Weekly intelligence Trend-first

Weekly ransomware & data leak landscape

A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch.

Window: 2024-10-09 → 2024-10-15 UTC

Choose a report date

Observed events

Public claims in the selected week

Data leak indicators

68.8% of observed events

Active actors

Distinct groups with observed activity

Torrent-linked events

Events intersecting with torrent intelligence

What changed this week?

•

PLAY generated the highest visible claim volume this week, representing 19.5% of observed events.

•

68.8% of observed events in this window showed a public data-leak indicator, which is a stronger escalation signal than a fresh listing alone.

•

Construction was the most represented sector in this window with 8 observed events.

•

4 actor(s) appeared active this week without matching activity in the prior 30-day lookback, suggesting fresh campaigns, rebrands, or resurfacing infrastructure.

Coverage snapshot

As of 2024-10-15 UTC.

Leak sites observed this week

Leak sites online near report date

Threat actor profiles updated this week

Countries represented this week

Sectors represented this week

Top active actors

By observed claim volume

PLAY

15 events · 13 leak indicators

MEOW

10 events · 0 leak indicators

Hunters International

8 events · 8 leak indicators

RansomHub

8 events · 8 leak indicators

Medusa

7 events · 7 leak indicators

Kill Security

5 events · 0 leak indicators

Rhysida

3 events · 3 leak indicators

Sarcoma

3 events · 2 leak indicators

Emerging or resurfacing actors

No matching activity in prior 30 days

BlackBasta 2 events
FSOCIETY 1 event
INTERLOCK 1 event
Underground 1 event

Country mix

Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.

United States47

PLAY13 events · 11 leak indicators
Hunters International7 events · 7 leak indicators
Medusa5 events · 5 leak indicators
MEOW4 events · 0 leak indicators
RansomHub4 events · 4 leak indicators
Rhysida3 events · 3 leak indicators
Abyss2 events · 2 leak indicators
3AM1 event · 1 leak indicator

Canada3

DragonForce1 event · 1 leak indicator
PLAY1 event · 1 leak indicator
Sarcoma1 event · 1 leak indicator

Japan3

MEOW1 event · 0 leak indicators
RansomHub1 event · 1 leak indicator
Underground1 event · 0 leak indicators

France2

Hunters International1 event · 1 leak indicator
RansomHouse1 event · 0 leak indicators

India2

Kill Security2 events · 0 leak indicators

Norway2

Medusa1 event · 1 leak indicator
MEOW1 event · 0 leak indicators

United Kingdom2

BlackBasta1 event · 1 leak indicator
Kill Security1 event · 0 leak indicators

Aruba1

Data Leak1 event · 1 leak indicator

Sector mix

Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.

Construction8

Medusa5 events · 5 leak indicators
PLAY3 events · 3 leak indicators

Hospitals and Health Care6

BianLian1 event · 0 leak indicators
INC Ransom1 event · 0 leak indicators
Kill Security1 event · 0 leak indicators
MEOW1 event · 0 leak indicators
RansomHub1 event · 1 leak indicator
Rhysida1 event · 1 leak indicator

Law Practice4

Hunters International2 events · 2 leak indicators
PLAY1 event · 1 leak indicator
RansomHub1 event · 1 leak indicator

Software Development3

RansomHub2 events · 2 leak indicators
DragonForce1 event · 1 leak indicator

Wholesale3

Data Leak1 event · 1 leak indicator
Hunters International1 event · 1 leak indicator
PLAY1 event · 1 leak indicator

Education Administration Programs2

Medusa1 event · 1 leak indicator
Rhysida1 event · 1 leak indicator

Entertainment Providers2

Lynx1 event · 1 leak indicator
PLAY1 event · 0 leak indicators

Environmental Services2

Hunters International1 event · 1 leak indicator
MEOW1 event · 0 leak indicators

Organization size bands

Share of weekly events by employee-size group across the last 12 reporting windows.

51-200 employees 25
11-50 employees 12
1,001-5,000 employees 9
201-500 employees 9
2-10 employees 6
501-1,000 employees 6

Notable actor profile updates

Active actor records only.

New ransom note observed

No ransom-note change logged in this reporting window.

New actor infrastructure / contact channel

No infrastructure/contact-channel change logged in this reporting window.

New vuln / TTP intelligence

No vuln/TTP change logged in this reporting window.

Recent signal samples

Selected weekly signals.

Actor	Sector	Country	Leak proof	Seen
PLAY	Construction	United States	Data leak	2024-10-15
PLAY	Construction	United States	Data leak	2024-10-15
PLAY	Law Practice	United States	Data leak	2024-10-15
Kill Security	Government Administration	Libya	Claim only	2024-10-15
BianLian	Hospitals and Health Care	United States	Claim only	2024-10-15
Rhysida	Education Administration Programs	United States	Data leak	2024-10-15
Fog	Non-profit Organizations	United States	Claim only	2024-10-15
RansomHub	Software Development	Turkey	Data leak	2024-10-15
Hunters International	Law Practice	United States	Data leak	2024-10-15
Sarcoma	Wholesale Building Materials	Canada	Data leak	2024-10-15
Rhysida	IT Services and IT Consulting	United States	Data leak	2024-10-15
Medusa	Construction	United States	Data leak	2024-10-15

News and research context

Recent articles from the same time window.

Ransomware Attack on Uttarakhand State Data Center Disrupts Services; Authorities Initiate Probe 2024-10-15

Dehradun: A ransomware attack on the Uttarakhand State Data Center forced several government websites and services offline, affecting critical functions like police case filings a…

Cyberangriff auf die Johannesstift Diakonie 2024-10-14

In den frühen Morgenstunden des 13. Oktober 2024 wurden alle zentralen Server der Johannesstift Diakonie Opfer eines externen Angriffs. Alle Server wurden durch einen sogenannten…

Cyber attack forces Calgary Public Library to close its doors | CTV News 2024-10-13

Calgary Public Library (CPL) locations closed early on Friday following a cyber attack.

Critical Veeam Backup & Replication Vulnerability Under Active Exploitation 2024-10-12

Related actor: Fog

Security researchers have reported CVE-2024-40711 is under active exploitation by ransomware groups. These groups are reportedly exploiting CVE-2024-40711 as a second stage exploi…

Hackers may have access to personal details of thousands of customers after debt collection firm attacked | Irish Independent 2024-10-12

The data breach at one of the State’s largest debt-collection agencies may mean hackers have access to the financial and personal details of thousands of consumers it is dealing w…

ランサムウェア国内動向、2024年上期はVPN経由の感染が統計以来初めて50%を下回る。（大元隆志） - エキスパート - Yahoo!ニュース 2024-10-11

　警察庁から「令和６年上半期におけるサイバー空間をめぐる脅威の情勢等について」が公開された。今回は同レポートとリークサイトへの掲載数、決算報告書を用いて、日本国内のランサムウェア脅威動向について解説す

C.R. Laurence reports ransomware attack 2024-10-11

C.R. Laurence (CRL) experienced a ransomware attack on October 1, 2024, which disrupted certain areas of its network, including its online ordering system and design and estimatin…

Ransom demands and cyber attack affecting internet use for schools across Nevada County | News | theunion.com 2024-10-11

Teachers throughout Nevada County have had to make a sudden pivot over the past three days toward instruction that does not rely on an internet connection when a cyber breach was…

Notes

Observed events reflect monitored leak-site and extortion activity, not independent confirmation of every intrusion.
Data-leak indicators reflect visible public leak evidence or escalation, which is stronger than a fresh listing alone.
Country, sector, and company-size metadata can be incomplete. Unknown values are excluded from the public mix views.
The goal is to explain concentration, escalation, churn, and patterns — not to build a wall of named victims.

Method

The page uses a fixed seven-day window based on the selected date.
Only public-facing actor and event records are included.
Counts and breakdowns are designed for trend review, not incident confirmation.