Weekly intelligence Trend-first

Weekly ransomware & data leak landscape

A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch.

Window: 2024-09-11 → 2024-09-17 UTC
Choose a report date
Previous week Next week
Observed events
105
Public claims in the selected week
Data leak indicators
78
74.3% of observed events
Active actors
26
Distinct groups with observed activity
Torrent-linked events
0
Events intersecting with torrent intelligence

What changed this week?

RansomHub generated the highest visible claim volume this week, representing 19.0% of observed events.
74.3% of observed events in this window showed a public data-leak indicator, which is a stronger escalation signal than a fresh listing alone.
Construction was the most represented sector in this window with 8 observed events.
5 actor(s) appeared active this week without matching activity in the prior 30-day lookback, suggesting fresh campaigns, rebrands, or resurfacing infrastructure.

Coverage snapshot

As of 2024-09-17 UTC.
Leak sites observed this week
26
Leak sites online near report date
0
Threat actor profiles updated this week
2
Countries represented this week
30
Sectors represented this week
55

Top active actors

By observed claim volume
RansomHub
20 events · 20 leak indicators
PLAY
9 events · 9 leak indicators
Medusa
8 events · 8 leak indicators
Hunters International
7 events · 7 leak indicators
LockBit 3.0
7 events · 7 leak indicators
MEOW
7 events · 0 leak indicators
Data Leak
6 events · 2 leak indicators
Arcus Media
5 events · 0 leak indicators

Emerging or resurfacing actors

No matching activity in prior 30 days
  • Arcus Media 5 events
  • Valencia 5 events
  • 3AM 2 events
  • Defray777 1 event
  • Orca 1 event

Country mix

Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
United States59
  • RansomHub10 events · 10 leak indicators
  • Data Leak6 events · 2 leak indicators
  • PLAY6 events · 6 leak indicators
  • Hunters International5 events · 5 leak indicators
  • MEOW5 events · 0 leak indicators
  • BianLian3 events · 2 leak indicators
  • INC Ransom3 events · 3 leak indicators
  • LockBit 3.03 events · 3 leak indicators
Spain5
  • RansomHub2 events · 2 leak indicators
  • 3AM1 event · 1 leak indicator
  • Stormous1 event · 1 leak indicator
  • Valencia1 event · 0 leak indicators
Canada4
  • PLAY2 events · 2 leak indicators
  • Hunters International1 event · 1 leak indicator
  • RansomHub1 event · 1 leak indicator
Italy3
  • Arcus Media1 event · 0 leak indicators
  • Medusa1 event · 1 leak indicator
  • RansomHub1 event · 1 leak indicator
United Kingdom3
  • Blacksuit1 event · 0 leak indicators
  • Hunters International1 event · 1 leak indicator
  • MEOW1 event · 0 leak indicators
Australia2
  • Medusa1 event · 1 leak indicator
  • RansomHub1 event · 1 leak indicator
Brazil2
  • LockBit 3.01 event · 1 leak indicator
  • Medusa1 event · 1 leak indicator
Colombia2
  • LockBit 3.01 event · 1 leak indicator
  • RansomHub1 event · 1 leak indicator

Sector mix

Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
Construction8
  • Hunters International3 events · 3 leak indicators
  • RansomHub2 events · 2 leak indicators
  • Blacksuit1 event · 1 leak indicator
  • LockBit 3.01 event · 1 leak indicator
  • Lynx1 event · 1 leak indicator
IT Services and IT Consulting5
  • Arcus Media1 event · 0 leak indicators
  • Medusa1 event · 1 leak indicator
  • PLAY1 event · 1 leak indicator
  • RansomHub1 event · 1 leak indicator
  • Stormous1 event · 1 leak indicator
Law Practice5
  • BianLian2 events · 1 leak indicator
  • Abyss1 event · 1 leak indicator
  • MEOW1 event · 0 leak indicators
  • RansomHub1 event · 1 leak indicator
Environmental Services4
  • MEOW2 events · 0 leak indicators
  • RansomHub2 events · 2 leak indicators
Financial Services4
  • Cactus1 event · 1 leak indicator
  • Data Leak1 event · 1 leak indicator
  • Medusa1 event · 1 leak indicator
  • MEOW1 event · 0 leak indicators
Software Development4
  • Arcus Media1 event · 0 leak indicators
  • Kill Security1 event · 0 leak indicators
  • Lynx1 event · 1 leak indicator
  • RansomHub1 event · 1 leak indicator
Accounting3
  • Data Leak1 event · 0 leak indicators
  • MEOW1 event · 0 leak indicators
  • PLAY1 event · 1 leak indicator
Government Administration3
  • Kill Security1 event · 0 leak indicators
  • Rhysida1 event · 1 leak indicator
  • Valencia1 event · 1 leak indicator

Organization size bands

Share of weekly events by employee-size group across the last 12 reporting windows.
  • 51-200 employees 37
  • 11-50 employees 17
  • 201-500 employees 15
  • 2-10 employees 14
  • 1,001-5,000 employees 8
  • 501-1,000 employees 5

Notable actor profile updates

Active actor records only.
New ransom note observed
No ransom-note change logged in this reporting window.
New actor infrastructure / contact channel
No infrastructure/contact-channel change logged in this reporting window.
New vuln / TTP intelligence
No vuln/TTP change logged in this reporting window.

Recent signal samples

Selected weekly signals.
Actor Sector Country Leak proof Seen
RansomHub Law Firm United States Data leak 2024-09-17
RansomHub Building Materials Australia Data leak 2024-09-17
RansomHub Retail United States Data leak 2024-09-17
Kill Security Government Administration China Claim only 2024-09-17
RansomHub Primary and Secondary Education United States Data leak 2024-09-17
Hunters International Construction United States Data leak 2024-09-17
3AM Farming Spain Data leak 2024-09-17
Hunters International Motor Vehicle Manufacturing Canada Data leak 2024-09-17
BianLian Law Practice United States Data leak 2024-09-17
Medusa Hospitality Australia Data leak 2024-09-17
Medusa Outsourcing and Offshoring Consulting Philippines Data leak 2024-09-17
Cactus Financial Services Switzerland Data leak 2024-09-17

News and research context

Recent articles from the same time window.
Over Half of Breached UK Firms Pay Ransom 2024-09-17
Ransomware attacks are surging in the UK, with threat actors possibly encouraged by the propensity of victim organizations to pay up, according to a new study from Cohesity. Th…
Oklahoma hospital hit with EHR outage 2024-09-13
Oklahoma hospital faces EHR outage due to reported ransomware attack, but assures community of continued patient care. External professionals enlisted for help.
|新着ニュース|物流倉庫アウトソーシングの関通(旧関西商業流通) 2024-09-13
会社名 株式会社関通代表者名 代表取締役社長 達城 久裕(コード番号 :9326 東証グロース)問合せ先 取締役副社長  達城 利卓当社におけるサイバーテロによるシステムの停止事案 発生のお知らせこの度、当社におけるサイバーテロによるものと思われるシステム障害(以下、「本件」)が発生したことについて、下記の通りお知らせいたします。お取引様・関係者の皆様に多…
Kawasaki’s European HQ recovers from cyber attack 2024-09-13
Related actor: RansomHub
At the start of September, Kawasaki Motors Europe, (KME) was the subject of a cyber-attack which, although not successful, resulted in the company’s servers being temporarily isol…
Ransomware in focus: Meet RansomHub 2024-09-12
Related actor: RansomHub
Ransomware in focus: Meet RansomHub. In this overview discover the motivations, victimology and TTPs of the RansomHub threat actor group. First observed in late February 2024,…

Notes

  • Observed events reflect monitored leak-site and extortion activity, not independent confirmation of every intrusion.
  • Data-leak indicators reflect visible public leak evidence or escalation, which is stronger than a fresh listing alone.
  • Country, sector, and company-size metadata can be incomplete. Unknown values are excluded from the public mix views.
  • The goal is to explain concentration, escalation, churn, and patterns — not to build a wall of named victims.

Method

  • The page uses a fixed seven-day window based on the selected date.
  • Only public-facing actor and event records are included.
  • Counts and breakdowns are designed for trend review, not incident confirmation.