American venture capital firm Insight Partners was the victim of a cyber breach last month. The firm is still assessing the extent of the damage and conducting tests to fully unde…
Weekly intelligence
Trend-first
Weekly ransomware & data leak landscape
A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch.
Window: 2025-02-12 → 2025-02-18 UTC
Choose a report date
Observed events
160
Public claims in the selected week
Data leak indicators
125
78.1% of observed events
Active actors
28
Distinct groups with observed activity
Torrent-linked events
10
Events intersecting with torrent intelligence
What changed this week?
•
RansomHub generated the highest visible claim volume this week, representing 23.1% of observed events.
•
78.1% of observed events in this window showed a public data-leak indicator, which is a stronger escalation signal than a fresh listing alone.
•
Construction was the most represented sector in this window with 16 observed events.
•
7 actor(s) appeared active this week without matching activity in the prior 30-day lookback, suggesting fresh campaigns, rebrands, or resurfacing infrastructure.
•
10 observed events in this week intersected with torrent intelligence, which is useful for understanding data-distribution tactics beyond plain leak-site posts.
Coverage snapshot
As of 2025-02-18 UTC.
Leak sites observed this week
28
Leak sites online near report date
0
Threat actor profiles updated this week
3
Countries represented this week
30
Sectors represented this week
69
Top active actors
By observed claim volumeRansomHub
37 events · 35 leak indicators
Akira
19 events · 9 leak indicators
Lynx
15 events · 15 leak indicators
PLAY
14 events · 14 leak indicators
Cactus
12 events · 12 leak indicators
Fog
12 events · 9 leak indicators
Qilin
8 events · 8 leak indicators
BianLian
7 events · 0 leak indicators
Emerging or resurfacing actors
No matching activity in prior 30 days- Brain Cipher 2 events
- Embargo 2 events
- Blacksuit 1 event
- CiphBit 1 event
- Linkc 1 event
- MedusaLocker 1 event
- Underground 1 event
Country mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
United States95
- RansomHub26 events · 24 leak indicators
- Cactus11 events · 11 leak indicators
- PLAY10 events · 10 leak indicators
- Akira9 events · 4 leak indicators
- Qilin8 events · 8 leak indicators
- BianLian7 events · 0 leak indicators
- Medusa5 events · 5 leak indicators
- Lynx4 events · 4 leak indicators
Canada9
- PLAY3 events · 3 leak indicators
- Abyss1 event · 1 leak indicator
- Cactus1 event · 1 leak indicator
- INC Ransom1 event · 1 leak indicator
- RansomHub1 event · 1 leak indicator
- Rhysida1 event · 1 leak indicator
- Underground1 event · 0 leak indicators
France5
- Fog3 events · 3 leak indicators
- Brain Cipher1 event · 0 leak indicators
- Lynx1 event · 1 leak indicator
United Kingdom5
- Akira1 event · 0 leak indicators
- Kairos1 event · 1 leak indicator
- Medusa1 event · 1 leak indicator
- RansomHub1 event · 1 leak indicator
- Rhysida1 event · 1 leak indicator
Australia4
- Akira1 event · 1 leak indicator
- FSOCIETY1 event · 0 leak indicators
- Lynx1 event · 1 leak indicator
- RansomHub1 event · 1 leak indicator
Germany4
- Fog2 events · 1 leak indicator
- Cloak1 event · 0 leak indicators
- PLAY1 event · 1 leak indicator
Italy4
- 3AM1 event · 1 leak indicator
- Akira1 event · 0 leak indicators
- Fog1 event · 1 leak indicator
- RansomHub1 event · 1 leak indicator
Sweden4
- Lynx4 events · 4 leak indicators
Sector mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
Construction16
- RansomHub6 events · 6 leak indicators
- Akira3 events · 1 leak indicator
- PLAY2 events · 2 leak indicators
- BianLian1 event · 0 leak indicators
- Blacksuit1 event · 0 leak indicators
- CiphBit1 event · 1 leak indicator
- Lynx1 event · 1 leak indicator
- Qilin1 event · 1 leak indicator
IT Services and IT Consulting10
- Fog2 events · 2 leak indicators
- FSOCIETY2 events · 0 leak indicators
- RansomHub2 events · 2 leak indicators
- Abyss1 event · 1 leak indicator
- Akira1 event · 1 leak indicator
- Brain Cipher1 event · 0 leak indicators
- INC Ransom1 event · 1 leak indicator
Hospitals and Health Care9
- RansomHub3 events · 3 leak indicators
- Medusa2 events · 2 leak indicators
- BianLian1 event · 0 leak indicators
- Embargo1 event · 0 leak indicators
- INC Ransom1 event · 1 leak indicator
- Qilin1 event · 1 leak indicator
Software Development6
- Fog2 events · 2 leak indicators
- Akira1 event · 1 leak indicator
- FSOCIETY1 event · 0 leak indicators
- Linkc1 event · 0 leak indicators
- Lynx1 event · 1 leak indicator
Accounting5
- Akira2 events · 2 leak indicators
- BianLian1 event · 0 leak indicators
- Medusa1 event · 1 leak indicator
- RansomHub1 event · 1 leak indicator
Law Practice5
- BianLian2 events · 0 leak indicators
- PLAY2 events · 2 leak indicators
- RansomHub1 event · 1 leak indicator
Retail5
- RansomHub2 events · 2 leak indicators
- Cactus1 event · 1 leak indicator
- Eraleignews1 event · 1 leak indicator
- Fog1 event · 0 leak indicators
Government Administration4
- RansomHub2 events · 1 leak indicator
- INC Ransom1 event · 1 leak indicator
- Medusa1 event · 1 leak indicator
Organization size bands
Share of weekly events by employee-size group across the last 12 reporting windows.
- 51-200 employees 45
- 11-50 employees 42
- 2-10 employees 17
- 201-500 employees 15
- 1,001-5,000 employees 13
- 501-1,000 employees 8
Notable actor profile updates
Active actor records only.
New ransom note observed
No ransom-note change logged in this reporting window.
New actor infrastructure / contact channel
No infrastructure/contact-channel change logged in this reporting window.
New vuln / TTP intelligence
No vuln/TTP change logged in this reporting window.
Recent signal samples
Selected weekly signals.
| Actor | Sector | Country | Leak proof | Seen |
|---|---|---|---|---|
| Linkc | Software Development | United States | Claim only | 2025-02-18 |
| Medusa | Hospitals and Health Care | United Kingdom | Data leak | 2025-02-18 |
| Cactus | Wholesale | United States | Data leak | 2025-02-18 |
| Cactus | Personal Care Product Manufacturing | United States | Data leak | 2025-02-18 |
| Cactus | Retail | United States | Data leak | 2025-02-18 |
| Cactus | Furniture and Home Furnishings Manufacturing | United States | Data leak | 2025-02-18 |
| Akira | Wholesale Building Materials | United States | Claim only | 2025-02-18 |
| RansomHub | Hospitals and Health Care | United States | Data leak | 2025-02-18 |
| RansomHub | Hospitals and Health Care | United States | Data leak | 2025-02-18 |
| RansomHub | IT Services and IT Consulting | United States | Data leak | 2025-02-18 |
| RansomHub | Construction | United States | Data leak | 2025-02-18 |
| Akira | Construction | United States | Claim only | 2025-02-18 |
News and research context
Recent articles from the same time window.
Related actor: Qilin
Newspaper publishing giant Lee Enterprises has confirmed that a ransomware attack is behind ongoing disruptions impacting the group's operations for over two weeks.
As a local…
APPOMATTOX COUNTY, Va. (WFXR) – Appomattox County is reporting a cyber incident that has impacted organizations including the local school system.
In a statement released online,…
Hundreds of ransomware attacks stopped each year, says Canada’s cybersecurity chief | CBC.ca
2025-02-17
The Canadian Centre for Cyber Security intercepts hundreds of potential cyberattacks each year. The centre’s head, Rajiv Gupta, spoke to The National’s Ian Hanomansing about the u…
Cyberangriff auf Zürcher Gymnasium
2025-02-13
Die Wiederherstellung der Systeme am Realgymnasium Rämibühl läuft noch. Der Schulbetrieb konnte fortgeführt werden.
Das Realgymnasium Rämibühl in der Stadt Zürich wurde im Januar…
Related actor: RA Group
Tools that are usually associated with China-based espionage actors were recently deployed in an attack involving the RA World ransomware against an Asian software and services co…
Related actor: Cloak
RICHMOND — A “sophisticated cyberattack” struck the offices of Virginia Attorney General Jason S. Miyares on Wednesday, forcing the agency to shut down computer systems and resort…
Bei der Eckert & Ziegler SE hat es einen Cyberangriff auf Teile ihrer IT-Systeme gegeben. Die Systeme wurden vorübergehend proaktiv heruntergefahren und vom Internet getrennt, um…
Die Stadtgemeinde Tulln ist Opfer eines Hackerangriffs geworden. Seit der Nacht von Mo, 10.02. auf Di, 11.02.2025 kann die Stadtverwaltung nicht mehr auf ihre eigenen Server zugre…
Papua New Guinea’s tax office has been hit with a major cyber attack, pushing systems offline and potentially exposing sensitive data belonging to hundreds of thousands of people…
Notes
- Observed events reflect monitored leak-site and extortion activity, not independent confirmation of every intrusion.
- Data-leak indicators reflect visible public leak evidence or escalation, which is stronger than a fresh listing alone.
- Country, sector, and company-size metadata can be incomplete. Unknown values are excluded from the public mix views.
- The goal is to explain concentration, escalation, churn, and patterns — not to build a wall of named victims.
Method
- The page uses a fixed seven-day window based on the selected date.
- Only public-facing actor and event records are included.
- Counts and breakdowns are designed for trend review, not incident confirmation.