Ha sido arrestado en la localidad malagueña de Estepona acusado de ser el creador y administrador de Ransom Cartel y de la creación y distribución de otros ransomware como CryptXX…
Weekly intelligence
Trend-first
Weekly ransomware & data leak landscape
A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch.
Window: 2024-08-28 → 2024-09-03 UTC
Choose a report date
Observed events
132
Public claims in the selected week
Data leak indicators
105
79.5% of observed events
Active actors
24
Distinct groups with observed activity
Torrent-linked events
0
Events intersecting with torrent intelligence
What changed this week?
•
RansomHub generated the highest visible claim volume this week, representing 22.0% of observed events.
•
79.5% of observed events in this window showed a public data-leak indicator, which is a stronger escalation signal than a fresh listing alone.
•
Construction was the most represented sector in this window with 13 observed events.
•
1 tracked leak sites were still online as of the report date snapshot, giving useful context on current ecosystem churn and monitoring pressure.
Coverage snapshot
As of 2024-09-03 UTC.
Leak sites observed this week
24
Leak sites online near report date
1
Threat actor profiles updated this week
2
Countries represented this week
37
Sectors represented this week
64
Top active actors
By observed claim volumeRansomHub
29 events · 29 leak indicators
LockBit 3.0
15 events · 15 leak indicators
Blacksuit
12 events · 11 leak indicators
BianLian
9 events · 5 leak indicators
MEOW
9 events · 0 leak indicators
Monti
9 events · 7 leak indicators
PLAY
7 events · 7 leak indicators
Cicada3301
6 events · 5 leak indicators
Emerging or resurfacing actors
No matching activity in prior 30 daysNo newly active actor families were detected using the 30-day lookback rule.
Country mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
United States63
- Blacksuit10 events · 9 leak indicators
- BianLian7 events · 4 leak indicators
- LockBit 3.06 events · 6 leak indicators
- PLAY6 events · 6 leak indicators
- RansomHub6 events · 6 leak indicators
- Cicada33015 events · 4 leak indicators
- Qilin4 events · 3 leak indicators
- Lynx3 events · 3 leak indicators
Canada13
- Monti8 events · 6 leak indicators
- Abyss1 event · 1 leak indicator
- Cactus1 event · 1 leak indicator
- INC Ransom1 event · 1 leak indicator
- LockBit 3.01 event · 1 leak indicator
- RansomHub1 event · 1 leak indicator
United Kingdom6
- RansomHub4 events · 4 leak indicators
- Cactus1 event · 1 leak indicator
- LockBit 3.01 event · 1 leak indicator
Australia4
- LockBit 3.02 events · 2 leak indicators
- RansomHub1 event · 1 leak indicator
- Rhysida1 event · 1 leak indicator
France4
- RansomHub2 events · 2 leak indicators
- Brain Cipher1 event · 0 leak indicators
- LockBit 3.01 event · 1 leak indicator
Belgium3
- Kill Security1 event · 0 leak indicators
- MEOW1 event · 0 leak indicators
- PLAY1 event · 1 leak indicator
Italy3
- LockBit 3.01 event · 1 leak indicator
- MEOW1 event · 0 leak indicators
- RansomHub1 event · 1 leak indicator
Switzerland3
- RansomHub2 events · 2 leak indicators
- Cicada33011 event · 1 leak indicator
Sector mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
Construction13
- Blacksuit2 events · 1 leak indicator
- MEOW2 events · 0 leak indicators
- Monti2 events · 1 leak indicator
- Qilin2 events · 2 leak indicators
- RansomHub2 events · 2 leak indicators
- Cactus1 event · 1 leak indicator
- Cicada33011 event · 1 leak indicator
- PLAY1 event · 1 leak indicator
Accounting7
- Cicada33013 events · 3 leak indicators
- BianLian1 event · 1 leak indicator
- LockBit 3.01 event · 1 leak indicator
- MEOW1 event · 0 leak indicators
- Monti1 event · 1 leak indicator
Hospitals and Health Care5
- Blacksuit2 events · 2 leak indicators
- Kill Security1 event · 0 leak indicators
- MEOW1 event · 0 leak indicators
- Qilin1 event · 1 leak indicator
Motor Vehicle Manufacturing5
- Abyss1 event · 1 leak indicator
- Blacksuit1 event · 1 leak indicator
- LockBit 3.01 event · 1 leak indicator
- PLAY1 event · 1 leak indicator
- RansomHub1 event · 1 leak indicator
Government Administration4
- RansomHub4 events · 4 leak indicators
Legal Services4
- BianLian2 events · 1 leak indicator
- Hunters International1 event · 1 leak indicator
- Rhysida1 event · 1 leak indicator
Medical Practice4
- Blacksuit2 events · 2 leak indicators
- RansomHub1 event · 1 leak indicator
- Rhysida1 event · 1 leak indicator
Real Estate4
- RansomHub2 events · 2 leak indicators
- Cicada33011 event · 0 leak indicators
- Medusa1 event · 1 leak indicator
Organization size bands
Share of weekly events by employee-size group across the last 12 reporting windows.
- 11-50 employees 30
- 51-200 employees 30
- 201-500 employees 22
- 2-10 employees 12
- 501-1,000 employees 11
- 1,001-5,000 employees 9
Notable actor profile updates
Active actor records only.
New ransom note observed
No ransom-note change logged in this reporting window.
New actor infrastructure / contact channel
No infrastructure/contact-channel change logged in this reporting window.
New vuln / TTP intelligence
No vuln/TTP change logged in this reporting window.
Recent signal samples
Selected weekly signals.
| Actor | Sector | Country | Leak proof | Seen |
|---|---|---|---|---|
| Cactus | Hospitality | United States | Data leak | 2024-09-03 |
| Cactus | Security and Investigations | Puerto Rico | Data leak | 2024-09-03 |
| Cactus | Construction | United Kingdom | Data leak | 2024-09-03 |
| RansomHub | Real Estate | United States | Data leak | 2024-09-03 |
| Cactus | Automation Machinery Manufacturing | United States | Data leak | 2024-09-03 |
| Cactus | Machinery Manufacturing | Canada | Data leak | 2024-09-03 |
| RansomHub | Medical Practice | United States | Data leak | 2024-09-03 |
| RansomHouse | Defense and Space Manufacturing | Czech Republic | Claim only | 2024-09-03 |
| Qilin | Construction | United States | Data leak | 2024-09-03 |
| Blacksuit | Medical Practice | United States | Data leak | 2024-09-03 |
| Blacksuit | Construction | United States | Data leak | 2024-09-03 |
| Medusa | Printing Services | United States | Data leak | 2024-09-02 |
News and research context
Recent articles from the same time window.
La RFEBM denuncia el ataque de hackers informáticos | REAL FEDERACIÓN ESPAÑOLA DE BALONMANO
2024-09-02
Durante la mañana del pasado viernes día 30 de agosto de 2024, la R.F.E.BM. tuvo conocimiento de que se había detectado “una posible exfiltración de datos relativos a miembros de…
We are currently dealing with an ongoing cyber security incident. At present, there is no evidence that any customer data has been compromised and there has been no impact on TfL…
Related actor: Cicada3301
A new ransomware group calling themselves Cicada3301 was first observed in June 2024, when they posted four victims on a victim blog. Since then, Cicada3301 has added more victims…
Related actor: RansomHub
For days, there have been rumors that Halliburton suffered a RansomHub ransomware attack, with users claiming this on Reddit and on the job layoff discussion site, TheLayoff, wher…
#StopRansomware: RansomHub Ransomware | CISA
2024-08-29
Related actor: RansomHub
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the…
Related actor: razr
Operations of Razr ransomware commence with unique machine ID, encryption key, and Initialization Vector generation, which are later delivered in unencrypted JSON format to a comm…
The threat group (also tracked as Fox Kitten, UNC757, and Parisite) has been active since at least 2017 and is believed to have a suspected nexus to the Iranian government.
"Mo…
On August 21, 2024, the Company discovered unauthorized third-party access to its information systems, including portions of its systems containing certain confidential informatio…
Related actor: BlackByte
· The BlackByte ransomware group continues to leverage tactics, techniques and procedures (TTPs) that have formed the foundation of its tradecraft since its inception, contin…
Notes
- Observed events reflect monitored leak-site and extortion activity, not independent confirmation of every intrusion.
- Data-leak indicators reflect visible public leak evidence or escalation, which is stronger than a fresh listing alone.
- Country, sector, and company-size metadata can be incomplete. Unknown values are excluded from the public mix views.
- The goal is to explain concentration, escalation, churn, and patterns — not to build a wall of named victims.
Method
- The page uses a fixed seven-day window based on the selected date.
- Only public-facing actor and event records are included.
- Counts and breakdowns are designed for trend review, not incident confirmation.