Weekly intelligence Trend-first

Weekly ransomware & data leak landscape

A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch.

Window: 2024-10-23 → 2024-10-29 UTC
Choose a report date
Previous week Next week
Observed events
139
Public claims in the selected week
Data leak indicators
85
61.2% of observed events
Active actors
31
Distinct groups with observed activity
Torrent-linked events
0
Events intersecting with torrent intelligence

What changed this week?

Eraleignews generated the highest visible claim volume this week, representing 14.4% of observed events.
61.2% of observed events in this window showed a public data-leak indicator, which is a stronger escalation signal than a fresh listing alone.
Construction was the most represented sector in this window with 11 observed events.
4 actor(s) appeared active this week without matching activity in the prior 30-day lookback, suggesting fresh campaigns, rebrands, or resurfacing infrastructure.
1 tracked leak sites were still online as of the report date snapshot, giving useful context on current ecosystem churn and monitoring pressure.

Coverage snapshot

As of 2024-10-29 UTC.
Leak sites observed this week
31
Leak sites online near report date
1
Threat actor profiles updated this week
4
Countries represented this week
24
Sectors represented this week
64

Top active actors

By observed claim volume
Eraleignews
20 events · 20 leak indicators
RansomHub
18 events · 16 leak indicators
PLAY
12 events · 12 leak indicators
Fog
10 events · 0 leak indicators
Blacksuit
7 events · 1 leak indicator
RA Group
7 events · 0 leak indicators
MEOW
6 events · 0 leak indicators
BlackBasta
5 events · 5 leak indicators

Emerging or resurfacing actors

No matching activity in prior 30 days
  • Eraleignews 20 events
  • RA Group 7 events
  • Brain Cipher 4 events
  • PlayBoy 1 event

Country mix

Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
United States72
  • PLAY12 events · 12 leak indicators
  • RansomHub10 events · 9 leak indicators
  • Fog9 events · 0 leak indicators
  • Eraleignews6 events · 6 leak indicators
  • Blacksuit5 events · 1 leak indicator
  • BlackBasta4 events · 4 leak indicators
  • INTERLOCK4 events · 4 leak indicators
  • Everest3 events · 0 leak indicators
United Kingdom12
  • Eraleignews7 events · 7 leak indicators
  • MEOW2 events · 0 leak indicators
  • BianLian1 event · 0 leak indicators
  • Cactus1 event · 1 leak indicator
  • DragonForce1 event · 1 leak indicator
Canada10
  • Blacksuit2 events · 0 leak indicators
  • BianLian1 event · 0 leak indicators
  • Data Leak1 event · 1 leak indicator
  • Eraleignews1 event · 1 leak indicator
  • Hunters International1 event · 1 leak indicator
  • Medusa1 event · 1 leak indicator
  • Nitrogen1 event · 1 leak indicator
  • RA Group1 event · 0 leak indicators
India7
  • Kill Security3 events · 2 leak indicators
  • Hunters International1 event · 1 leak indicator
  • Lynx1 event · 1 leak indicator
  • RA Group1 event · 0 leak indicators
  • RansomHub1 event · 1 leak indicator
Germany5
  • Eraleignews1 event · 1 leak indicator
  • Medusa1 event · 0 leak indicators
  • PlayBoy1 event · 0 leak indicators
  • RA Group1 event · 0 leak indicators
  • Sarcoma1 event · 1 leak indicator
Australia3
  • Abyss1 event · 1 leak indicator
  • Eraleignews1 event · 1 leak indicator
  • Sarcoma1 event · 1 leak indicator
Brazil2
  • Brain Cipher1 event · 0 leak indicators
  • RansomHub1 event · 1 leak indicator
France2
  • Cloak1 event · 0 leak indicators
  • Eraleignews1 event · 1 leak indicator

Sector mix

Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
Construction11
  • PLAY3 events · 3 leak indicators
  • RansomHub3 events · 2 leak indicators
  • Blacksuit1 event · 0 leak indicators
  • Cloak1 event · 0 leak indicators
  • Eraleignews1 event · 1 leak indicator
  • Lynx1 event · 1 leak indicator
  • Nitrogen1 event · 1 leak indicator
IT Services and IT Consulting8
  • Eraleignews5 events · 5 leak indicators
  • Kill Security1 event · 1 leak indicator
  • PLAY1 event · 1 leak indicator
  • RansomHub1 event · 1 leak indicator
Law Practice8
  • BianLian2 events · 0 leak indicators
  • BlackBasta2 events · 2 leak indicators
  • Brain Cipher1 event · 0 leak indicators
  • RA Group1 event · 0 leak indicators
  • RansomHub1 event · 1 leak indicator
  • Rhysida1 event · 1 leak indicator
Medical Practice6
  • Everest2 events · 0 leak indicators
  • 3AM1 event · 1 leak indicator
  • Abyss1 event · 1 leak indicator
  • Eraleignews1 event · 1 leak indicator
  • Kill Security1 event · 1 leak indicator
Hospitals and Health Care5
  • RansomHub2 events · 2 leak indicators
  • Abyss1 event · 1 leak indicator
  • Everest1 event · 0 leak indicators
  • INTERLOCK1 event · 1 leak indicator
Appliances, Electrical, and Electronics Manufacturing4
  • RansomHub2 events · 2 leak indicators
  • INTERLOCK1 event · 1 leak indicator
  • RA Group1 event · 0 leak indicators
Financial Services4
  • Eraleignews2 events · 2 leak indicators
  • Lynx1 event · 1 leak indicator
  • RansomHub1 event · 1 leak indicator
Manufacturing4
  • Fog2 events · 0 leak indicators
  • PLAY1 event · 1 leak indicator
  • Sarcoma1 event · 1 leak indicator

Organization size bands

Share of weekly events by employee-size group across the last 12 reporting windows.
  • 51-200 employees 41
  • 11-50 employees 32
  • 201-500 employees 23
  • 501-1,000 employees 12
  • 1,001-5,000 employees 11
  • 2-10 employees 4

Notable actor profile updates

Active actor records only.
New ransom note observed
No ransom-note change logged in this reporting window.
New actor infrastructure / contact channel
No infrastructure/contact-channel change logged in this reporting window.
New vuln / TTP intelligence
No vuln/TTP change logged in this reporting window.

Recent signal samples

Selected weekly signals.
Actor Sector Country Leak proof Seen
RansomHub Hospitals and Health Care United States Data leak 2024-10-29
PLAY Motor Vehicle Manufacturing United States Data leak 2024-10-29
PLAY Public Safety United States Data leak 2024-10-29
PLAY Telecommunications United States Data leak 2024-10-29
RansomHub Construction United States Claim only 2024-10-29
RansomHub Hospitals and Health Care United States Data leak 2024-10-29
RansomHub Retail Philippines Data leak 2024-10-29
BlackBasta Industrial Machinery Manufacturing Spain Data leak 2024-10-29
BlackBasta Warehousing United States Data leak 2024-10-29
BlackBasta Automation Machinery Manufacturing United States Data leak 2024-10-29
BlackBasta Law Practice United States Data leak 2024-10-29
Arcus Media Technology, Information and Internet United States Claim only 2024-10-29

News and research context

Recent articles from the same time window.
Avast Releases Free Decryptor for Mallox Ransomware 2024-10-23
Related actor: Mallox
Anti-malware vendor Avast on Tuesday published a free decryption tool to help victims to recover from the Mallox ransomware attacks. First observed in 2021 and also known as Fa…
Karat Packaging Inc. - FORM 8-K | SEC.gov 2024-10-23
On October 18, 2024, Karat Packaging Inc. (the “Company”) discovered unauthorized third-party access to its information systems. Upon detecting the incident, the Company activated…

Notes

  • Observed events reflect monitored leak-site and extortion activity, not independent confirmation of every intrusion.
  • Data-leak indicators reflect visible public leak evidence or escalation, which is stronger than a fresh listing alone.
  • Country, sector, and company-size metadata can be incomplete. Unknown values are excluded from the public mix views.
  • The goal is to explain concentration, escalation, churn, and patterns — not to build a wall of named victims.

Method

  • The page uses a fixed seven-day window based on the selected date.
  • Only public-facing actor and event records are included.
  • Counts and breakdowns are designed for trend review, not incident confirmation.