A police department in southern Ontario is dealing with a “cyber incident” that it says has affected some of its IT systems.
Police in Kingston say a network issue was discover…
Weekly intelligence
Trend-first
Weekly ransomware & data leak landscape
A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch.
Window: 2025-01-01 → 2025-01-07 UTC
Choose a report date
Observed events
65
Public claims in the selected week
Data leak indicators
58
89.2% of observed events
Active actors
18
Distinct groups with observed activity
Torrent-linked events
8
Events intersecting with torrent intelligence
What changed this week?
•
8BASE generated the highest visible claim volume this week, representing 24.6% of observed events.
•
89.2% of observed events in this window showed a public data-leak indicator, which is a stronger escalation signal than a fresh listing alone.
•
Construction was the most represented sector in this window with 6 observed events.
•
2 actor(s) appeared active this week without matching activity in the prior 30-day lookback, suggesting fresh campaigns, rebrands, or resurfacing infrastructure.
•
8 observed events in this week intersected with torrent intelligence, which is useful for understanding data-distribution tactics beyond plain leak-site posts.
Coverage snapshot
As of 2025-01-07 UTC.
Leak sites observed this week
18
Leak sites online near report date
0
Threat actor profiles updated this week
1
Countries represented this week
20
Sectors represented this week
45
Top active actors
By observed claim volume8BASE
16 events · 14 leak indicators
Akira
9 events · 8 leak indicators
Lynx
6 events · 6 leak indicators
Cicada3301
5 events · 5 leak indicators
Qilin
5 events · 5 leak indicators
RansomHub
5 events · 5 leak indicators
Data Leak
4 events · 3 leak indicators
CL0P
2 events · 0 leak indicators
Emerging or resurfacing actors
No matching activity in prior 30 days- Cicada3301 5 events
- Apos Security 1 event
Country mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
United States34
- Akira7 events · 6 leak indicators
- 8BASE6 events · 5 leak indicators
- Lynx4 events · 4 leak indicators
- Cicada33013 events · 3 leak indicators
- Qilin3 events · 3 leak indicators
- CL0P2 events · 0 leak indicators
- LeakedData2 events · 2 leak indicators
- RansomHub2 events · 2 leak indicators
France9
- 8BASE5 events · 4 leak indicators
- Cicada33012 events · 2 leak indicators
- Data Leak1 event · 1 leak indicator
- RansomHub1 event · 1 leak indicator
Argentina2
- Akira1 event · 1 leak indicator
- Data Leak1 event · 1 leak indicator
Belgium2
- 8BASE1 event · 1 leak indicator
- Fog1 event · 0 leak indicators
Canada2
- Lynx1 event · 1 leak indicator
- Rhysida1 event · 1 leak indicator
India2
- DarkVault1 event · 1 leak indicator
- Qilin1 event · 1 leak indicator
Brazil1
- 8BASE1 event · 1 leak indicator
China1
- DarkVault1 event · 1 leak indicator
Sector mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
Construction6
- Akira3 events · 3 leak indicators
- RansomHub2 events · 2 leak indicators
- Lynx1 event · 1 leak indicator
Retail4
- Lynx2 events · 2 leak indicators
- 8BASE1 event · 1 leak indicator
- Data Leak1 event · 1 leak indicator
Machinery Manufacturing3
- 8BASE1 event · 1 leak indicator
- Cicada33011 event · 1 leak indicator
- RansomHub1 event · 1 leak indicator
Education Administration Programs2
- 8BASE1 event · 1 leak indicator
- Fog1 event · 0 leak indicators
Financial Services2
- LeakedData1 event · 1 leak indicator
- Qilin1 event · 1 leak indicator
Hospitality2
- Akira1 event · 1 leak indicator
- RansomHub1 event · 1 leak indicator
Insurance2
- Hellcat1 event · 1 leak indicator
- LeakedData1 event · 1 leak indicator
Law Practice2
- Lynx2 events · 2 leak indicators
Organization size bands
Share of weekly events by employee-size group across the last 12 reporting windows.
- 11-50 employees 19
- 51-200 employees 19
- 201-500 employees 9
- 1,001-5,000 employees 7
- 10,001+ employees 2
- 501-1,000 employees 2
Notable actor profile updates
Active actor records only.
New ransom note observed
No ransom-note change logged in this reporting window.
New actor infrastructure / contact channel
No infrastructure/contact-channel change logged in this reporting window.
New vuln / TTP intelligence
No vuln/TTP change logged in this reporting window.
Recent signal samples
Selected weekly signals.
| Actor | Sector | Country | Leak proof | Seen |
|---|---|---|---|---|
| Lynx | Retail | United States | Data leak | 2025-01-07 |
| Lynx | Retail | Thailand | Data leak | 2025-01-07 |
| Fog | Education Administration Programs | Belgium | Claim only | 2025-01-07 |
| SAFEPAY | Motor Vehicle Manufacturing | United States | Data leak | 2025-01-07 |
| Akira | Information Technology and Services | United States | Claim only | 2025-01-07 |
| Akira | Construction | United States | Data leak | 2025-01-07 |
| Akira | Environmental Services | United States | Data leak | 2025-01-07 |
| Lynx | Construction | United States | Data leak | 2025-01-07 |
| Lynx | Transportation/Trucking/Railroad | Canada | Data leak | 2025-01-07 |
| 8BASE | Beverage Manufacturing | United States | Data leak | 2025-01-07 |
| 8BASE | Machinery Manufacturing | Italy | Data leak | 2025-01-07 |
| 8BASE | Retail Apparel and Fashion | France | Data leak | 2025-01-07 |
News and research context
Recent articles from the same time window.
The entire UCDSB is experiencing a significant network disruption that will impact all of our schools tomorrow. All schools will be open, however there will be no access to the in…
Alors que plusieurs sites internet de collectivités sont victimes de piratages en France, le secteur agricole est, lui aussi, touché. Depuis la nuit du 14 au 15 décembre, la plate…
Ransomware-Angriff am Fraunhofer IAO
2025-01-06
Das Fraunhofer-Institut für Arbeitswirtschaft und Organisation IAO in Stuttgart wurde am 27. Dezember 2024 Ziel eines Ransomware-Angriffs. Der Angriff hat zu einer Beeinträchtigun…
We are writing to inform you of a data security incident experienced by our organization, AuthoraCare Collective, that may have involved your information as described below. We we…
Related actor: MedusaLocker
An Indianapolis dental practice has agreed to pay a financial penalty of $350,000 to the Office of the Indiana Attorney General (OIG) to resolve multiple alleged violations of fed…
Alles Lægehus oplevede den 9. december et IT-nedbrud, som midlertidigt påvirkede driften. Vi reagerede straks ved at aktivere vores nødberedskab, som har sikret, at vi har kunnet…
Notes
- Observed events reflect monitored leak-site and extortion activity, not independent confirmation of every intrusion.
- Data-leak indicators reflect visible public leak evidence or escalation, which is stronger than a fresh listing alone.
- Country, sector, and company-size metadata can be incomplete. Unknown values are excluded from the public mix views.
- The goal is to explain concentration, escalation, churn, and patterns — not to build a wall of named victims.
Method
- The page uses a fixed seven-day window based on the selected date.
- Only public-facing actor and event records are included.
- Counts and breakdowns are designed for trend review, not incident confirmation.