Auf die schulinternen Server der allgemeinbildenden Schulen und der Berufsbildenden Schule in Speyer hat es in der vergangenen Woche einen Hackerangriff gegeben.
Nach dem Hacke…
Weekly intelligence
Trend-first
Weekly ransomware & data leak landscape
A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch.
Window: 2025-01-15 → 2025-01-21 UTC
Choose a report date
Observed events
85
Public claims in the selected week
Data leak indicators
71
83.5% of observed events
Active actors
25
Distinct groups with observed activity
Torrent-linked events
2
Events intersecting with torrent intelligence
What changed this week?
•
SAFEPAY generated the highest visible claim volume this week, representing 14.1% of observed events.
•
83.5% of observed events in this window showed a public data-leak indicator, which is a stronger escalation signal than a fresh listing alone.
•
Construction was the most represented sector in this window with 8 observed events.
•
2 observed events in this week intersected with torrent intelligence, which is useful for understanding data-distribution tactics beyond plain leak-site posts.
•
2 tracked leak sites were still online as of the report date snapshot, giving useful context on current ecosystem churn and monitoring pressure.
Coverage snapshot
As of 2025-01-21 UTC.
Leak sites observed this week
25
Leak sites online near report date
2
Threat actor profiles updated this week
2
Countries represented this week
26
Sectors represented this week
47
Top active actors
By observed claim volumeSAFEPAY
12 events · 12 leak indicators
Lynx
10 events · 10 leak indicators
RansomHub
10 events · 7 leak indicators
INC Ransom
6 events · 6 leak indicators
Qilin
6 events · 5 leak indicators
Sarcoma
5 events · 4 leak indicators
Eraleignews
4 events · 4 leak indicators
Kairos
4 events · 4 leak indicators
Emerging or resurfacing actors
No matching activity in prior 30 daysNo newly active actor families were detected using the 30-day lookback rule.
Country mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
United States38
- Lynx7 events · 7 leak indicators
- INC Ransom5 events · 5 leak indicators
- RansomHub5 events · 5 leak indicators
- Qilin4 events · 4 leak indicators
- Medusa3 events · 3 leak indicators
- SAFEPAY3 events · 3 leak indicators
- Cactus2 events · 2 leak indicators
- 3AM1 event · 1 leak indicator
India6
- Kill Security2 events · 2 leak indicators
- Eraleignews1 event · 1 leak indicator
- Qilin1 event · 0 leak indicators
- RansomHub1 event · 1 leak indicator
- Space Bears1 event · 1 leak indicator
Italy5
- Akira1 event · 1 leak indicator
- Cloak1 event · 0 leak indicators
- Everest1 event · 0 leak indicators
- Morpheus1 event · 0 leak indicators
- RansomHub1 event · 1 leak indicator
United Kingdom5
- Kairos2 events · 2 leak indicators
- Sarcoma2 events · 2 leak indicators
- Lynx1 event · 1 leak indicator
Spain3
- SAFEPAY2 events · 2 leak indicators
- Everest1 event · 0 leak indicators
Australia2
- Lynx1 event · 1 leak indicator
- Money Message1 event · 1 leak indicator
Brazil2
- RansomHub1 event · 0 leak indicators
- Sarcoma1 event · 1 leak indicator
Canada2
- CL0P1 event · 0 leak indicators
- Kairos1 event · 1 leak indicator
Sector mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
Construction8
- RansomHub3 events · 2 leak indicators
- Medusa2 events · 2 leak indicators
- Cactus1 event · 1 leak indicator
- Lynx1 event · 1 leak indicator
- SAFEPAY1 event · 1 leak indicator
Hospitals and Health Care5
- INC Ransom2 events · 2 leak indicators
- Space Bears2 events · 2 leak indicators
- Kairos1 event · 1 leak indicator
Financial Services4
- BianLian1 event · 0 leak indicators
- Kill Security1 event · 1 leak indicator
- Lynx1 event · 1 leak indicator
- Qilin1 event · 1 leak indicator
Insurance4
- 8BASE1 event · 1 leak indicator
- RansomHub1 event · 1 leak indicator
- SAFEPAY1 event · 1 leak indicator
- Sarcoma1 event · 1 leak indicator
Appliances, Electrical, and Electronics Manufacturing3
- Qilin1 event · 1 leak indicator
- RansomHub1 event · 0 leak indicators
- Rhysida1 event · 1 leak indicator
Motor Vehicle Manufacturing3
- Lynx2 events · 2 leak indicators
- SAFEPAY1 event · 1 leak indicator
Oil and Gas3
- Hunters International1 event · 1 leak indicator
- Qilin1 event · 1 leak indicator
- SAFEPAY1 event · 1 leak indicator
Software Development3
- 8BASE1 event · 1 leak indicator
- CL0P1 event · 0 leak indicators
- Lynx1 event · 1 leak indicator
Organization size bands
Share of weekly events by employee-size group across the last 12 reporting windows.
- 201-500 employees 22
- 11-50 employees 20
- 51-200 employees 20
- 1,001-5,000 employees 6
- 501-1,000 employees 3
- 2-10 employees 2
Notable actor profile updates
Active actor records only.
New ransom note observed
No ransom-note change logged in this reporting window.
New actor infrastructure / contact channel
No infrastructure/contact-channel change logged in this reporting window.
New vuln / TTP intelligence
No vuln/TTP change logged in this reporting window.
Recent signal samples
Selected weekly signals.
| Actor | Sector | Country | Leak proof | Seen |
|---|---|---|---|---|
| INC Ransom | Packaging and Containers Manufacturing | Lithuania | Data leak | 2025-01-21 |
| SAFEPAY | Oil and Gas | Cyprus | Data leak | 2025-01-21 |
| SAFEPAY | Printing Services | Spain | Data leak | 2025-01-21 |
| RansomHub | Food and Beverage Manufacturing | United States | Data leak | 2025-01-21 |
| RansomHub | Insurance | United States | Data leak | 2025-01-21 |
| Eraleignews | Banking | India | Data leak | 2025-01-21 |
| RansomHub | Textile Manufacturing | United States | Data leak | 2025-01-21 |
| RansomHub | Construction | United States | Data leak | 2025-01-21 |
| CL0P | Software Development | Canada | Claim only | 2025-01-21 |
| RansomHub | Manufacturing | India | Data leak | 2025-01-21 |
| Space Bears | Hospitals and Health Care | Algeria | Data leak | 2025-01-21 |
| Kill Security | Facilities Services | Singapore | Data leak | 2025-01-21 |
News and research context
Recent articles from the same time window.
On January 16, 2025, Edw. C. Levy Co., also known as The Levy Group of Companies (“Levy”), filed a notice of data breach with the Attorney General of Maine after hackers deployed…
ABU DHABI, 17th January, 2025 (WAM) -- The UAE Cyber Security Council announced that the national cybersecurity systems successfully thwarted malicious ransomware attacks targetin…
The school will be closed on 20 and 21 January while the data breach is investigated.
A school in Cheshire has announced a temporary closure after falling victim to a "ransomware…
Datenschutzvorfall bei der D-Trust
2025-01-17
Berlin, 16.01.2025 - Die D-Trust GmbH ist Ziel eines Angriffs auf das Antragsportal für Signatur- und Siegelkarten geworden. Der Angriff wurde am 13.1.2025 festgestellt. Dabei sin…
We wanted to take a moment to provide you with an update from the potential cyber threat that occurred Jan 7.
We are working around the clock to restore our systems so that we…
Related actor: Hunters International
Information zu Cyber-Angriff
2025-01-14
Trotz umfassender Sicherheitsstandards wurde die Ausgleichskasse Swissmem am Wochenende des 4. und 5. Januar 2025 Opfer eines Cyberangrif…
Notes
- Observed events reflect monitored leak-site and extortion activity, not independent confirmation of every intrusion.
- Data-leak indicators reflect visible public leak evidence or escalation, which is stronger than a fresh listing alone.
- Country, sector, and company-size metadata can be incomplete. Unknown values are excluded from the public mix views.
- The goal is to explain concentration, escalation, churn, and patterns — not to build a wall of named victims.
Method
- The page uses a fixed seven-day window based on the selected date.
- Only public-facing actor and event records are included.
- Counts and breakdowns are designed for trend review, not incident confirmation.