SophiaX
🔍
LIVE
· New victim: sansilvestre.edu.pe — krybit· New victim: JMS Southeast — akira· New victim: Padget Technologies — akira· New victim: Delegal Poindexter & Underkofler, P.A. — morpheus· New victim: ISOPLUS — qilin· New KEV: CVE-2025-67038 · Lantronix· New KEV: CVE-2026-34908 · Ubiquiti· New KEV: CVE-2026-34910 · Ubiquiti· New KEV: CVE-2026-34909 · Ubiquiti· New KEV: CVE-2026-20253 · Splunk· New victim: 2,602 new IOCs ingested in last 24h sansilvestre.edu.pe — krybit· New victim: JMS Southeast — akira· New victim: Padget Technologies — akira· New victim: Delegal Poindexter & Underkofler, P.A. — morpheus· New victim: ISOPLUS — qilin· New KEV: CVE-2025-67038 · Lantronix· New KEV: CVE-2026-34908 · Ubiquiti· New KEV: CVE-2026-34910 · Ubiquiti· New KEV: CVE-2026-34909 · Ubiquiti· New KEV: CVE-2026-20253 · Splunk· 2,602 new IOCs ingested in last 24h
🔐

Ransomware Intelligence

Real-time tracking of ransomware victims, threat groups, and attack trends worldwide. Monitor active ransomware gangs, their targets by sector and country, and stay ahead of double-extortion campaigns with live data from 30+ group leak sites.

Active Ransomware Victims (30d)+16 today
629
▲ 132 in last 7 days
Known Ransomware Groups
79
28 active · 28 dark
Top Active Groups (7d)
qilinthegentlemendragonforce
Recent Ransomware Victims2,005 total
🔍
25 / 2,005
DateVictimSectorCountryGroupLink
2026-06-25
sansilvestre.edu.pe
EducationPEkrybit
2026-06-25
JMS Southeast
Business Servicesakira
2026-06-25
Padget Technologies
Technologyakira
2026-06-25
Delegal Poindexter & Underkofler, P.A.
Business Servicesmorpheus
2026-06-25
ISOPLUS
Business ServicesGreeceqilin
2026-06-24
Quest Health Solutions
Healthcareanubis
2026-06-24
mlit.com.my UPDATE-FULL DATA DUMP NEW LINK 10GB
Public SectorMYstormous
2026-06-24
jaggroup.com UPDATE-FULL DATA DUMP NEW LINK
Not Foundstormous
2026-06-24
maglificioliliana.com
Not Foundstormous
2026-06-24
lorenzoni-store.com
Consumer ServicesItalystormous
2026-06-24
montechiaro-store.com
Consumer ServicesItalystormous
2026-06-24
impulso-store.com
Consumer ServicesMexicostormous
2026-06-24
Adapt******
Not Foundshinyhunters
2026-06-24
lpgroup
Not Foundnova
2026-06-24
alejandria
Not Foundnova
2026-06-24
transvill
Transportation/Logisticsnova
2026-06-24
Jit Ex
Not Foundakira
2026-06-24
transvill.com.pe
Transportation/LogisticsPEnova
2026-06-24
Miami Machine
ManufacturingUnited Statesakira
2026-06-24
alejandria.biz
Not FoundArgentinanova
2026-06-24
Cash Canada
Financial ServicesCanadaqilin
2026-06-24
lpgroup.pt
Business ServicesPortugalnova
2026-06-24
horizoneye.com
TechnologyUnited Statesincransom
2026-06-23
Meta
TechnologyBrazilbravox
2026-06-23
Lee International
Not FoundSouth Koreaqilin
Page 1 / 81
📈 Ransomware Trend — Last 30 Days629 victims
Daily victims
Ransomware Groups Overview79 total
28 active · 28 dark
Gang NameTotal30d7dStatusCountrySectorsLast Seen
qilin
281+81+17● Active
2026-06-25
thegentlemen
238+80+13● Active
2026-06-20
dragonforce
Research on the operators of the DragonForce ransomware was conducted, and it was identifi
140+47+2● Active
2026-06-22
akira
101+37+7● Active
2026-06-24
nova
Rebrand of RALord
59+33+15● Active
2026-06-24
incransom
87+28+4● Active
2026-06-24
shinyhunters
50+23+2● Active
2026-06-24
krybit
53+22+3● Active
2026-06-19
lockbit5
64+18+13● Active
2026-06-20
safepay
SafePay ransomware started in October 2024 as a new ransomware service, using some of the
51+18+1● Active
2026-06-22
worldleaks
28+13+2● Active
2026-06-20
genesis
Financial interests only. <br/> We do not provide or work with affiliate programs, no c
27+13● Dark
2026-06-17
stormous
22+13+8● Active
2026-06-24
threeam
20+12● Dark
2026-06-12
play
Initially observed in June 2022, the Play ransomware (a.k.a PlayCrypt) operates through do
31+11● Dark
2026-06-17
cmdorganization
23+11+6● Active
2026-06-23
Icarus
12+11+10● Active
2026-06-23
payload
36+9+4● Active
2026-06-20
everest
27+9● Dark
2026-05-29
anubis
20+9+2● Active
2026-06-24
aurora
19+9+6● Active
2026-06-23
coinbasecartel
59+8● Dark
2026-06-12
m3rx
26+7● Dark
2026-06-11
BrainCipher
18+6+3● Active
2026-06-22
chaos
15+6+2● Active
2026-06-23
nightspire
40+5+1● Active
2026-06-21
gunra
22+5● Dark
2026-06-12
spacebears
13+5● Dark
2026-06-17
shadowbyt3$
12+5● Dark
2026-06-16
AuditTeam
12+5● Dark
2026-06-14
bravox
11+5+2● Active
2026-06-23
termite
7+5● Dark
2026-06-09
0day Syndicate
5+5● Dark
2026-05-29
apt73
A new ransomware group is said to have emerged in mid-April 2024, under the name "APT73."
68+4+2● Active
2026-06-23
lynx
16+4● Dark
2026-06-18
AiLock
AiLock is a Ransomware-as-a-Service (RaaS) group first identified in March 2025. It employ
15+4● Dark
2026-06-15
direwolf
4+4● Dark
2026-06-12
cloak
4+4+1● Active
2026-06-18
lamashtu
34+3● Dark
2026-06-17
pear
ABOUT US: <br/> <br/>"Pure Extraction And Ransom (PEAR) Team is the community of highly re
22+3● Dark
2026-06-10
SilentRansomGroup
21+3● Dark
2026-06-17
morpheus
5+3+1● Active
2026-06-25
lapsus$
Lapsus$ is a cyber extortion group first observed in late 2021, known for high-profile bre
5+3+1● Active
2026-06-23
PrinzEugen
4+3+1● Active
2026-06-22
titan
9+2● Dark
2026-05-30
securotrop
5+2● Dark
2026-06-14
killsec
5+2● Dark
2026-06-03
abyss
3+2● Dark
2026-06-01
fulcrumsec
24+1● Dark
2026-06-10
kairos
12+1● Dark
2026-05-29
interlock
10+1● Dark
2026-06-02
blackwater
6+1● Dark
2026-06-06
rhysida
Rhysida is a ransomware-as-a-service (RAAS) group that emerged in May 2023. The group util
5+1+1● Active
2026-06-18
ransomexx
We recently discovered a new file-encrypting Trojan built as an ELF executable and intende
3+1+1● Active
2026-06-20
nitrogen
2+1● Dark
2026-06-03
embargo
1+1● Dark
2026-06-09
medusalocker
Observed as recently as May 2022, MedusaLocker actors predominantly rely on vulnerabilitie
15● Dark
2026-05-05
payoutsking
Payouts King Group. We are not RaaS. No affiliates are accepted. We use Tox messaging prot
9● Dark
2026-05-13
LeakBazaar
9● Dark
2026-05-10
handala
8● Dark
2026-04-08
sinobi
6● Dark
2026-05-08
netrunner
6● Dark
2026-04-03
ransomhouse
5● Dark
2026-05-08
secpo
5● Dark
2026-04-29
ALP-001
5● Dark
2026-04-08
mnt6
3● Dark
2026-05-02
TiMc
3● Dark
2026-04-09
crypto24
aka Public Data Storage
3● Dark
2026-04-17
clop
Observed for the first time in Febuary 2019, variant from CryptoMix Family, itself a varia
2● Dark
2026-05-01
beast
2● Dark
2026-05-16
vect
1● Dark
2026-04-15
exitium
1● Dark
2026-04-14
radar
1● Dark
2026-04-29
blacknevas
1● Dark
2026-04-30
orca
1● Dark
2026-04-27
tridentlocker
1● Dark
2026-04-27
insomnia
1● Dark
2026-04-28
ms13089
1● Dark
2026-05-05
moneymessage
1● Dark
2026-05-11
⬡ Collector Health Gridcheck collectors
🖥
Feodo
30m
📦
MalwareBazaar
30m
🔒
SSLBL
30m
🛡
ThreatFox
24s
🌐
URLhaus
30m
🛡
AbuseIPDB
2h
🕸
C2Intel
3h
CISA KEV
3h
💣
Exploit-DB
3h
📊
FIRST EPSS
3h
🌫
GreyNoise
2h
📰
Mandiant
30m
MI
3h
🗺
MITRE ATT&CK
3h
AI Summaries
18s
📋
NVD CVE
10d
🎣
OpenPhish
3h
🔐
Ransomware.live
24s
RA
29d
📰
Sec.Blogs
24s
🔍
SigmaHQ
3h
👤
Hudson Rock
3h
🤖
Clustering
18s
🔗
Tor Exits
3h
🔬
VirusTotal
3h