Weekly intelligence Trend-first

Weekly ransomware & data leak landscape

A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch.

Window: 2025-08-11 → 2025-08-17 UTC

Choose a report date

Observed events

140

Public claims in the selected week

Data leak indicators

59.3% of observed events

Active actors

Distinct groups with observed activity

Torrent-linked events

Events intersecting with torrent intelligence

What changed this week?

•

Akira generated the highest visible claim volume this week, representing 18.6% of observed events.

•

59.3% of observed events in this window showed a public data-leak indicator, which is a stronger escalation signal than a fresh listing alone.

•

Construction was the most represented sector in this window with 8 observed events.

•

6 actor(s) appeared active this week without matching activity in the prior 30-day lookback, suggesting fresh campaigns, rebrands, or resurfacing infrastructure.

•

5 observed events in this week intersected with torrent intelligence, which is useful for understanding data-distribution tactics beyond plain leak-site posts.

•

1 tracked leak sites were still online as of the report date snapshot, giving useful context on current ecosystem churn and monitoring pressure.

Coverage snapshot

As of 2025-08-17 UTC.

Leak sites observed this week

Leak sites online near report date

Threat actor profiles updated this week

Countries represented this week

Sectors represented this week

Top active actors

By observed claim volume

Akira

26 events · 4 leak indicators

Qilin

25 events · 13 leak indicators

Warlock

20 events · 17 leak indicators

Sinobi

10 events · 10 leak indicators

PLAY

8 events · 8 leak indicators

Everest

6 events · 0 leak indicators

SAFEPAY

5 events · 5 leak indicators

Beast

4 events · 0 leak indicators

Emerging or resurfacing actors

No matching activity in prior 30 days

Anubis 2 events
Weyhro 2 events
Apos Security 1 event
DATACARRY 1 event
Run Some Wares 1 event
Underground 1 event

Country mix

Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.

United States73

Akira12 events · 3 leak indicators
Qilin10 events · 5 leak indicators
Warlock10 events · 8 leak indicators
PLAY8 events · 8 leak indicators
Sinobi8 events · 8 leak indicators
INTERLOCK4 events · 4 leak indicators
PEAR4 events · 4 leak indicators
Beast3 events · 0 leak indicators

Germany10

Qilin4 events · 1 leak indicator
Everest2 events · 0 leak indicators
Akira1 event · 0 leak indicators
Crypto241 event · 1 leak indicator
Medusa1 event · 1 leak indicator
Warlock1 event · 1 leak indicator

United Kingdom9

SAFEPAY2 events · 2 leak indicators
Warlock2 events · 1 leak indicator
Beast1 event · 0 leak indicators
Crypto241 event · 1 leak indicator
D4RK4RMY1 event · 1 leak indicator
Dire Wolf1 event · 1 leak indicator
Qilin1 event · 1 leak indicator

France4

Akira1 event · 0 leak indicators
DATACARRY1 event · 1 leak indicator
Qilin1 event · 0 leak indicators
Warlock1 event · 1 leak indicator

Italy3

Dire Wolf1 event · 1 leak indicator
Qilin1 event · 1 leak indicator
Sarcoma1 event · 1 leak indicator

Brazil2

Arcus Media1 event · 0 leak indicators
Medusa1 event · 1 leak indicator

Canada2

Everest1 event · 0 leak indicators
SAFEPAY1 event · 1 leak indicator

Israel2

SAFEPAY1 event · 1 leak indicator
Space Bears1 event · 1 leak indicator

Sector mix

Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.

Construction8

Qilin5 events · 3 leak indicators
SAFEPAY1 event · 1 leak indicator
Sinobi1 event · 1 leak indicator
Warlock1 event · 1 leak indicator

Law Practice8

Akira2 events · 1 leak indicator
PEAR2 events · 2 leak indicators
Beast1 event · 0 leak indicators
Crypto241 event · 1 leak indicator
D4RK4RMY1 event · 0 leak indicators
INTERLOCK1 event · 1 leak indicator

Software Development6

Warlock3 events · 3 leak indicators
PLAY2 events · 2 leak indicators
Qilin1 event · 1 leak indicator

IT Services and IT Consulting5

Warlock2 events · 1 leak indicator
Apos Security1 event · 1 leak indicator
Qilin1 event · 0 leak indicators
Sinobi1 event · 1 leak indicator

Appliances, Electrical, and Electronics Manufacturing4

Qilin2 events · 1 leak indicator
Beast1 event · 0 leak indicators
SAFEPAY1 event · 1 leak indicator

Financial Services4

Qilin2 events · 1 leak indicator
Akira1 event · 0 leak indicators
Everest1 event · 0 leak indicators

Government Administration4

INTERLOCK2 events · 2 leak indicators
Everest1 event · 0 leak indicators
PEAR1 event · 1 leak indicator

Legal Services4

Dire Wolf2 events · 2 leak indicators
Akira1 event · 0 leak indicators
Qilin1 event · 0 leak indicators

Organization size bands

Share of weekly events by employee-size group across the last 12 reporting windows.

51-200 employees 39
11-50 employees 30
201-500 employees 17
501-1,000 employees 13
1,001-5,000 employees 10
2-10 employees 8

Notable actor profile updates

Active actor records only.

New ransom note observed

No ransom-note change logged in this reporting window.

New actor infrastructure / contact channel

No infrastructure/contact-channel change logged in this reporting window.

New vuln / TTP intelligence

No vuln/TTP change logged in this reporting window.

Recent signal samples

Selected weekly signals.

Actor	Sector	Country	Leak proof	Seen
Qilin	Financial Services	South Korea	Claim only	2025-08-17
Everest	Government Administration	Canada	Claim only	2025-08-17
Medusa	International Trade and Development	Brazil	Data leak	2025-08-17
Medusa	Retail	Germany	Data leak	2025-08-17
Beast	Mental Health Care	United States	Claim only	2025-08-17
INC Ransom	Accounting	United States	Data leak	2025-08-17
PEAR	Law Practice	United States	Data leak	2025-08-16
Warlock	Semiconductor Manufacturing	United States	Data leak	2025-08-16
Akira	Automation Machinery Manufacturing	United States	Claim only	2025-08-16
Crypto24	Law Practice	Germany	Data leak	2025-08-16
D4RK4RMY	Law Practice	United States	Claim only	2025-08-16
D4RK4RMY	Facilities Services	United States	Claim only	2025-08-16

News and research context

Recent articles from the same time window.

Colt - Network Incidents 2025-08-15

Related actor: Warlock

We detected the cyber incident on an internal system. This system is separate from our customers’ infrastructure. We took immediate protective measures to ensure the security of o…

Kawabunga, Dude, You’ve Been Ransomed! | Huntress 2025-08-15

Related actor: Kawa4096

Thanks in large part to our customer base, Huntress sees a great deal of interesting activity, particularly from threat actors (but also from admins). Part of that activity includ…

US law firm Kelley Drye hit with class action after data breach 2025-08-14

Aug 13 (Reuters) - U.S. law firm Kelley Drye & Warren is facing a new lawsuit over a data breach that allegedly exposed personal information of thousands of its current and former…

MuddyWater’s DarkBit ransomware cracked for free data recovery 2025-08-11

Related actor: DarkBit

Cybersecurity firm Profero cracked the encryption of the DarkBit ransomware gang's encryptors, allowing them to recover a victim's files for free without paying a ransom. https…

Notes

Observed events reflect monitored leak-site and extortion activity, not independent confirmation of every intrusion.
Data-leak indicators reflect visible public leak evidence or escalation, which is stronger than a fresh listing alone.
Country, sector, and company-size metadata can be incomplete. Unknown values are excluded from the public mix views.
The goal is to explain concentration, escalation, churn, and patterns — not to build a wall of named victims.

Method

The page uses a fixed seven-day window based on the selected date.
Only public-facing actor and event records are included.
Counts and breakdowns are designed for trend review, not incident confirmation.