Weekly intelligence Trend-first

Weekly ransomware & data leak landscape

A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch.

Window: 2024-11-27 → 2024-12-03 UTC

Choose a report date

Observed events

153

Public claims in the selected week

Data leak indicators

111

72.5% of observed events

Active actors

Distinct groups with observed activity

Torrent-linked events

Events intersecting with torrent intelligence

What changed this week?

•

Akira generated the highest visible claim volume this week, representing 25.5% of observed events.

•

72.5% of observed events in this window showed a public data-leak indicator, which is a stronger escalation signal than a fresh listing alone.

•

Hospitals and Health Care was the most represented sector in this window with 13 observed events.

•

4 actor(s) appeared active this week without matching activity in the prior 30-day lookback, suggesting fresh campaigns, rebrands, or resurfacing infrastructure.

•

29 observed events in this week intersected with torrent intelligence, which is useful for understanding data-distribution tactics beyond plain leak-site posts.

Coverage snapshot

As of 2024-12-03 UTC.

Leak sites observed this week

Leak sites online near report date

Threat actor profiles updated this week

Countries represented this week

Sectors represented this week

Top active actors

By observed claim volume

Akira

39 events · 28 leak indicators

RansomHub

27 events · 25 leak indicators

Argonauts

12 events · 4 leak indicators

Fog

8 events · 0 leak indicators

Qilin

7 events · 4 leak indicators

Hunters International

5 events · 5 leak indicators

Kill Security

5 events · 5 leak indicators

SAFEPAY

5 events · 3 leak indicators

Emerging or resurfacing actors

No matching activity in prior 30 days

Argonauts 12 events
8BASE 3 events
Daixin 2 events
Trinity 1 event

Country mix

Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.

United States81

Akira26 events · 15 leak indicators
RansomHub15 events · 13 leak indicators
Fog6 events · 0 leak indicators
Qilin4 events · 3 leak indicators
Hunters International3 events · 3 leak indicators
Lynx3 events · 3 leak indicators
Medusa3 events · 3 leak indicators
PLAY3 events · 2 leak indicators

Italy11

Argonauts6 events · 2 leak indicators
RansomHub2 events · 2 leak indicators
8BASE1 event · 1 leak indicator
Eraleignews1 event · 1 leak indicator
Hunters International1 event · 1 leak indicator

Brazil5

Akira2 events · 2 leak indicators
RansomHub2 events · 2 leak indicators
Eraleignews1 event · 1 leak indicator

Canada4

Akira3 events · 3 leak indicators
Rhysida1 event · 1 leak indicator

Germany4

Akira2 events · 2 leak indicators
Cloak1 event · 0 leak indicators
RansomHub1 event · 1 leak indicator

United Kingdom4

INC Ransom2 events · 2 leak indicators
Qilin2 events · 1 leak indicator

Australia3

Akira1 event · 1 leak indicator
Kill Security1 event · 1 leak indicator
SAFEPAY1 event · 0 leak indicators

Austria3

Akira1 event · 1 leak indicator
Eraleignews1 event · 1 leak indicator
Sarcoma1 event · 1 leak indicator

Sector mix

Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.

Hospitals and Health Care13

Fog3 events · 0 leak indicators
RansomHub3 events · 3 leak indicators
Argonauts2 events · 1 leak indicator
BianLian1 event · 1 leak indicator
Eraleignews1 event · 1 leak indicator
INC Ransom1 event · 1 leak indicator
LockBit 3.01 event · 1 leak indicator
Qilin1 event · 0 leak indicators

IT Services and IT Consulting10

Akira5 events · 5 leak indicators
Hunters International2 events · 2 leak indicators
Argonauts1 event · 0 leak indicators
Kill Security1 event · 1 leak indicator
PLAY1 event · 0 leak indicators

Construction9

RansomHub3 events · 3 leak indicators
Akira1 event · 0 leak indicators
Hunters International1 event · 1 leak indicator
Medusa1 event · 1 leak indicator
RansomHouse1 event · 0 leak indicators
SAFEPAY1 event · 1 leak indicator
Sarcoma1 event · 1 leak indicator

Software Development8

RansomHub3 events · 3 leak indicators
Kill Security2 events · 2 leak indicators
Akira1 event · 1 leak indicator
Argonauts1 event · 1 leak indicator
INC Ransom1 event · 1 leak indicator

Plastics Manufacturing5

Akira2 events · 1 leak indicator
Lynx2 events · 2 leak indicators
8BASE1 event · 1 leak indicator

Retail5

RansomHub2 events · 2 leak indicators
Akira1 event · 1 leak indicator
Medusa1 event · 1 leak indicator
Sarcoma1 event · 1 leak indicator

Manufacturing4

Akira3 events · 2 leak indicators
Embargo1 event · 1 leak indicator

Appliances, Electrical, and Electronics Manufacturing3

Akira1 event · 1 leak indicator
Argonauts1 event · 0 leak indicators
SAFEPAY1 event · 1 leak indicator

Organization size bands

Share of weekly events by employee-size group across the last 12 reporting windows.

11-50 employees 42
51-200 employees 41
201-500 employees 18
1,001-5,000 employees 15
2-10 employees 8
501-1,000 employees 8

Notable actor profile updates

Active actor records only.

New ransom note observed

No ransom-note change logged in this reporting window.

New actor infrastructure / contact channel

No infrastructure/contact-channel change logged in this reporting window.

New vuln / TTP intelligence

No vuln/TTP change logged in this reporting window.

Recent signal samples

Selected weekly signals.

Actor	Sector	Country	Leak proof	Seen
8BASE	Mining	Italy	Data leak	2024-12-03
8BASE	Plastics Manufacturing	Switzerland	Data leak	2024-12-03
8BASE	Printing Services	Poland	Data leak	2024-12-03
Qilin	Maritime Transportation	United Kingdom	Claim only	2024-12-03
Daixin	Mental Health Care	United States	Data leak	2024-12-03
Daixin	Advertising Services	United States	Data leak	2024-12-03
RansomHub	Accounting	United States	Data leak	2024-12-03
RansomHub	Higher Education	Germany	Data leak	2024-12-03
RansomHub	Food and Beverages	Sudan	Data leak	2024-12-03
RansomHub	Construction	South Korea	Data leak	2024-12-03
RansomHub	Business Intelligence Platforms	United States	Claim only	2024-12-03
RansomHub	Biotechnology Research	United States	Data leak	2024-12-03

News and research context

Recent articles from the same time window.

Building Cyber Resilience Against Ransomware Attacks 2024-12-03

This is the first blogpost in this series. Its aim is twofold: to enable organizations embarking on a journey to build resilience against ransomware to recognize common misconcept…

Record ransomware payment and breach affected thousands in Sask. | 650 CKOM 2024-12-03

According to a report from the Saskatchewan Information and Privacy Commissioner, 7,293 people in Saskatchewan were affected by a massive privacy breach at Innomar Strategies Inc.…

ENGlobal Corporation | SEC 2024-12-03

On November 25, 2024, ENGlobal Corporation (the “Company”) became aware of a cybersecurity incident. The preliminary investigation has revealed that a threat actor illegally acce…

Notorious ransomware developer charged with computer crimes in Russia | CyberScoop 2024-12-02

Russian authorities have charged Mikhail Matveev, a notorious hacker known as Wazawaka, for creating malware used to extort commercial organizations, the Russian Interior Ministry…

Costa Rica state energy company calls in US experts to help with ransomware attack | The Record from Recorded Future News 2024-12-02

Related actor: RansomHub

The state-owned energy provider for Costa Rica was hit with a ransomware attack last week requiring the company to shift to manual operations and call in help from abroad. Refi…

Cyber attack prompts Stoli Group USA bankruptcy filing - The Spirits Business 2024-12-02

Related actor: RansomHub

A two-month-long cyber attack on its US operations has contributed to Stoli Group’s decision to voluntarily file for bankruptcy. Wider challenges facing spirits brand owners in…

Medion seit Tagen von IT-Störung geplagt | Golem.de 2024-12-02

Auf seiner Webseite bestätigt Medion derzeit lediglich eine IT-Störung und Wartungsarbeiten. Tatsächlich scheint ein Cyberangriff dahinter zu stecken. Bei der Medion AG gibt es…

Hoboken provides update on ransomware attack, email & Wi-Fi still not restored - Hudson County View 2024-12-02

Related actor: 3AM

The City of Hoboken provided an update on Wednesday's ransomware attack at City Hall, noting that email and Wi-Fi are still being restored. “The majority of services for resident…

Ransomware-driven data exfiltration: techniques and implications - Sekoia.io Blog 2024-11-27

This report focuses on the exfiltration techniques leveraged by ransomware and extortion groups in lucrative campaigns. It aims to provide a comprehensive analysis of the techniqu…

Notes

Observed events reflect monitored leak-site and extortion activity, not independent confirmation of every intrusion.
Data-leak indicators reflect visible public leak evidence or escalation, which is stronger than a fresh listing alone.
Country, sector, and company-size metadata can be incomplete. Unknown values are excluded from the public mix views.
The goal is to explain concentration, escalation, churn, and patterns — not to build a wall of named victims.

Method

The page uses a fixed seven-day window based on the selected date.
Only public-facing actor and event records are included.
Counts and breakdowns are designed for trend review, not incident confirmation.