user_compromised”: “2026-05-30T07:21:00+00:00”, “thirdparties”: 38, “update”: “2026-06-06T10:29:17.386726”, “users”: 1842, “users_url”: 100 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/dd1c27fa7fce7f1f4e1395420a83edbf.png”, “url”: “https:\/\/www.ransomware.live\/id\/VW5pdmVyc2l0YXMgTmFzaW9uYWxAbm92YQ==”, “victim”: “Universitas Nasional” }, { “activity”: “Not Found”, “attackdate”: “2026-06-06T00:56:18.865137+00:00”, “claim_url”: “http:\/\/krybitqsdzwmhnitvwuhvsntfgf2wrhxveyxroxpc44c6gkft2cqldyd.onion\/blog\/040c040c85339ebb4b2a8f8d865b4d2c5c83121b48c8dfde5436a78b113919fa\/”, “country”: “CN”, “data_size”: null, “description”: “Shantou Huashan Electronic Devices Co., Ltd. (SHEDCL) is a Chinese manufacturer of semiconductor devices and electronic …”, “discovered”: “2026-06-06T00:56:37.403109+00:00”, “domain”: “huashan.com.cn”, “group”: “krybit”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-06T00:56:18”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/9d641b0c021e20182c94cfed3a72323a.png”, “url”: “https:\/\/www.ransomware.live\/id\/aHVhc2hhbi5jb20uY25Aa3J5Yml0”, “victim”: “huashan.com.cn” }, { “activity”: “Healthcare”, “attackdate”: “2026-06-05T21:23:44.560925+00:00”, “claim_url”: “http:\/\/novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion\/aspire-hospital”, “country”: “IN”, “data_size”: null, “description”: “Both aspirehospitals.co.in and aspirehospitals.in Under Nova Company Control, servers encrypted and patients data stolen, A Healthcare provider based on Plot No: 163, 208, Ekamra Road, Unit-6, Ganga Nagar, Bhubaneswar, India, Odisha, you need to think well to contact us for recover and to secure patients records – Nova Provide tree and samples from stolen data, free 2 files decrypt to the company when its get in touch with support department.”, “discovered”: “2026-06-05T21:23:59.555599+00:00”, “domain”: “aspirehospitals.in”, “group”: “nova”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-06T10:34:19.897121”, “users”: 2, “users_url”: 1 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/60e04b82fbc291ad59394d352105d6ca.png”, “url”: “https:\/\/www.ransomware.live\/id\/QXNwaXJlIGhvc3BpdGFsQG5vdmE=”, “victim”: “Aspire hospital” }, { “activity”: “Business Services”, “attackdate”: “2026-06-05T21:21:56.449662+00:00”, “claim_url”: “http:\/\/krybitqsdzwmhnitvwuhvsntfgf2wrhxveyxroxpc44c6gkft2cqldyd.onion\/blog\/f48b1e6bde5227d8950b8c30a544e9ba2a6694f6b9f19d8bec21f699ea1abbe8\/”, “country”: “BR”, “data_size”: null, “description”: “Schultz Operadora de Turismo helps people explore the world with easy travel planning. They handle everything from airli…”, “discovered”: “2026-06-05T21:22:10.387346+00:00”, “domain”: “schultz.com.br”, “group”: “krybit”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 1, “update”: “2026-06-05T21:21:56”, “users”: 181, “users_url”: 63 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/bd5b16afe85536d90e7f19138c4ca30f.png”, “url”: “https:\/\/www.ransomware.live\/id\/c2NodWx0ei5jb20uYnJAa3J5Yml0”, “victim”: “schultz.com.br” }, { “activity”: “Construction”, “attackdate”: “2026-06-05T20:06:41.957000+00:00”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/6a232c515ae71db30c46b0a3”, “country”: “US”, “data_size”: null, “description”: “contract nda confidential gov\\dot\\military\\va\\sam.gov other”, “discovered”: “2026-06-05T20:23:40.606339+00:00”, “domain”: “obrieneng.com”, “group”: “incransom”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 1, “update”: “2026-06-05T20:23:21”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/9857db7a7f715913ce24b634eaf394fd.png”, “url”: “https:\/\/www.ransomware.live\/id\/b2JyaWVuZW5nLmNvbUBpbmNyYW5zb20=”, “victim”: “obrieneng.com” }, { “activity”: “Technology”, “attackdate”: “2026-06-05T19:21:24.643957+00:00”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/demand”, “country”: “”, “data_size”: null, “description”: “[AI generated] N\/A”, “discovered”: “2026-06-05T19:21:43.032988+00:00”, “domain”: “Demand.io”, “group”: “coinbasecartel”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/42f28d16bf38ea457582f662f37d090a.png”, “url”: “https:\/\/www.ransomware.live\/id\/RGVtYW5kLmlvTkVXQGNvaW5iYXNlY2FydGVs”, “victim”: “Demand.ioNEW” }, { “activity”: “Technology”, “attackdate”: “2026-06-05T19:20:51.073785+00:00”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/cmtele”, “country”: “US”, “data_size”: null, “description”: “[AI generated] Cambridge Mobile Telematics (CMT) is a US-based telematics technology company headquartered in Cambridge, Massachusetts. It develops mobile sensing and data analytics platforms that measure driving behavior to improve road safety and reduce vehicle crashes. Its technology is used by insurers, rideshare companies, and fleets to assess risk and reward safe driving through usage-based insurance and fleet management solutions.”, “discovered”: “2026-06-05T19:21:12.870572+00:00”, “domain”: “cmtelematics.com”, “group”: “coinbasecartel”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 10, “update”: “2026-06-06T10:32:18.078854”, “users”: 30, “users_url”: 6 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/99575ac1e984f0ad3ae2b21b5e995992.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q2FtYnJpZGdlIE1vYmlsZSBUZWxlbWF0aWNORVdAY29pbmJhc2VjYXJ0ZWw=”, “victim”: “Cambridge Mobile TelematicNEW” }, { “activity”: “Healthcare”, “attackdate”: “2026-06-05T13:31:03+00:00”, “claim_url”: “https:\/\/worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion\/companies\/1179219653”, “country”: “US”, “data_size”: null, “description”: “[AI generated] Access Dental is a dental insurance and managed care company operating in the United States. It provides affordable dental health plans primarily to underserved and low-income populations, including Medicaid and individual plan members. The company works with a network of licensed dentists to deliver preventive and restorative dental services, focusing on improving access to oral healthcare across California and other states.”, “discovered”: “2026-06-05T13:54:36.860796+00:00”, “domain”: “www.accessdentalclinics.com”, “group”: “worldleaks”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/506c4276c69279da5579010dc5df04ba.png”, “url”: “https:\/\/www.ransomware.live\/id\/QWNjZXNzIERlbnRhbEB3b3JsZGxlYWtz”, “victim”: “Access Dental” }, { “activity”: “Healthcare”, “attackdate”: “2026-06-05T12:24:18.454075+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=3e8ebaa2-d244-410b-947a-c04aeded27f9”, “country”: “US”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-06-05T12:24:33.717551+00:00”, “domain”: “www.kissimmeesmile.com”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/439c73a121b2c5208762a78cb8b586a2.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q2VudHJhbCBGbG9yaWRhIENvc21ldGljICYgRmFtaWx5IERlbnRpc3RyeUBxaWxpbg==”, “victim”: “Central Florida Cosmetic & Family Dentistry” }, { “activity”: “Healthcare”, “attackdate”: “2026-06-05T11:58:22.794231+00:00”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=346c0da9-56e1-4186-a56e-e9a9a88c2c73”, “country”: “DE”, “data_size”: null, “description”: “REHA-ACTIV is a medical supply company that has been supporting individuals with health limitations for over 30 years.”, “discovered”: “2026-06-05T12:21:56.963650+00:00”, “domain”: “www.reha-activ.de”, “group”: “dragonforce”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/6038be2fed998a21362463bfbc6ea278.png”, “url”: “https:\/\/www.ransomware.live\/id\/UkVIQS1BQ1RJVkBkcmFnb25mb3JjZQ==”, “victim”: “REHA-ACTIV” }, { “activity”: “Business Services”, “attackdate”: “2026-06-05T11:54:19.013297+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=65539539-1cc5-4859-8765-720d2be899e2”, “country”: “”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-06-05T11:54:35.069408+00:00”, “domain”: “www.pro-mec.com”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/8e99d8c09ae55d9f88106c0c49922c67.png”, “url”: “https:\/\/www.ransomware.live\/id\/UHJvLU1FQyBFbmdpbmVlcmluZyBTZXJ2aWNlc0BxaWxpbg==”, “victim”: “Pro-MEC Engineering Services” }, { “activity”: “Hospitality and Tourism”, “attackdate”: “2026-06-05T11:53:50.089906+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=3b1d5a52-c0e5-4b60-8a62-914ac986e3db”, “country”: “US”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-06-05T11:54:07.162230+00:00”, “domain”: “www.myjayscatering.com”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/0ff3454414b5c918cd3a9e230bfe2bfc.png”, “url”: “https:\/\/www.ransomware.live\/id\/SmF5J3MgQ2F0ZXJpbmdAcWlsaW4=”, “victim”: “Jay’s Catering” }, { “activity”: “Construction”, “attackdate”: “2026-06-05T10:53:54.977715+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=889c0174-5e2d-4529-b3d8-573c3e53bc5a”, “country”: “CA”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-06-05T10:54:10.387872+00:00”, “domain”: “www.ohba.ca”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/85f8626aa79c22fef5f359d0ba90248f.png”, “url”: “https:\/\/www.ransomware.live\/id\/T250YXJpbyBIb21lIEJ1aWxkZXJzJyBBc3NvY2lhdGlvbkBxaWxpbg==”, “victim”: “Ontario Home Builders’ Association” }, { “activity”: “Consumer Services”, “attackdate”: “2026-06-05T10:53:26.926696+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=33ba9ef2-4761-4501-a216-a4bca21f4382”, “country”: “US”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-06-05T10:53:43.284344+00:00”, “domain”: “www.swimmor.com”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/827e006cb79b21093ed8ada4be5f861d.png”, “url”: “https:\/\/www.ransomware.live\/id\/U3dpbS1Nb3IgUG9vbHNAcWlsaW4=”, “victim”: “Swim-Mor Pools” }, { “activity”: “Business Services”, “attackdate”: “2026-06-05T10:52:56.392912+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=4c2c08a7-f2e1-4160-9735-6cca9b6bf7ff”, “country”: “DE”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-06-05T10:53:15.024765+00:00”, “domain”: “www.interspa-gruppe.de”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/05505c589b176e68b2c5c811841b22c7.png”, “url”: “https:\/\/www.ransomware.live\/id\/SU5URVJTUEEgQmV0cmllYnN2ZXJ3YWx0dW5nc2dlc2VsbHNjaGFmdEBxaWxpbg==”, “victim”: “INTERSPA Betriebsverwaltungsgesellschaft” }, { “activity”: “Manufacturing”, “attackdate”: “2026-06-05T08:46:16+00:00”, “claim_url”: “https:\/\/worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion\/companies\/5143963535”, “country”: “US”, “data_size”: null, “description”: “[AI generated] N\/A”, “discovered”: “2026-06-05T09:25:24.248724+00:00”, “domain”: “www.unitedautosupply.com”, “group”: “worldleaks”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a3834a46933209c6f8b88166c0f78ef3.png”, “url”: “https:\/\/www.ransomware.live\/id\/VW5pdGVkIEF1dG8gU3VwcGx5QHdvcmxkbGVha3M=”, “victim”: “United Auto Supply” }, { “activity”: “Construction”, “attackdate”: “2026-06-05T08:45:59+00:00”, “claim_url”: “https:\/\/worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion\/companies\/5944500838”, “country”: “TH”, “data_size”: null, “description”: “[AI generated] CH Karnchang Public Company Limited is a major Thai construction and engineering conglomerate headquartered in Bangkok, Thailand. The company specializes in large-scale infrastructure projects including highways, expressways, dams, tunnels, and civil engineering works. It operates primarily in Thailand but also undertakes international projects. CH Karnchang is listed on the Stock Exchange of Thailand and is considered one of the country’s leading construction firms.”, “discovered”: “2026-06-05T09:24:54.210404+00:00”, “domain”: “www.ch-karnchang.co.th”, “group”: “worldleaks”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/fce2dbd95a2597cd47d2e531ac23dd87.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q0ggS2FybmNoYW5nIFB1YmxpY0B3b3JsZGxlYWtz”, “victim”: “CH Karnchang Public” }, { “activity”: “Not Found”, “attackdate”: “2026-06-05T00:00:00+00:00”, “claim_url”: “http:\/\/genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion\/13a83c68b809e44e7791\/”, “country”: “US”, “data_size”: null, “description”: “A trade association”, “discovered”: “2026-06-06T10:21:44.773104+00:00”, “domain”: “cavalierflooring.com”, “group”: “genesis”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-06T10:21:30”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/bbe81bbf660a578b95217ae4475b6c44.png”, “url”: “https:\/\/www.ransomware.live\/id\/KkIqQGdlbmVzaXM=”, “victim”: “*B*” }, { “activity”: “Consumer Services”, “attackdate”: “2026-06-05T00:00:00+00:00”, “claim_url”: “http:\/\/om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion\/r\/zSH1aP0WJLX2Ip8dc202inJgQwZwsSKY4aNybqek6jqJzwa+DwYjVG2m9yEf9HnNh9ABxov52rJ0XPhiXxw1lWFISTI2ZzR6”, “country”: “US”, “data_size”: null, “description”: “[www.jeffreyburr.com]”, “discovered”: “2026-06-05T22:20:38.209074+00:00”, “domain”: “jeffreyburr.com”, “group”: “anubis”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-06T10:29:28.859514”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/2b49b5dcdab99d01fbe8a17d98e670ba.png”, “url”: “https:\/\/www.ransomware.live\/id\/SmVmZnJleSBCdXJyQGFudWJpcw==”, “victim”: “Jeffrey Burr” }, { “activity”: “Construction”, “attackdate”: “2026-06-05T00:00:00+00:00”, “claim_url”: “http:\/\/om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion\/r\/7ennLNxUKQ+HQYzWqdXuLdC6C5QrL0wfb8M5AZCTds3hzzunjNKym2DApCALNYMhfVLoA49bBTZQ2wEE3O4zd6bXpGSFJq”, “country”: “GB”, “data_size”: null, “description”: “A small breach, real employee data.”, “discovered”: “2026-06-05T20:50:58.625034+00:00”, “domain”: “dmcontract.co.uk”, “group”: “anubis”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-06T10:31:55.185510”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/8fd100887388a977df70880ec73960ad.png”, “url”: “https:\/\/www.ransomware.live\/id\/RCZNIENvbnRyYWN0b3JzQGFudWJpcw==”, “victim”: “D&M Contractors” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2026-06-05T00:00:00+00:00”, “claim_url”: “http:\/\/securo45z554mw7rgrt7wcgv5eenj2xmxyrsdj3fcjsvindu63s4bsid.onion”, “country”: “US”, “data_size”: null, “description”: “Status: AWAITING\nSize: 221 GB”, “discovered”: “2026-06-05T14:53:33.934446+00:00”, “domain”: “www.krietetrucks.com”, “group”: “securotrop”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/803e55e296e455f81d0ab9e71f8387ab.png”, “url”: “https:\/\/www.ransomware.live\/id\/S3JpZXRlIFRydWNrIENlbnRlcnNAc2VjdXJvdHJvcA==”, “victim”: “Kriete Truck Centers” }, { “activity”: “Business Services”, “attackdate”: “2026-06-05T00:00:00+00:00”, “claim_url”: “”, “country”: “”, “data_size”: null, “description”: “Kennon Worldwide offers a wide range of telecommunications services including PRI, VoIP, and in\ntegrated services, representing over 40 service providers to ensure the best pricing and soluti\nons for clients.\n\nWe will upload 30gb of corporate data soon. Contracts, client information, NDAs, and other inte\nrnal files.\n”, “discovered”: “2026-06-05T14:20:38.794608+00:00”, “domain”: “kennon.com”, “group”: “akira”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-06T10:33:05.656493”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/S2Vubm9uIFdvcmxkd2lkZUBha2lyYQ==”, “victim”: “Kennon Worldwide” }, { “activity”: “Consumer Services”, “attackdate”: “2026-06-05T00:00:00+00:00”, “claim_url”: “”, “country”: “US”, “data_size”: null, “description”: “Oaks Amusement Park, located in Portland, Oregon, has been a family-friendly entertainment dest\nination since 1905, offering a variety of attractions including rides, a roller rink, and a min\ni golf course.\n\nWe will upload 10gb of corporate data soon. Employee information, credit cards, payment details\n, lots of contracts and agreements, NDAs and so on.\n”, “discovered”: “2026-06-05T14:20:22.270696+00:00”, “domain”: “oakspark.com”, “group”: “akira”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-06T10:33:42.457887”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/T2FrcyBQYXJrQGFraXJh”, “victim”: “Oaks Park” }, { “activity”: “Manufacturing”, “attackdate”: “2026-06-05T00:00:00+00:00”, “claim_url”: “”, “country”: “”, “data_size”: null, “description”: “T\/CCI is a world leader in compressor technology including reciprocating, swash plate, wobble p\nlate, variable compressor and air brake compressor designs. We are an Original Equipment Manufa\ncturer for trucking, off-highway, agriculture\/construction, specialty vehicle and transport ref\nrigeration markets.\n\nWe will upload 35gb of corporate data soon. Employee personal docs (passports, DLs, SSNs, payme\nnt details, credit cards and so on), contracts and agreements, client and partners information,\nNDAs, financials, lots of confidential files, etc.\n”, “discovered”: “2026-06-05T13:50:23.688468+00:00”, “domain”: “”, “group”: “akira”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/VC9DQ0kgTWFudWZhY3R1cmluZ0Bha2lyYQ==”, “victim”: “T\/CCI Manufacturing” }, { “activity”: “Not Found”, “attackdate”: “2026-06-04T22:57:09.615017+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=bdec98d1-f14b-4a59-a117-ec55dffb1efa”, “country”: “SI”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-06-04T22:57:24.254772+00:00”, “domain”: “www.dondon.si”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/ad714fd9113d76e17fa6fca23ed43f6c.png”, “url”: “https:\/\/www.ransomware.live\/id\/U0tVUElOQSBEb24gRG9uQHFpbGlu”, “victim”: “SKUPINA Don Don” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2026-06-04T22:38:16.004964+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=c03b40fa-ade3-4b09-b25a-2ab1c5db463f”, “country”: “AT”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-06-04T22:38:30.932060+00:00”, “domain”: “www.avconjet.at”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/d8f4648f384cb26167dc58b139036cfb.png”, “url”: “https:\/\/www.ransomware.live\/id\/QXZjb24gSmV0QHFpbGlu”, “victim”: “Avcon Jet” }, { “activity”: “Energy”, “attackdate”: “2026-06-04T22:37:43.742551+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=db9b88e4-dbf1-48ff-99c8-06be32a96a0f”, “country”: “CA”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-06-04T22:38:02.072335+00:00”, “domain”: “www.tricanwellservice.com”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/313deafde1040eb579c48b8d0db6a7dc.png”, “url”: “https:\/\/www.ransomware.live\/id\/VHJpY2FuQHFpbGlu”, “victim”: “Trican” }, { “activity”: “Agriculture and Food Production”, “attackdate”: “2026-06-04T21:57:28.187896+00:00”, “claim_url”: “http:\/\/j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion\/topic.php?id=2bzaKMUnM6atgz”, “country”: “US”, “data_size”: null, “description”: “United States”, “discovered”: “2026-06-04T21:57:41.325214+00:00”, “domain”: “www.urschel.com”, “group”: “play”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/314adaff4436624ed551b7f95a0a4027.png”, “url”: “https:\/\/www.ransomware.live\/id\/VXJzY2hlbCBMYWJvcmF0b3JpZXNAcGxheQ==”, “victim”: “Urschel Laboratories” }, { “activity”: “Business Services”, “attackdate”: “2026-06-04T21:57:04.012531+00:00”, “claim_url”: “http:\/\/j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion\/topic.php?id=3vtw1NyTphurhL”, “country”: “US”, “data_size”: null, “description”: “United States”, “discovered”: “2026-06-04T21:57:17.229156+00:00”, “domain”: “www.dallislawfirm.com”, “group”: “play”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/0fa6a9945c44a5824fd4145832c35fe7.png”, “url”: “https:\/\/www.ransomware.live\/id\/RGFsbGlzIExhdyBGaXJtQHBsYXk=”, “victim”: “Dallis Law Firm” }, { “activity”: “Not Found”, “attackdate”: “2026-06-04T21:56:40.149482+00:00”, “claim_url”: “http:\/\/j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion\/topic.php?id=IDPKtSXEUdbGwL”, “country”: “US”, “data_size”: null, “description”: “United States”, “discovered”: “2026-06-04T21:56:53.205225+00:00”, “domain”: “www.thechapel.com”, “group”: “play”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/bc778737d1c01b1ca77cb4decfeb7773.png”, “url”: “https:\/\/www.ransomware.live\/id\/VGhlIENoYXBlbEBwbGF5”, “victim”: “The Chapel” }, { “activity”: “Manufacturing”, “attackdate”: “2026-06-04T21:56:14.900378+00:00”, “claim_url”: “http:\/\/j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion\/topic.php?id=AFCxD2HjYFRkvr”, “country”: “US”, “data_size”: null, “description”: “United States”, “discovered”: “2026-06-04T21:56:29.292992+00:00”, “domain”: “www.corleymfg.com”, “group”: “play”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/c9eba9c25e552ab6fb9a0a420be1b2a3.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q29ybGV5IE1GR0BwbGF5”, “victim”: “Corley MFG” }, { “activity”: “Business Services”, “attackdate”: “2026-06-04T19:50:04.146330+00:00”, “claim_url”: “”, “country”: “FR”, “data_size”: null, “description”: “Groupe S\u00e9curit\u00e9 CLB specializes in providing comprehensive football score tracking and prediction services. Their offerings include historical score queries, live score updates, and match predictions for various leagues, including European and Asian football.”, “discovered”: “2026-06-04T19:50:05.594589+00:00”, “domain”: “securiteclb.com”, “group”: “AiLock”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-04T19:50:04”, “users”: 5, “users_url”: 3 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/R3JvdXBlIFPDqWN1cml0w6kgQ0xCQEFpTG9jaw==”, “victim”: “Groupe S\u00e9curit\u00e9 CLB” }, { “activity”: “Not Found”, “attackdate”: “2026-06-04T14:50:04.327440+00:00”, “claim_url”: “http:\/\/6tdqqaxftvradka5d2frzgwixis7fmro7rfh4ettzcx7jfapkebe6jad.onion\/entity\/111CEAA5AD9DA2F1”, “country”: “RU”, “data_size”: null, “description”: “[AI generated] N\/A”, “discovered”: “2026-06-04T14:50:17.101569+00:00”, “domain”: “”, “group”: “AuditTeam”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/dac4088d44494c1d8bb6c0a7f9ae5415.png”, “url”: “https:\/\/www.ransomware.live\/id\/UGFpZCBWaWN0aW0gMTExQ0VBQTVBRDlEQTJGMUBBdWRpdFRlYW0=”, “victim”: “Paid Victim 111CEAA5AD9DA2F1” }, { “activity”: “Manufacturing”, “attackdate”: “2026-06-04T12:00:00+00:00”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/6a21bd57d152110a6a4b4f68”, “country”: “GB”, “data_size”: null, “description”: “Stuga Machinery Ltd specializes in designing and manufacturing precision sawing and machining centers for the fenestration industry, serving clients primarily in the UK and Ireland. \r With over 50 years of experience, the company offers a range of fully automated cutting and prepping centers, as well as refurbishment services for existing machinery. \r As a subsidiary of St\u00fcrtz GmbH, Stuga combines British engineering with international innovation, providing reliable local support and access to global technical resources. \r Their commitment to customer service includes lifecycle support, genuine parts supply, and tailored service contracts to ensure optimal machine performance”, “discovered”: “2026-06-04T18:28:17.144476+00:00”, “domain”: “”, “group”: “incransom”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/U3R1Z2EgTWFjaGluZXJ5QGluY3JhbnNvbQ==”, “victim”: “Stuga Machinery” }, { “activity”: “Not Found”, “attackdate”: “2026-06-04T12:00:00+00:00”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/6a1d4367d152110a6ac2b472”, “country”: “SG”, “data_size”: null, “description”: “Bodynits Group is a leading apparel manufacturer specializing in design and innovation, offering comprehensive manufacturing solutions.Access was gained to accounting and finance, all asset management systems, client databases, employee personal data, non-disclosure agreements, as well as developments and technologies.”, “discovered”: “2026-06-04T12:58:08.141351+00:00”, “domain”: “”, “group”: “incransom”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f26d72f8f4bd7a5ab9d33a0cf472e935.png”, “url”: “https:\/\/www.ransomware.live\/id\/cGRjYm9keW5pdHNAaW5jcmFuc29t”, “victim”: “pdcbodynits” }, { “activity”: “Manufacturing”, “attackdate”: “2026-06-04T00:00:00+00:00”, “claim_url”: “”, “country”: “”, “data_size”: null, “description”: “NSPA is an American manufacturer specializing in heat shrink terminals and connectors, as well \nas heat shrink tubing and installation tools. Their product offerings cater to industries requi\nring reliable sealed electrical systems.\n\nWe will upload 53gb of corporate data soon. Employee personal docs (passports, DLs, SSNs and ot\nher information), contracts and agreements, a bit of client and partners information, lots of N\nDAs, detailed financials, confidential files, and so on.\n”, “discovered”: “2026-06-04T13:50:31.583245+00:00”, “domain”: “”, “group”: “akira”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TmF0aW9uYWwgU3RhbmRhcmQgUGFydHMgQXNzb2NpYXRlc0Bha2lyYQ==”, “victim”: “National Standard Parts Associates” }, { “activity”: “Business Services”, “attackdate”: “2026-06-04T00:00:00+00:00”, “claim_url”: “”, “country”: “US”, “data_size”: null, “description”: “MLS Now operates on advanced technology to provide members with timely, accurate, and meaningfu\nl data and services. The company offers hands-on education, extensive online documentation, and\na robust support help desk staffed by local professionals.\n\nWe will upload corporate data soon. Board members information, contracts, NDAs, detailed financ\nials, confidential files, and so on.\n”, “discovered”: “2026-06-04T13:21:44.774753+00:00”, “domain”: “”, “group”: “akira”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Tm9ydGhlcm4gT2hpbyBSZWdpb25hbCBNdWx0aXBsZSBMaXN0aW5nIFNlcnZpY2VAYWtpcmE=”, “victim”: “Northern Ohio Regional Multiple Listing Service” }, { “activity”: “Not Found”, “attackdate”: “2026-06-04T00:00:00+00:00”, “claim_url”: “”, “country”: “SA”, “data_size”: null, “description”: “150 GB of data has been extracted, including: COMPTABILIT\u00c9 – FACTURES ACHAT \/ FACTURES \u00c0 PAYER \/ FACTURES MODIFI\u00c9ES – Banking Informations SA2000 – PAIEMENTS CLIENTS – CLIENTS \/ PO CLIENTS – FOURNISSEUR \/ TRANSPORTEURS – EMPLOY\u00c9S \/ EMBAUCHE – ACTIONNAIRES – COURRIEL \/ DOCUMENTS ***.There is still an opportunity to communicate and resolve this situation. We are currently awaiting the company’s !”, “discovered”: “2026-06-04T01:52:43.489610+00:00”, “domain”: “SA2000.COM”, “group”: “stormous”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/U0EyMDAwLkNPTUBzdG9ybW91cw==”, “victim”: “SA2000.COM” }, { “activity”: “Consumer Services”, “attackdate”: “2026-06-04 00:00:00.000000”, “claim_url”: “http:\/\/zohlm7ahjwegcedoz7lrdrti7bvpofymcayotp744qhx6gjmxbuo2yid.onion\/r\/287e84fa26b49049669491761f4a8be89427eadd”, “country”: “US”, “data_size”: null, “description”: “Karl Chevrolet, Inc. operates a Chevrolet car dealership. It offers new and used cars, commercial vehicles, SUVs, trucks, and vans. The company also provides automotive parts and accessories, such as brake pads, oil filters, and others; and services, which include vehicle maintenance, repair, inspection, and other services. It also allows customers to order parts online.”, “discovered”: “2026-04-29T22:00:11.184715+00:00”, “domain”: “www.karlchevrolet.com”, “group”: “ransomhouse”, “infostealer”: “”, “press”: { “link”: “https:\/\/www.ransomware.live\/id\/a2FybGNoZXZyb2xldC5jb21AMjAyNi0wNi0wNA==”, “source”: “https:\/\/dysruptionhub.com\/karl-auto-group-iowa-cyberattack\/”, “summary”: “Karl Auto Group, un d\u00e9taillant automobile majeur de l’Iowa, a \u00e9t\u00e9 victime d’une cyberattaque en avril qui a perturb\u00e9 ses t\u00e9l\u00e9phones et ordinateurs. L’incident, dont l’acc\u00e8s non autoris\u00e9 aux syst\u00e8mes a eu lieu avant le 27 mars, pourrait avoir expos\u00e9 des donn\u00e9es sensibles de clients et d’employ\u00e9s, incluant des num\u00e9ros de s\u00e9curit\u00e9 sociale, des informations financi\u00e8res et des num\u00e9ros de passeport. Bien que l’entreprise n’ait pas qualifi\u00e9 l’incident de ran\u00e7ongiciel, un groupe nomm\u00e9 RansomHouse a affirm\u00e9 que les syst\u00e8mes de Karl Chevrolet avaient \u00e9t\u00e9 chiffr\u00e9s le 3 avril.” }, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/252f07c3af33701068516cb8f6452c20.png”, “url”: “https:\/\/www.ransomware.live\/id\/S2FybCBDaGV2cm9sZXRAcmFuc29taG91c2U=”, “victim”: “Karl Chevrolet” }, { “activity”: “Business Services”, “attackdate”: “2026-06-03T23:59:00+00:00”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/6a1ede26d152110a6aefc2ad”, “country”: “US”, “data_size”: null, “description”: “About Custom Sign & Engineering\r Custom Sign & Engineering, Inc. specializes in creating high-quality, custom commercial digital signs and billboards in Evansville, Indiana. The company offers a wide range of products, including LED dimensional letters, monumental signs, and information displays, all designed to meet the specific needs of businesses. The company is committed to providing customer-focused services at competitive prices and with free estimates. It serves clients in three states\u2014Illinois, Indiana, and Kentucky\u2014helping businesses enhance their visibility and brand image through eye-catching signage.\r \r Translated with ***.com (free version)”, “discovered”: “2026-06-04T00:56:54.067634+00:00”, “domain”: “”, “group”: “incransom”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/fe0d1985bd06839c92fe3e4d668b4185.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q1VTVE9NU0lHTkBpbmNyYW5zb20=”, “victim”: “CUSTOMSIGN” }, { “activity”: “Healthcare”, “attackdate”: “2026-06-03T21:47:24+00:00”, “claim_url”: “”, “country”: “US”, “data_size”: null, “description”: “www.***.com https:\/\/www.***.com\/c\/michigan-surgical-center-llc\/90769926 Michigan Surgical Center is an outpatient surgical facility specializing in ophthalmic and plastic surgeries, with over 25 years of experience. The center is physician-owned and has received multiple awards for quality care, including recognition as one of America’s Best Ambulatory Surgical Centers by Newsweek. Their mission focuses on providing high-quality, patient-centered care with an emphasis on value-based services. They aim to lead in outpatient surgical care through innovative methodologies and a commitment to integrity and respect. 2075 Coolidge Rd, East Lansing, Michigan”, “discovered”: “2026-06-04T09:09:11.221026+00:00”, “domain”: “www.michigansurgicalcenter.com”, “group”: “thegentlemen”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TWljaGlnYW4gU3VyZ2ljYWwgQ2VudGVyQHRoZWdlbnRsZW1lbg==”, “victim”: “Michigan Surgical Center” }, { “activity”: “Technology”, “attackdate”: “2026-06-03T20:50:11.638231+00:00”, “claim_url”: “”, “country”: “GB”, “data_size”: null, “description”: “SeeWriteHear specializes in providing print and digital accessibility solutions, including Braille, large print, and web accessibility services. Their offerings cater to various industries such as education, government, and publishing, ensuring compliance with usability standards. The company focuses on innovative technology to enhance accessibility for individuals with disabilities. With a commitment to information equality, SeeWriteHear serves clients by creating accessible content and providing consulting and training services.”, “discovered”: “2026-06-03T20:50:13.391240+00:00”, “domain”: “www.seewritehear.com”, “group”: “cmdorganization”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/U2VlV3JpdGVIZWFyQGNtZG9yZ2FuaXphdGlvbg==”, “victim”: “SeeWriteHear” }, { “activity”: “Healthcare”, “attackdate”: “2026-06-03T20:20:21.879733+00:00”, “claim_url”: “http:\/\/om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion\/r\/TEs2kjYuJa1ZRwDySKBUBXRSCY+ZQDDD7Zl6HGiYRvyEkhHLEctJz0tubRr1SuHFE0xJ6HS1vQqnh8M7w873jI4Vm50UEQx”, “country”: “US”, “data_size”: null, “description”: “New data breach at a large health system provider.”, “discovered”: “2026-06-03T20:20:52.869184+00:00”, “domain”: “”, “group”: “anubis”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/e469bf3c9fa2321908ab4c5ee33fe86c.png”, “url”: “https:\/\/www.ransomware.live\/id\/U2luZ2luZyBSaXZlciBIZWFsdGggU3lzdGVtQGFudWJpcw==”, “victim”: “Singing River Health System” }, { “activity”: “Business Services”, “attackdate”: “2026-06-03T17:32:14.290738+00:00”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=45d4b57a-01ee-487c-b7a2-16a93c09723d”, “country”: “LB”, “data_size”: null, “description”: “SETS Solutions is a prominent information technology company based in Lebanon, serving the Middle East since 1990. The company specializes in a diverse range of technology solutions, including its flagship Human Resources Management System, People365, which encompasses Time Attendance, Payroll, and HR modules. Additionally, SETS offers services in data center solutions, security, cloud computing, and end-user computing, catering to various industries. With over 25 years of experience, SETS aims to enhance organizational efficiency and productivity through innovative technology solutions.”, “discovered”: “2026-06-03T17:52:32.542876+00:00”, “domain”: “sets.com.lb”, “group”: “dragonforce”, “infostealer”: { “employees”: 3, “employees_url”: 5, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 2, “update”: “2026-06-03T17:51:53”, “users”: 0, “users_url”: 4 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/0d7a9d6161a750b66dab905e5bf1f03c.png”, “url”: “https:\/\/www.ransomware.live\/id\/U0VUUyBTb2x1dGlvbnNAZHJhZ29uZm9yY2U=”, “victim”: “SETS Solutions” }, { “activity”: “Agriculture and Food Production”, “attackdate”: “2026-06-03T17:30:29.470565+00:00”, “claim_url”: “http:\/\/z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion\/blog\/?post_uuid=7bc6a138-2d17-464b-bb0e-a332c9869097”, “country”: “MX”, “data_size”: null, “description”: “Copamex, headquartered in Monterrey, Mexico, and established in 1928, is a paper manufacturing company offering writing and printing, special, corrugated, and kraft paper solutions.”, “discovered”: “2026-06-03T17:53:14.042182+00:00”, “domain”: “copamex.com”, “group”: “dragonforce”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 15, “update”: “2026-06-03T17:52:34”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f2fed6e5043254081ce8d9549a9f88d8.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q29wYW1leEBkcmFnb25mb3JjZQ==”, “victim”: “Copamex” }, { “activity”: “Not Found”, “attackdate”: “2026-06-03T16:16:05.665831+00:00”, “claim_url”: “http:\/\/nitrogenczslprh3xyw6lh5xyjvmsz7ciljoqxxknd7uymkfetfhgvqd.onion\/posts\/6a204a68c8b4a55a5d8de666”, “country”: “US”, “data_size”: null, “description”: “Ownership and management of shopping center. Development and redevelopment of real estate properties. Leasing of space to retail chains, restaurants, and entertainment venues”, “discovered”: “2026-06-03T16:16:24.292904+00:00”, “domain”: “www.pyramidmg.com”, “group”: “nitrogen”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/154a9d2534844f1430a19f12344557d3.png”, “url”: “https:\/\/www.ransomware.live\/id\/UHlyYW1pZEBuaXRyb2dlbg==”, “victim”: “Pyramid” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2026-06-03T15:09:51+00:00”, “claim_url”: “”, “country”: “TH”, “data_size”: null, “description”: “***.com ***.com\/c\/thoresen-thai-agencies-plc\/56951398 Thoresen is a strategic investment holding company listed on the Stock Exchange of Thailand, with a maritime heritage dating back to 1904. Its core business, Thoresen Shipping, operates a modern fleet of dry bulk carriers transporting commodities like ore, coal, grain, and steel across global trade routes. The group serves major industrial clients in mining, agriculture, and energy sectors, combining owned and chartered vessels to deliver flexible, reliable logistics solutions”, “discovered”: “2026-06-04T09:09:16.417564+00:00”, “domain”: “thoresen.com”, “group”: “thegentlemen”, “infostealer”: { “employees”: 4, “employees_url”: 3, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 8, “update”: “2026-06-04T09:09:14”, “users”: 14, “users_url”: 3 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/VGhvcmVzZW4gVGhhaSBBZ2VuY2llc0B0aGVnZW50bGVtZW4=”, “victim”: “Thoresen Thai Agencies” }, { “activity”: “Healthcare”, “attackdate”: “2026-06-03T15:03:29+00:00”, “claim_url”: “”, “country”: “US”, “data_size”: null, “description”: “***.com ***.com\/c\/edgewood-surgical-hospital\/52612741 Edgewood Surgical Hospital is a state-of-the-art specialty medical facility located in Transfer, Pennsylvania USA.\n\nWe have your data filles ~500gb\n\nSURGICAL CASE REVIEWS 2025-2026\n2026 January SURGICAL CASE REVIEW\n2026 March Surgical Case ***.docx\n2025 JANUARY PEER SURGICAL CASE REVIEW\n2025 MARCH SURGICAL CASE REVIEW\n2025 MAY SURGICAL CASE REVIEW\n2025 JULY SURGICAL CASE REVIEW\n2025 SEPTEMBER SURGICAL CASE REVIEW\n2025 NOVEMBER SURGICAL CASE REVIEW\n\nGOODMAN HP STI pdf Name + sexually transmitted infection\n\n(~300+ Anesthesia Records Anesthesia Records) Massive PHI leak \u2014 names + medical data of hundreds of patients\n\nMRI SCANS \/ EMPLOYEE HEALTH\n\nHISTORY & PHYSICAL (HP)\n\nNarcotic outdates + INPATIENT NARCOTIC INVENTORY”, “discovered”: “2026-06-04T09:09:20.188159+00:00”, “domain”: “edgewoodsurgical.com”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-04T09:09:18”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/RWRnZXdvb2QgU3VyZ2ljYWwgSG9zcGl0YWxAdGhlZ2VudGxlbWVu”, “victim”: “Edgewood Surgical Hospital” }, { “activity”: “Not Found”, “attackdate”: “2026-06-03T15:00:11+00:00”, “claim_url”: “”, “country”: “IN”, “data_size”: null, “description”: “***.com Kunal Enterprises is not a single global corporation, but rather a popular name shared by several independent industrial and manufacturing companies across India. Depending on the region, businesses operating under this brand specialize in diverse sectors such as paper packaging, industrial weighing systems, engineering, and chemical manufacturing. Notable examples include a prominent screen-printing solution provider established in 2001 and a major paper industry supplier founded in 1992. These firms primarily serve the B2B market, delivering specialized equipment, infrastructure, and manufacturing services to their clients”, “discovered”: “2026-06-04T09:09:23.076450+00:00”, “domain”: “kunalenterprise.com”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-04T09:09:21”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/S3VuYWwgRW50ZXJwcmlzZXNAdGhlZ2VudGxlbWVu”, “victim”: “Kunal Enterprises” }, { “activity”: “Business Services”, “attackdate”: “2026-06-03T14:57:23+00:00”, “claim_url”: “”, “country”: “SG”, “data_size”: null, “description”: “***.com.sg ***.com\/c\/3e-accounting-pte-ltd\/431955167 3E Accounting is a premier corporate services provider in Singapore, offering a comprehensive one-stop solution for business setup and management. The award-winning firm specializes in seamless online company registration, corporate secretarial work, accounting, and taxation. Through its fast and secure digital approach, the agency successfully helps both local and international entrepreneurs establish and grow their ventures”, “discovered”: “2026-06-04T09:09:27.032143+00:00”, “domain”: “3ecpa.com.sg”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-04T09:09:24”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/M0UgQWNjb3VudGluZ0B0aGVnZW50bGVtZW4=”, “victim”: “3E Accounting” }, { “activity”: “Manufacturing”, “attackdate”: “2026-06-03T14:54:54+00:00”, “claim_url”: “”, “country”: “GT”, “data_size”: null, “description”: “***.com Liztex is a leading Guatemalan textile manufacturer with over 50 years of experience in producing fabrics.\n\nWe\u00a0want\u00a0to\u00a0inform\u00a0you\u00a0that\u00a0our\u00a0group\u00a0managed\u00a0to\u00a0breach\u00a0and\u00a0encrypt\u00a0Liztex\u00a0network.\u00a0\n398GB\u00a0leaked\u00a0from\u00a0there\u00a0as\u00a0a\u00a0result\u00a0of\u00a0this\u00a0breach.\u00a0\n\nWhat\u00a0kind\u00a0of\u00a0data\u00a0leaked:\u00a0\n-\u00a0SAP\u00a0data\u00a0\n-\u00a0contacts\u00a0\n-\u00a0contracts\u00a0\n-\u00a0planning\u00a0\n-\u00a0logistics\u00a0\n-\u00a0projects\u00a0data\u00a0\n-\u00a0personal\u00a0data\u00a0\n-\u00a0employee\u00a0data\u00a0\n-\u00a0medical\u00a0data\u00a0\n-\u00a0partners\u00a0data\u00a0\n-\u00a0customers\u00a0data\u00a0\n-\u00a0financial\u00a0data\u00a0\n-\u00a0correspondence\u00a0\n-\u00a0production\u00a0data\u00a0\n-\u00a0quality\u00a0control\u00a0data\u00a0\n-\u00a0offers\u00a0and\u00a0proposals\u00a0\n-\u00a0subsidiary\u00a0data\u00a0\n-\u00a0other\u00a0sensitive\u00a0business\u00a0data”, “discovered”: “2026-06-04T09:09:30.047541+00:00”, “domain”: “liztex.com”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 12, “update”: “2026-06-04T09:09:28”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TGl6dGV4IEd1YXRlbWFsYUB0aGVnZW50bGVtZW4=”, “victim”: “Liztex Guatemala” }, { “activity”: “Not Found”, “attackdate”: “2026-06-03T14:49:12+00:00”, “claim_url”: “”, “country”: “DE”, “data_size”: null, “description”: “***.de ***.co\/te-loh-michael-korn-gmbh-profile_b7c5fa01c183a43f TE-LOH Germany GmbH is an established Electronics Manufacturing Services provider located in Norderstedt, Germany. With over 30 years of industry experience, the company specializes in circuit board assembly, cable harness production, and complete electronic device manufacturing. They offer comprehensive, tailor-made solutions from a single source, focusing primarily on high-quality small to medium production series”, “discovered”: “2026-06-04T09:09:33.840031+00:00”, “domain”: “te-loh.de”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-04T09:09:32”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/VGVMb2hAdGhlZ2VudGxlbWVu”, “victim”: “TeLoh” }, { “activity”: “Agriculture and Food Production”, “attackdate”: “2026-06-03T14:43:45+00:00”, “claim_url”: “”, “country”: “PT”, “data_size”: null, “description”: “***.pt ***.com\/c\/soja-de-portugal\/458493209 \n\n491GB leaked from there as a result of this breach. \n\nWhat kind of data leaked: \n- SAP data \n- contacts \n- contracts \n- planning \n- logistics \n- projects data \n- personal data \n- employee data \n- partners data \n- customers data \n- financial data \n- correspondence \n- production data \n- quality control data \n- offers and proposals \n- data related to Sorgal, Avicasal, Savinor and other brands \n- other sensitive business data\n\nInstead of negotiations, threats were made and the leaked data was not even reported to anyone\n\nhere is the text they wrote https:\/\/***.as\/***.md”, “discovered”: “2026-06-04T09:09:36.829737+00:00”, “domain”: “write.as”, “group”: “thegentlemen”, “infostealer”: { “employees”: 13, “employees_url”: 1, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-04T09:09:35”, “users”: 3359, “users_url”: 42 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/U29qYSBkZSBQb3J0dWdhbEB0aGVnZW50bGVtZW4=”, “victim”: “Soja de Portugal” }, { “activity”: “Healthcare”, “attackdate”: “2026-06-03T14:42:03+00:00”, “claim_url”: “”, “country”: “US”, “data_size”: null, “description”: “***.com ***.com\/c\/downriver-medical-associates\/357511215 \nDownriver Medical Associates is a full-service medical office and urgent care center located in Wyandotte, Michigan. Specializing in internal medicine and family practice, they provide comprehensive primary care for patients of all ages. The clinic focuses on holistic healthcare, emphasizing wellness, disease prevention, and improving the overall quality of life for the local community”, “discovered”: “2026-06-04T09:09:39.780421+00:00”, “domain”: “downrivermedicalassociates.com”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-04T09:09:38”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/RG93bnJpdmVyIE1lZGljYWwgQXNzb2NpYXRlc0B0aGVnZW50bGVtZW4=”, “victim”: “Downriver Medical Associates” }, { “activity”: “Hospitality and Tourism”, “attackdate”: “2026-06-03T13:50:20.073006+00:00”, “claim_url”: “”, “country”: “ES”, “data_size”: null, “description”: “Sunrise Company is a renowned real estate developer and builder specializing in resort and gol\nf course communities. Established in 1963, the company has developed over 16,000 homes and con\ndominiums, along with creating multiple resort hotels and commercial structures.\n\nToscana Country Club is a luxury private equity club and residential community located in Indi\nan Wells, California, offering an exceptional lifestyle amidst beautiful olive and cypress lan\ndscapes.\n\nAndalusia Country Club is a luxurious community near Palm Springs, offering distinctive golf c\nourse homes and a premier country club experience.\n\nHere is the access to 13gb of corporate data of the above mentioned entities. Employee persona\nl information including family of the CEO (passports, DLs, death records and so on), contracts\nand agreements, detailed financials, clients information, projects, etc.\n\nClick the download button.\n\nYou will find several password-free archives. Click on any of them to start the download.\n”, “discovered”: “2026-06-03T13:50:21.665707+00:00”, “domain”: “”, “group”: “akira”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/U3VucmlzZSwgVG9zY2FuYSBDb3VudHJ5IENsdWIsIEFuZGFsdXNpYUNvdW50cnkgQ2x1Yi5AYWtpcmE=”, “victim”: “Sunrise, Toscana Country Club, AndalusiaCountry Club.” }, { “activity”: “Manufacturing”, “attackdate”: “2026-06-03T12:00:00+00:00”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/6a1de902d152110a6ad5bf1e”, “country”: “TR”, “data_size”: null, “description”: “\u00d6ztu\u011f Otomotiv & End\u00fcstri is a Turkish company established in 1990 in Bursa, specializing in the production of high-precision components for the automotive, industrial, defense, and aerospace sectors.\r The company offers comprehensive services including design, mold manufacturing, and serial production of plastic, metal, and rubber parts, as well as industrial seals and vibration dampers. \r \u00d6ztu\u011f Otomotiv utilizes modern equipment (high-tonnage presses, progressive dies) and adheres to international quality standards, including a zero-defect principle and compliance with OEM standards.\r Financial performance (not publicly disclosed, but the company positions itself as a stable business):\r As of 2025, the company reports over 35 years of successful operations, more than 300 employees, and three production facilities with a total enclosed area of 12,000 m\u00b2.\r Structure and facilities:\r The company operates three production sites in Hasant\u0131\u011fla, Nil\u00fcfer (Bursa), and Adapazar\u0131. \r As of 2025, the workforce comprises over 300 specialists. Production capabilities include plastic injection, metal forming, and rubber molding lines.\r Laek: 100GB \r WE HAS COLLECTED SUCH DATA AS: \r – Confidential documents \r – Clients Data \r – NDA \r – Financial data \r – Operations \r – Corporate data \r – Business Agreements \r – Development \r – Financial databases, all transactions, all clients\r And a lot of other VERY IMPORTANT information!”, “discovered”: “2026-06-03T12:31:38.131021+00:00”, “domain”: “”, “group”: “incransom”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/5fc0b3e0bfe94284f43f3e9b95a2670a.png”, “url”: “https:\/\/www.ransomware.live\/id\/T3p0dWdvdG9tb3RpdkBpbmNyYW5zb20=”, “victim”: “Oztugotomotiv” }, { “activity”: “Technology”, “attackdate”: “2026-06-03T11:20:22.217475+00:00”, “claim_url”: “http:\/\/basherq53eniermxovo3bkduw5qqq5bkqcml3qictfmamgvmzovykyqd.onion\/page_company.php?id=170”, “country”: “AM”, “data_size”: null, “description”: “***.am – it is an online platform for managing real estate data in the Armenian market, provi…”, “discovered”: “2026-06-03T11:20:38.080644+00:00”, “domain”: “smarty.arpinet.am”, “group”: “apt73”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-03T11:20:22”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/c0105ba961dc3a72cf5886e556662feb.png”, “url”: “https:\/\/www.ransomware.live\/id\/c21hcnR5LmFycGluZXQuYW1AYXB0NzM=”, “victim”: “smarty.arpinet.am” }, { “activity”: “Manufacturing”, “attackdate”: “2026-06-03T09:09:05.810405+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=aee7cde8-9c42-42ee-b869-d48cd1a6f7bb”, “country”: “KR”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-06-03T09:09:21.507669+00:00”, “domain”: “www.jnpeng.co.kr”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/37082831b01c1a03dbde4431ede17609.png”, “url”: “https:\/\/www.ransomware.live\/id\/Sk5QIEVOR0BxaWxpbg==”, “victim”: “JNP ENG” }, { “activity”: “Consumer Services”, “attackdate”: “2026-06-03T09:08:46.767056+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=a8f53c6e-52a8-4a96-a634-2ead5addcca4”, “country”: “”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-06-03T09:09:02.424312+00:00”, “domain”: “www.marketjoy.com”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a06c98c5cb358f4b729574a03f443adc.png”, “url”: “https:\/\/www.ransomware.live\/id\/TWFya2V0Sm95QHFpbGlu”, “victim”: “MarketJoy” }, { “activity”: “Agriculture and Food Production”, “attackdate”: “2026-06-03T09:08:28.215017+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=9477bb5a-f81e-49b2-8db0-d7b8c1013df5”, “country”: “BR”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-06-03T09:08:45.074913+00:00”, “domain”: “www.eatsalad.com”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/f58f23cf91f370a854aac12f7392e2ff.png”, “url”: “https:\/\/www.ransomware.live\/id\/RWF0IFNhbGFkQHFpbGlu”, “victim”: “Eat Salad” }, { “activity”: “Energy”, “attackdate”: “2026-06-03T08:27:07.175111+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=90c319ad-cdab-4d2c-8a5e-e84e0d8242d0”, “country”: “PT”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-06-03T08:27:27.389940+00:00”, “domain”: “www.meisa-e.com”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/0ae42418370111d72b1d6354b3bbee38.png”, “url”: “https:\/\/www.ransomware.live\/id\/TUVJU0EgLSBTaW5lc0BxaWxpbg==”, “victim”: “MEISA – Sines” }, { “activity”: “Financial Services”, “attackdate”: “2026-06-03T00:26:51.655373+00:00”, “claim_url”: “”, “country”: “MX”, “data_size”: null, “description”: “Price ??? Disclosures 0\/1”, “discovered”: “2026-06-03T00:26:52.279558+00:00”, “domain”: “example.com”, “group”: “killsec”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Y3NpbnN1cmFuY2UubXhAa2lsbHNlYw==”, “victim”: “csinsurance.mx” }, { “activity”: “Healthcare”, “attackdate”: “2026-06-03T00:26:19.939367+00:00”, “claim_url”: “”, “country”: “IN”, “data_size”: null, “description”: “Price ??? Disclosures 0\/1”, “discovered”: “2026-06-03T00:26:20.817209+00:00”, “domain”: “example.com”, “group”: “killsec”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/YWNlaG9zcGl0YWwuaW5Aa2lsbHNlYw==”, “victim”: “acehospital.in” }, { “activity”: “Business Services”, “attackdate”: “2026-06-03T00:20:14.905410+00:00”, “claim_url”: “”, “country”: “”, “data_size”: null, “description”: “Company Site: leadschool.in size: 765.9MB This is will be quick. The following schools are affected: The specific schools explicitly named in the exfiltrated folders include: – Arya Vidyapith – Aakarsh International Public School – Students High School – Rainbow International Matric Hr. Sec. School – Vignan Private School The following info was stolen: 1. Personally Identifiable Information (PII) of Students – Full Names and Demographics: Complete names of children sorted by gender and admission numbers. – Academic Progression: Exact tracking of student grade levels (e.g., SKG, Class 1, Class 2) and division assignments – Age and Vital Records: Exact dates of birth (DOB) for all enrolled students. – Physical Locations: Full residential addresses, cities\/districts (such as Nampally, Telangana), and exact localized postal pincodes 2. Guardian and Parent Contact Registries – Parent Identity: Full names of both fathers and mothers linked directly to their children. – Direct Contact Methods: Active personal mobile numbers for parents, creating a severe vulnerability for automated spam or voice-phishing attacks. – Digital Contact: Parent email addresses intended for formal school updates. – Student Led Events – Teacher Certificates – gac-reports – Assessments 3. Proprietary LEAD School Academic Metrics – ELGA Placement Data: Internal academic tracking metrics, showing specific curriculum tiers like \”ELGA Class\” (e.g., ELGA02, ELGA06) and \”ELGA Division\” for individual students. – Classroom Analytics: Operational performance data exfiltrated directly from the nucleus.leadschool.in administrative portal. – Teacher Resources: Lesson plans, training modules, and classroom resources that form the core commercial assets of the LEAD platform.”, “discovered”: “2026-06-03T00:20:16.635974+00:00”, “domain”: “”, “group”: “shadowbyt3$”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TGVhZCBDb21wYW55IChMZWFkZXJzaGlwIEJvdWxldmFyZClAc2hhZG93Ynl0MyQ=”, “victim”: “Lead Company (Leadership Boulevard)” }, { “activity”: “Business Services”, “attackdate”: “2026-06-03T00:00:00+00:00”, “claim_url”: “http:\/\/genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion\/940ee385cc48cd398032\/”, “country”: “”, “data_size”: null, “description”: “A provider of financial services”, “discovered”: “2026-06-03T20:27:54.099092+00:00”, “domain”: “.”, “group”: “genesis”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Atomic”: 1, “DarkCrystal”: 1, “Generic Stealer”: 54, “Lumma”: 126, “Raccoon”: 1, “RedLine”: 25, “StealC”: 32, “Vidar”: 8 }, “last_employee_compromised”: “1970-01-01T00:00:00+00:00”, “last_user_compromised”: “2026-05-24T12:06:07+00:00”, “thirdparties”: 188, “update”: “2026-05-29T11:29:38.916128”, “users”: 394, “users_url”: 3 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/ad6fc0fb9720725845600d6f2dab1648.png”, “url”: “https:\/\/www.ransomware.live\/id\/UEIgV2hpdGUgJiBDb0BnZW5lc2lz”, “victim”: “PB White & Co” }, { “activity”: “Healthcare”, “attackdate”: “2026-06-03T00:00:00+00:00”, “claim_url”: “http:\/\/genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion\/56a7b33d42a266827a91\/”, “country”: “US”, “data_size”: null, “description”: “A healthcare organization”, “discovered”: “2026-06-03T20:25:36.310567+00:00”, “domain”: “.”, “group”: “genesis”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Atomic”: 1, “DarkCrystal”: 1, “Generic Stealer”: 54, “Lumma”: 126, “Raccoon”: 1, “RedLine”: 25, “StealC”: 32, “Vidar”: 8 }, “last_employee_compromised”: “1970-01-01T00:00:00+00:00”, “last_user_compromised”: “2026-05-24T12:06:07+00:00”, “thirdparties”: 188, “update”: “2026-05-29T11:29:38.916128”, “users”: 394, “users_url”: 3 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/fc566ae5bea43b3d2d2ba98197214108.png”, “url”: “https:\/\/www.ransomware.live\/id\/RmFtaWx5IE1lZGljYWwgQXNzb2NpYXRlcyBvZiBSYWxlaWdoQGdlbmVzaXM=”, “victim”: “Family Medical Associates of Raleigh” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2026-06-03T00:00:00+00:00”, “claim_url”: “”, “country”: “US”, “data_size”: null, “description”: “Cherokee Distributing Company offers the leading brands of beer and other nonalcoholic beverage\ns. In addition to their headquarters in Knoxville, they manage distribution centers in Chattano\noga, Cookeville, Kingsport, Pulaski and Tullahoma.\n\nWe will upload 40gb of corporate data soon. Employee personal docs (passports, DLs, SSNs), cont\nracts and agreements, partner and client files, detailed financials, projects, NDAs, confidenti\nal files, etc.\n”, “discovered”: “2026-06-03T13:20:21.097486+00:00”, “domain”: “”, “group”: “akira”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Q2hlcm9rZWUgRGlzdHJpYnV0aW5nIENvQGFraXJh”, “victim”: “Cherokee Distributing Co” }, { “activity”: “Business Services”, “attackdate”: “2026-06-03T00:00:00+00:00”, “claim_url”: “”, “country”: “”, “data_size”: null, “description”: “Factors Western specializes in providing factoring services to businesses across various indust\nries, helping them convert receivables into cash for improved cash flow and business growth.\n\nWe will upload corporate data soon. Lots of employee and client data (name, phones, passports),\nhockey players personal information (Connor McDavid and others), contracts and agreements, fin\nancials, projects, etc.\n”, “discovered”: “2026-06-03T12:50:24.489807+00:00”, “domain”: “”, “group”: “akira”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/RmFjdG9ycyBXZXN0ZXJuQGFraXJh”, “victim”: “Factors Western” }, { “activity”: “Financial Services”, “attackdate”: “2026-06-03T00:00:00+00:00”, “claim_url”: “”, “country”: “”, “data_size”: null, “description”: “Hal Otey Financial offers a range of financial services including wealth management, financial \nplanning, retirement planning, investment management, estate planning, and tax planning.\n\nWe will upload corporate data soon. Lots client data (passports, DLs, social security numbers, \nhealth and insurance files and so on), contracts and agreements, detailed financials, projects,\netc.\n”, “discovered”: “2026-06-03T12:50:21.757647+00:00”, “domain”: “”, “group”: “akira”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/SGFsIE90ZXkgRmluYW5jaWFsQGFraXJh”, “victim”: “Hal Otey Financial” }, { “activity”: “Healthcare”, “attackdate”: “2026-06-02T14:53:14.181868+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=cfb76db3-4ec5-4022-9ab7-60baf6523f09”, “country”: “US”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-06-02T14:53:31.890244+00:00”, “domain”: “www.novajoy.com”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/4bf676d4cc0e63e294ab0870a388ece4.png”, “url”: “https:\/\/www.ransomware.live\/id\/Tm92YSBNZWRpY2FsIFByb2R1Y3RzQHFpbGlu”, “victim”: “Nova Medical Products” }, { “activity”: “Business Services”, “attackdate”: “2026-06-02T14:24:49.451694+00:00”, “claim_url”: “http:\/\/krybitqsdzwmhnitvwuhvsntfgf2wrhxveyxroxpc44c6gkft2cqldyd.onion\/blog\/ab9f49b923161544d6fc0c3d7cd0bdf867adcfcffa4af758f4ccda040e76f6f9\/”, “country”: “DE”, “data_size”: null, “description”: “Activ’Interim 88 was founded in 2008 with the aim of connecting job seekers with the best opportunities available in the…”, “discovered”: “2026-06-02T14:25:02.182467+00:00”, “domain”: “activ88-interim.com”, “group”: “krybit”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-02T14:24:49”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/7674344dbd8cff1dad678c567631ba6e.png”, “url”: “https:\/\/www.ransomware.live\/id\/YWN0aXY4OC1pbnRlcmltLmNvbUBrcnliaXQ=”, “victim”: “activ88-interim.com” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2026-06-02T14:24:27.234176+00:00”, “claim_url”: “http:\/\/krybitqsdzwmhnitvwuhvsntfgf2wrhxveyxroxpc44c6gkft2cqldyd.onion\/blog\/6673701bbd9960d7ab6f9211086523dccd3ffa9c1249f6c78a7f8a8e9471acf9\/”, “country”: “GT”, “data_size”: null, “description”: “Founded in 1974, started its activities in Road Transport, eventually expanding its services to several other areas, fir…”, “discovered”: “2026-06-02T14:24:47.910007+00:00”, “domain”: “www.transbras.com.gt”, “group”: “krybit”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/270a15b7c3aee7509d410f35d0418b94.png”, “url”: “https:\/\/www.ransomware.live\/id\/d3d3LnRyYW5zYnJhcy5jb20uZ3RAa3J5Yml0”, “victim”: “www.transbras.com.gt” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2026-06-02T13:53:40.872524+00:00”, “claim_url”: “http:\/\/nh2kwgilfzi5mngiiqtcuoueh2oy4dkjq5cnfnjymueoj654fi7qtpid.onion\/index.php?p=”, “country”: “US”, “data_size”: null, “description”: “Cold Front Distribution is a leading DSD supplier specializing in grocery and foodservice supply chain solutions across a fifteen-state region. Due to their negligence in the area of security, we are providing you with a complete set of confidential documents, specifically the pricing grids of major partners sold through the Cold Front system, discount agreements, information on new product launches, and other confidential partner documents, as well as personal information about employees and the companys financial status…”, “discovered”: “2026-06-02T13:53:56.584547+00:00”, “domain”: “https:coldfrontdist.com”, “group”: “interlock”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/7b7475e4e8ba298fbdda8b4ef8848e93.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q29sZCBGcm9udCBEaXN0cmlidXRpb25AaW50ZXJsb2Nr”, “victim”: “Cold Front Distribution” }, { “activity”: “Public Sector”, “attackdate”: “2026-06-02T12:50:21.547596+00:00”, “claim_url”: “http:\/\/basherq53eniermxovo3bkduw5qqq5bkqcml3qictfmamgvmzovykyqd.onion\/page_company.php?id=169”, “country”: “AM”, “data_size”: null, “description”: “Hello, dear visitors of Bashe’s blog. Today, we contacted the Turkish Wolves of Turan group and b…”, “discovered”: “2026-06-02T12:50:40.044776+00:00”, “domain”: “”, “group”: “apt73”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/32762ebfbbcf107db713e0e5cc1eefd1.png”, “url”: “https:\/\/www.ransomware.live\/id\/ZWxlY3Rpb25zLm1pYS5nb3YuYW0gZnJvbSBXT0xWRVMgT0YgVFVSQU5AYXB0NzM=”, “victim”: “elections.mia.gov.am from WOLVES OF TURAN” }, { “activity”: “Technology”, “attackdate”: “2026-06-02T12:20:50.943549+00:00”, “claim_url”: “http:\/\/fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion\/companies\/cmtel”, “country”: “US”, “data_size”: null, “description”: “[AI generated] Cambridge Mobile Telematics (CMT) is a US-based technology company headquartered in Cambridge, Massachusetts. It operates in the telematics and insurtech industry, providing mobile sensing and data analytics solutions. CMT specializes in measuring driving behavior using smartphone sensors and AI to help insurers, fleets, and enterprises improve road safety and reduce risk through usage-based insurance and driver safety programs.”, “discovered”: “2026-06-02T12:21:09.005364+00:00”, “domain”: “”, “group”: “coinbasecartel”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/e4910d1fd06531bbf0564bcf206f6bd1.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q2FtYnJpZGdlIE1vYmlsZSBUZWxlbWF0aWNzTkVXQGNvaW5iYXNlY2FydGVs”, “victim”: “Cambridge Mobile TelematicsNEW” }, { “activity”: “Manufacturing”, “attackdate”: “2026-06-02T10:25:01.424607+00:00”, “claim_url”: “http:\/\/novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion\/ibena-textilwerke”, “country”: “DE”, “data_size”: null, “description”: “IBENA HEIMTEX is a family-owned textile manufacturer based in Bocholt, Germany, established in 1826. The company specializes in high-quality home textiles, including cuddly blankets, bed linen, and technical textiles for various industries. Their products cater to both consumers and businesses, with offerings such as fireproof fabrics, digital printing textiles, and car interior fabrics for renowned automotive brands. IBENA is committed to sustainability and quality, ensuring their textiles meet numerous quality standards – Nova Provide tree and samples from stolen data, free 2 files decrypt to the company when its get in touch with support department.”, “discovered”: “2026-06-02T10:25:16.123147+00:00”, “domain”: “”, “group”: “nova”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/7203b26567929353533026b098403449.png”, “url”: “https:\/\/www.ransomware.live\/id\/SUJFTkEgVGV4dGlsd2Vya2VAbm92YQ==”, “victim”: “IBENA Textilwerke” }, { “activity”: “Healthcare”, “attackdate”: “2026-06-02T08:57:18.263728+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=d3ce86e4-82ae-4556-804a-a3da7631e290”, “country”: “CL”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-06-02T08:57:36.360516+00:00”, “domain”: “www.clinicamaitenes.cl”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/80720288c8fe8e462d4778f7f13d947f.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q2xpbmljYSBNYWl0ZW5lc0BxaWxpbg==”, “victim”: “Clinica Maitenes” }, { “activity”: “Agriculture and Food Production”, “attackdate”: “2026-06-02T04:20:11.382939+00:00”, “claim_url”: “”, “country”: “CH”, “data_size”: null, “description”: “We have breached you and gained access to the following portals: https:\/\/operations.cropwise.com\/d\/users\/sign_in https:\/\/accounts.cropwise.com\/signin proof: https:\/\/mega.nz\/folder\/25hkSLgY#ELjJaFie-TfES9Z_47KFZA company url: https:\/\/operations.cropwise.com\/ We are ShadowByt3$ a Extortion as a service group. You have been breached and 10.4MB was stolen. It may seem small but it can affect you every way imaginable. Don’t believe us the following below was stolen: \ud83d\udc64 User Identities and Access Credentials – Account Directory Data: Full names, corporate email addresses, and phone numbers of registered agronomists, regional farm managers, and field staff. – Authentication Metadata: Encrypted password hashes, session tokens, or configured API keys utilized to link automated machinery data feeds to the web dashboard. \ud83d\ude9c Precision Agronomy and Farm Metrics – Geospatial Boundaries: High-resolution GIS boundary files detailing the exact shapes, coordinates, and property lines of privately owned or leased commercial fields. – Vegetation and Scouting Analyses: Historical NDVI satellite imagery datasets [CWO: Tools for effective monitoring of your crops’ condition syngenta.co.za], past growth tracking matrices, field problem zone flags, and yield prediction models. – Operational Treatment Records: Deep operational histories documenting exact pesticide or fertilizer applications, crop types, seeding timelines, and harvesting schedules. \ud83d\ude9b Telematics and Fleet Diagnostics – Machinery Tracking Logs: Real-time and archived GPS location paths generated by connected tractors, combines, or sprayers. These logs map out the specific work shifts, operational speeds, and field locations of individual machine drivers. If you contact us then we won’t leak it and show proof that we deleted it. Also we will tell you how to secure your company so you don’t get breached again. We are giving you 48 hours (approx 3 days) to contact us which would be by June 4th 2026. If you fail to reach out to us we will maximize damage by giving it to news outlets, swatting victims, and we will email everyone affected and you would be the next headline. All you have to do is pay 1 million in bitcoin or monero and it goes away.”, “discovered”: “2026-06-02T04:20:12.877865+00:00”, “domain”: “”, “group”: “shadowbyt3$”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Q3JvcHdpc2UgKFN5bmdlbnRhIEdyb3VwKUBzaGFkb3dieXQzJA==”, “victim”: “Cropwise (Syngenta Group)” }, { “activity”: “Manufacturing”, “attackdate”: “2026-06-02T00:00:00+00:00”, “claim_url”: “http:\/\/5butbkrljkaorg5maepuca25oma7eiwo6a2rlhvkblb4v6mf3ki2ovid.onion\/companies\/47\/sicol”, “country”: “BR”, “data_size”: null, “description”: “SICOL \u2013 JS Cobran\u00e7as e Servi\u00e7os is a Brazilian company specializing in debt collection, credit management, and sales services.\u00a0They blend digital automation with humanized customer support to help businesses recover debts and optimize their sales workflows.-Personal information of employees and clients -Financial documents -Other files https:\/\/***.com.br\/”, “discovered”: “2026-06-04T05:30:53.759186+00:00”, “domain”: “sicol.com.br”, “group”: “spacebears”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 1, “update”: “2026-06-04T05:30:29”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/3abc122949240d85d8d65f40c83f36d1.png”, “url”: “https:\/\/www.ransomware.live\/id\/U2ljb2xAc3BhY2ViZWFycw==”, “victim”: “Sicol” }, { “activity”: “Education”, “attackdate”: “2026-06-02T00:00:00+00:00”, “claim_url”: “”, “country”: “NL”, “data_size”: null, “description”: “The church website’s network (katholiekamersfoort.nl\/) has been breached, resulting in the exfiltration of over 10 GB of data. This data pertains to donors, staff, and the personal information of a large number of individuals. The compromised data includes: Databases and Personally Identifiable Information (PII), internal network shares and document, contact lists, board and committee data, as well as system metadata.”, “discovered”: “2026-06-02T21:33:29.918029+00:00”, “domain”: “katholiekamersfoort.nl”, “group”: “stormous”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-02T21:33:27”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/a2F0aG9saWVrYW1lcnNmb29ydC5ubEBzdG9ybW91cw==”, “victim”: “katholiekamersfoort.nl” }, { “activity”: “Not Found”, “attackdate”: “2026-06-02T00:00:00+00:00”, “claim_url”: “http:\/\/novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion\/everlite-concept”, “country”: “FR”, “data_size”: null, “description”: “Everlite Concept is a French company that specializes in polycarbonate solutions for building envelopes. It is known for its innovative, high-performance systems used in walls, roofing, and fa\u00e7ades for buildings like sports complexes and museums – Nova Provide tree and samples from stolen data to the company when its get in touch with support department.”, “discovered”: “2026-06-02T10:25:28.595417+00:00”, “domain”: “”, “group”: “nova”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/c2c40cb9a3e51944b7356f360af9ea2b.png”, “url”: “https:\/\/www.ransomware.live\/id\/RXZlcmxpdGUgY29uY2VwdEBub3Zh”, “victim”: “Everlite concept” }, { “activity”: “Not Found”, “attackdate”: “2026-06-02T00:00:00+00:00”, “claim_url”: “http:\/\/6tdqqaxftvradka5d2frzgwixis7fmro7rfh4ettzcx7jfapkebe6jad.onion\/entity\/111CEAA5AD9DA2F1”, “country”: “RU”, “data_size”: null, “description”: “”, “discovered”: “2026-06-02T08:50:16.475085+00:00”, “domain”: “”, “group”: “AuditTeam”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/dac4088d44494c1d8bb6c0a7f9ae5415.png”, “url”: “https:\/\/www.ransomware.live\/id\/Y2EqKipsbUBBdWRpdFRlYW0=”, “victim”: “ca***lm” }, { “activity”: “Business Services”, “attackdate”: “2026-06-02 00:00:00.000000”, “claim_url”: “http:\/\/krybitqsdzwmhnitvwuhvsntfgf2wrhxveyxroxpc44c6gkft2cqldyd.onion\/blog\/752e94e3424c7e1a707ab23360ef3ff73d7cf58cb66b2b8ef5b9c1dc5ccf7ddd\/”, “country”: “DE”, “data_size”: null, “description”: “Lumax is dedicated to maintaining high standards of ethics, corporate governance and effective accountability mechanisms…”, “discovered”: “2026-06-03T14:01:07.099127+00:00”, “domain”: “www.elumax.com”, “group”: “krybit”, “infostealer”: “”, “press”: { “link”: “https:\/\/www.ransomware.live\/id\/ZWx1bWF4LmNvbUAyMDI2LTA2LTAy”, “source”: “https:\/\/emops.twse.com.tw\/server-java\/t05sr01_1_e?&isNew=Y&seq_no=1&spoke_time=74158&spoke_date=20260602&co_id=6192”, “summary”: “Une cyberattaque a affect\u00e9 les syst\u00e8mes d’information de Lumax International. Les \u00e9valuations actuelles indiquent qu’il n’y a eu aucun impact mat\u00e9riel sur les op\u00e9rations de ce distributeur sp\u00e9cialis\u00e9 et aucune fuite de donn\u00e9es personnelles ou confidentielles n’a \u00e9t\u00e9 d\u00e9couverte. L’entreprise a activ\u00e9 ses m\u00e9canismes de d\u00e9fense et proc\u00e8de actuellement \u00e0 la restauration des syst\u00e8mes \u00e0 l’aide de sauvegardes.” }, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a36d39f7231034f7b2e2cd94f491022c.png”, “url”: “https:\/\/www.ransomware.live\/id\/d3d3LmVsdW1heC5jb21Aa3J5Yml0”, “victim”: “www.elumax.com” }, { “activity”: “Telecommunication”, “attackdate”: “2026-06-01T23:20:17.806649+00:00”, “claim_url”: “http:\/\/om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion\/r\/YMXlvnIkOvaXKpUWyZPZlIYX0BoT1yunFtcDi9VPCbgmwu2r5ahpAZt9jxEvxScMk3UkWpS9zchacfNcEkN3lU5THcwbGY1”, “country”: “”, “data_size”: null, “description”: “Data breach exposes ecommerce platforms\u2019 dirty laundry.”, “discovered”: “2026-06-01T23:20:54.665173+00:00”, “domain”: “”, “group”: “anubis”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/d8fdb38e9fb562b83c8ac712d1d73b3a.png”, “url”: “https:\/\/www.ransomware.live\/id\/UG93ZXIgJiBUZWxAYW51Ymlz”, “victim”: “Power & Tel” }, { “activity”: “Hospitality and Tourism”, “attackdate”: “2026-06-01T19:53:26.991200+00:00”, “claim_url”: “http:\/\/safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion\/blog\/post\/tavolaspacom\/”, “country”: “IT”, “data_size”: null, “description”: “Over more than seventy years of operation, the company has evolved from an import-export business into a diversified manufacturer, distributor, \u2026”, “discovered”: “2026-06-01T19:53:39.286367+00:00”, “domain”: “tavolaspa.com”, “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-01T19:53:26”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/762616701238ea6efb1501fb88025cae.png”, “url”: “https:\/\/www.ransomware.live\/id\/dGF2b2xhc3BhLmNvbUBzYWZlcGF5”, “victim”: “tavolaspa.com” }, { “activity”: “Consumer Services”, “attackdate”: “2026-06-01T19:53:00.631085+00:00”, “claim_url”: “http:\/\/safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion\/blog\/post\/parsa-beautyde\/”, “country”: “DE”, “data_size”: null, “description”: “Founded in 1986, the company has become one of Europe\u2019s leading manufacturers and distributors of hair, beauty, and personal care \u2026”, “discovered”: “2026-06-01T19:53:14.753333+00:00”, “domain”: “parsa-beauty.de”, “group”: “safepay”, “infostealer”: { “employees”: 6, “employees_url”: 1, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 6, “update”: “2026-06-01T19:53:00”, “users”: 3, “users_url”: 3 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/b688489c72a93a99fc80d2b099628437.png”, “url”: “https:\/\/www.ransomware.live\/id\/cGFyc2EtYmVhdXR5LmRlQHNhZmVwYXk=”, “victim”: “parsa-beauty.de” }, { “activity”: “Technology”, “attackdate”: “2026-06-01T19:24:17.146838+00:00”, “claim_url”: “http:\/\/safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion\/blog\/post\/sorarisit\/”, “country”: “IT”, “data_size”: null, “description”: “Founded in 1983, the company specializes in the collection, transportation, treatment, and management of municipal solid waste and recyclable materials. \u2026”, “discovered”: “2026-06-01T19:24:28.814545+00:00”, “domain”: “soraris.it”, “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-01T19:24:17”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/3729c8c90b885f9125b526165c2ab439.png”, “url”: “https:\/\/www.ransomware.live\/id\/c29yYXJpcy5pdEBzYWZlcGF5”, “victim”: “soraris.it” }, { “activity”: “Technology”, “attackdate”: “2026-06-01T19:23:49.834167+00:00”, “claim_url”: “http:\/\/safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion\/blog\/post\/lcneteu\/”, “country”: “DE”, “data_size”: null, “description”: “The network was established to provide integrated cross-border transport solutions, allowing member companies to coordinate freight movements efficiently throughout Europe. \u2026”, “discovered”: “2026-06-01T19:24:01.456751+00:00”, “domain”: “lcnet.eu”, “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-01T19:23:49”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/e4bff5322749d977ec197531ba648f86.png”, “url”: “https:\/\/www.ransomware.live\/id\/bGNuZXQuZXVAc2FmZXBheQ==”, “victim”: “lcnet.eu” }, { “activity”: “Not Found”, “attackdate”: “2026-06-01T19:23:26.459899+00:00”, “claim_url”: “http:\/\/safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion\/blog\/post\/verzollacom\/”, “country”: “IT”, “data_size”: null, “description”: “Founded in 1958 (with the current corporate structure established in 2007), the company specializes in supplying industrial components, automation systems, \u2026”, “discovered”: “2026-06-01T19:23:38.157259+00:00”, “domain”: “verzolla.com”, “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-01T19:23:26”, “users”: 106, “users_url”: 16 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/99945addabab6fee8e21e317e72410bc.png”, “url”: “https:\/\/www.ransomware.live\/id\/dmVyem9sbGEuY29tQHNhZmVwYXk=”, “victim”: “verzolla.com” }, { “activity”: “Manufacturing”, “attackdate”: “2026-06-01T19:23:01.354701+00:00”, “claim_url”: “http:\/\/safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion\/blog\/post\/compactmouldcom\/”, “country”: “CA”, “data_size”: null, “description”: “Founded in 1978 and headquartered in Woodbridge, Ontario, the company has grown into one of North America\u2019s major suppliers of \u2026”, “discovered”: “2026-06-01T19:23:14.874619+00:00”, “domain”: “compactmould.com”, “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-01T19:23:01”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/88dcc0e8bc25a86e7bd9581266c8dd2d.png”, “url”: “https:\/\/www.ransomware.live\/id\/Y29tcGFjdG1vdWxkLmNvbUBzYWZlcGF5”, “victim”: “compactmould.com” }, { “activity”: “Not Found”, “attackdate”: “2026-06-01T15:20:09.552399+00:00”, “claim_url”: “http:\/\/vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion\/n\/squamish”, “country”: “CA”, “data_size”: null, “description”: “[AI generated] squamish.net appears to be an internet service provider and telecommunications company operating in Squamish, British Columbia, Canada. It offers broadband internet connectivity and related services to residential and business customers in the Squamish region. The company serves as a local ISP, providing connectivity solutions to the Sea-to-Sky Corridor area of British Columbia, positioning itself within the Canadian telecommunications and internet services industry.”, “discovered”: “2026-06-01T15:20:25.797090+00:00”, “domain”: “squamish.net”, “group”: “BrainCipher”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-01T15:20:09”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/dca084af0b577130229296e02b110950.png”, “url”: “https:\/\/www.ransomware.live\/id\/c3F1YW1pc2gubmV0QEJyYWluQ2lwaGVy”, “victim”: “squamish.net” }, { “activity”: “Business Services”, “attackdate”: “2026-06-01T14:50:14.404178+00:00”, “claim_url”: “”, “country”: “”, “data_size”: null, “description”: “School Facility Consultants (SFC) is a full-service company that provides expert guidance in school facility planning and funding for School Districts, County Offices of Education, and Charter Schools across California.”, “discovered”: “2026-06-01T14:50:15.839533+00:00”, “domain”: “”, “group”: “abyss”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/U2Nob29sIEZhY2lsaXR5IENvbnN1bHRhbnRzQGFieXNz”, “victim”: “School Facility Consultants” }, { “activity”: “Public Sector”, “attackdate”: “2026-06-01T11:11:00+00:00”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/6a1d6c87d152110a6ac6d153”, “country”: “US”, “data_size”: null, “description”: “Champaign Urbana Public Health District provides a wide range of health services including dental care, nutrition assistance, mental health support, and food safety inspections. Their programs cater to various demographics, including adolescents, women, infants, and families, focusing on preventive health and education. The district also offers resources for substance abuse treatment, sexual health, and community food initiatives. Their intended clients include residents of Champaign County seeking health services, food assistance, and educational resources.”, “discovered”: “2026-06-01T11:54:42.230461+00:00”, “domain”: “”, “group”: “incransom”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/0cc9ceb4d47a23ed82ea01d281dda30f.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q2hhbXBhaWduLVVyYmFuYSBQdWJsaWMgSGVhbHRoIERpc3RyaWN0QGluY3JhbnNvbQ==”, “victim”: “Champaign-Urbana Public Health District” }, { “activity”: “Business Services”, “attackdate”: “2026-06-01T11:01:00+00:00”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/6a1d7512d152110a6ac7b3d5”, “country”: “US”, “data_size”: null, “description”: “Bradley Law Personal Injury Lawyers is a law firm dedicated to representing clients who have suffered injuries due to accidents, medical malpractice, and other forms of negligence. With over 30 years of experience, they have successfully recovered more than $100 million in settlements and verdicts for their clients across Missouri and Illinois. Their services include free case consultations and a commitment to fight for maximum compensation on behalf of accident victims. The firm is known for its expertise in personal injury law, including vehicle accidents, workplace injuries, and wrongful death cases.”, “discovered”: “2026-06-01T12:23:35.946640+00:00”, “domain”: “”, “group”: “incransom”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/c9d03a038dc2d6b442280db859f07c2a.png”, “url”: “https:\/\/www.ransomware.live\/id\/QnJhZGxleSBsYXcgZmlybUBpbmNyYW5zb20=”, “victim”: “Bradley law firm” } ]