Das Berufsförderungswerk Oberhausen untersucht aktuell mit hoher Priorität einen Cyberangriff auf das Netzwerk des Unternehmens.
Der Angriff wurde am 09.11.2024 identifiziert.…
Weekly intelligence
Trend-first
Weekly ransomware & data leak landscape
A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch.
Window: 2024-11-06 → 2024-11-12 UTC
Choose a report date
Observed events
103
Public claims in the selected week
Data leak indicators
85
82.5% of observed events
Active actors
23
Distinct groups with observed activity
Torrent-linked events
10
Events intersecting with torrent intelligence
What changed this week?
•
RansomHub generated the highest visible claim volume this week, representing 18.4% of observed events.
•
82.5% of observed events in this window showed a public data-leak indicator, which is a stronger escalation signal than a fresh listing alone.
•
Construction was the most represented sector in this window with 14 observed events.
•
3 actor(s) appeared active this week without matching activity in the prior 30-day lookback, suggesting fresh campaigns, rebrands, or resurfacing infrastructure.
•
10 observed events in this week intersected with torrent intelligence, which is useful for understanding data-distribution tactics beyond plain leak-site posts.
Coverage snapshot
As of 2024-11-12 UTC.
Leak sites observed this week
23
Leak sites online near report date
0
Threat actor profiles updated this week
4
Countries represented this week
29
Sectors represented this week
55
Top active actors
By observed claim volumeRansomHub
19 events · 19 leak indicators
Akira
11 events · 10 leak indicators
Lynx
9 events · 9 leak indicators
Blacksuit
6 events · 2 leak indicators
Eraleignews
6 events · 6 leak indicators
Kairos
6 events · 6 leak indicators
PLAY
6 events · 6 leak indicators
BianLian
5 events · 4 leak indicators
Emerging or resurfacing actors
No matching activity in prior 30 days- Akira 11 events
- Kairos 6 events
- DarkVault 1 event
Country mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
United States63
- RansomHub11 events · 11 leak indicators
- Akira8 events · 8 leak indicators
- PLAY6 events · 6 leak indicators
- BianLian5 events · 4 leak indicators
- Kairos5 events · 5 leak indicators
- Lynx5 events · 5 leak indicators
- Blacksuit4 events · 2 leak indicators
- Hunters International3 events · 2 leak indicators
Canada4
- RansomHub2 events · 2 leak indicators
- Blacksuit1 event · 0 leak indicators
- Lynx1 event · 1 leak indicator
France3
- Eraleignews1 event · 1 leak indicator
- INC Ransom1 event · 1 leak indicator
- Termite1 event · 1 leak indicator
United Kingdom3
- Cactus1 event · 1 leak indicator
- Lynx1 event · 1 leak indicator
- MEOW1 event · 0 leak indicators
Belgium2
- RansomHub2 events · 2 leak indicators
Brazil2
- Eraleignews1 event · 1 leak indicator
- Medusa1 event · 1 leak indicator
Germany2
- MEOW1 event · 0 leak indicators
- Termite1 event · 1 leak indicator
Romania2
- Kill Security1 event · 1 leak indicator
- RansomHub1 event · 1 leak indicator
Sector mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
Construction14
- RansomHub6 events · 6 leak indicators
- Akira2 events · 2 leak indicators
- Lynx2 events · 2 leak indicators
- Medusa2 events · 2 leak indicators
- PLAY2 events · 2 leak indicators
Law Practice5
- Hunters International2 events · 2 leak indicators
- BianLian1 event · 1 leak indicator
- Qilin1 event · 1 leak indicator
- RansomHub1 event · 1 leak indicator
Accounting4
- Kairos2 events · 2 leak indicators
- Lynx1 event · 1 leak indicator
- RansomHub1 event · 1 leak indicator
Hospitals and Health Care4
- BianLian1 event · 1 leak indicator
- Kill Security1 event · 1 leak indicator
- RansomHub1 event · 1 leak indicator
- Space Bears1 event · 0 leak indicators
Oil and Gas4
- PLAY1 event · 1 leak indicator
- RA Group1 event · 0 leak indicators
- RansomHub1 event · 1 leak indicator
- Termite1 event · 1 leak indicator
Advertising Services3
- Blacksuit1 event · 0 leak indicators
- PLAY1 event · 1 leak indicator
- RansomHub1 event · 1 leak indicator
Architecture and Planning3
- RansomHub2 events · 2 leak indicators
- Fog1 event · 0 leak indicators
Health, Wellness and Fitness3
- BianLian1 event · 0 leak indicators
- Kairos1 event · 1 leak indicator
- Kill Security1 event · 1 leak indicator
Organization size bands
Share of weekly events by employee-size group across the last 12 reporting windows.
- 51-200 employees 32
- 11-50 employees 21
- 201-500 employees 20
- 2-10 employees 11
- 1,001-5,000 employees 5
- 501-1,000 employees 4
Notable actor profile updates
Active actor records only.
New ransom note observed
No ransom-note change logged in this reporting window.
New actor infrastructure / contact channel
No infrastructure/contact-channel change logged in this reporting window.
New vuln / TTP intelligence
No vuln/TTP change logged in this reporting window.
Recent signal samples
Selected weekly signals.
| Actor | Sector | Country | Leak proof | Seen |
|---|---|---|---|---|
| Kill Security | Financial Services | United States | Data leak | 2024-11-12 |
| Kairos | Health, Wellness and Fitness | United States | Data leak | 2024-11-12 |
| Kairos | Accounting | United States | Data leak | 2024-11-12 |
| Kairos | Medical Practice | United States | Data leak | 2024-11-12 |
| Kairos | Accounting | Taiwan | Data leak | 2024-11-12 |
| Kairos | Medical Practice | United States | Data leak | 2024-11-12 |
| Kairos | Individual and Family Services | United States | Data leak | 2024-11-12 |
| RansomHub | Hospitals and Health Care | Canada | Data leak | 2024-11-12 |
| Medusa | Information Technology and Services | United States | Data leak | 2024-11-12 |
| RA Group | Oil and Gas | South Korea | Claim only | 2024-11-12 |
| RA Group | Medical Practice | United States | Claim only | 2024-11-12 |
| Blacksuit | Non-profit Organizations | United States | Claim only | 2024-11-12 |
News and research context
Recent articles from the same time window.
Related actor: Chort
The city of Sheboygan has secured its computer network after being hit with what appears to be ransomware attack, according to a statement released by city officials.
Last week…
CENTRAL POINT, Ore.-- A weekend data breach at the Southern Oregon Veterinary Specialty Center temporarily shuttered the urgent care doors, increased patient wait times and result…
Zaandam, the Netherlands, November 8, 2024 - Ahold Delhaize USA recently detected a cybersecurity issue within its U.S. network. Immediately upon detecting the issue, our security…
Information shared with federal agencies about cyber threats and criminal ransomware demands will be ring-fenced from regulators and law enforcement under new rules designed to pr…
Ministry of Information and Communications will promote practical exercises on information security
2024-11-10
In Vietnam, 2024 opened with ransomware attacks on large enterprises and Mr. Le Van Tuan raised the question, whether international criminals have seen a lucrative market where bu…
UNITED NATIONS, United States — The World Health Organization (WHO) and some 50 countries issued a warning at the United Nations (UN) about the rise of ransomware attacks against…
Related actor: INTERLOCK
Cisco Talos Incident Response (Talos IR) recently observed an attacker conducting big-game hunting and double extortion attacks using the relatively new Interlock ransomware.
O…
Related actor: Donex
A analysis of the Donex ransomware has led to the development of code that leverages a cryptographic vulnerability through a known plaintext attack. This discovery could provide i…
Newpark Resources - FORM 8-K | sec.gov
2024-11-08
On October 29, 2024, the Company detected a ransomware cybersecurity incident (“Incident”) in which an unauthorized third party gained access to certain of the Company’s internal…
Notes
- Observed events reflect monitored leak-site and extortion activity, not independent confirmation of every intrusion.
- Data-leak indicators reflect visible public leak evidence or escalation, which is stronger than a fresh listing alone.
- Country, sector, and company-size metadata can be incomplete. Unknown values are excluded from the public mix views.
- The goal is to explain concentration, escalation, churn, and patterns — not to build a wall of named victims.
Method
- The page uses a fixed seven-day window based on the selected date.
- Only public-facing actor and event records are included.
- Counts and breakdowns are designed for trend review, not incident confirmation.