Weekly intelligence Trend-first

Weekly ransomware & data leak landscape

A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch.

Window: 2025-08-20 → 2025-08-26 UTC
Choose a report date
Previous week Next week
Observed events
154
Public claims in the selected week
Data leak indicators
122
79.2% of observed events
Active actors
27
Distinct groups with observed activity
Torrent-linked events
6
Events intersecting with torrent intelligence

What changed this week?

Qilin generated the highest visible claim volume this week, representing 17.5% of observed events.
79.2% of observed events in this window showed a public data-leak indicator, which is a stronger escalation signal than a fresh listing alone.
Construction was the most represented sector in this window with 10 observed events.
3 actor(s) appeared active this week without matching activity in the prior 30-day lookback, suggesting fresh campaigns, rebrands, or resurfacing infrastructure.
6 observed events in this week intersected with torrent intelligence, which is useful for understanding data-distribution tactics beyond plain leak-site posts.

Coverage snapshot

As of 2025-08-26 UTC.
Leak sites observed this week
27
Leak sites online near report date
0
Threat actor profiles updated this week
2
Countries represented this week
28
Sectors represented this week
66

Top active actors

By observed claim volume
Qilin
27 events · 18 leak indicators
Sinobi
23 events · 22 leak indicators
Akira
14 events · 6 leak indicators
DragonForce
14 events · 14 leak indicators
Cephalus
11 events · 8 leak indicators
SAFEPAY
9 events · 9 leak indicators
PLAY
7 events · 7 leak indicators
Beast
6 events · 0 leak indicators

Emerging or resurfacing actors

No matching activity in prior 30 days
  • Cephalus 11 events
  • Metaencryptor 1 event
  • SECUROTROP 1 event

Country mix

Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
United States92
  • Sinobi23 events · 22 leak indicators
  • Qilin14 events · 10 leak indicators
  • Akira12 events · 5 leak indicators
  • Cephalus10 events · 7 leak indicators
  • PLAY6 events · 6 leak indicators
  • Beast5 events · 0 leak indicators
  • DragonForce4 events · 4 leak indicators
  • INTERLOCK3 events · 3 leak indicators
Germany10
  • SAFEPAY5 events · 5 leak indicators
  • DragonForce4 events · 4 leak indicators
  • Qilin1 event · 1 leak indicator
Canada7
  • Akira2 events · 1 leak indicator
  • DragonForce1 event · 1 leak indicator
  • Kill Security1 event · 1 leak indicator
  • Metaencryptor1 event · 1 leak indicator
  • PLAY1 event · 1 leak indicator
  • World Leaks1 event · 1 leak indicator
United Kingdom7
  • Dire Wolf1 event · 1 leak indicator
  • DragonForce1 event · 1 leak indicator
  • INC Ransom1 event · 1 leak indicator
  • INTERLOCK1 event · 1 leak indicator
  • Lynx1 event · 0 leak indicators
  • SAFEPAY1 event · 1 leak indicator
  • Space Bears1 event · 1 leak indicator
Australia3
  • Dire Wolf1 event · 1 leak indicator
  • Lynx1 event · 1 leak indicator
  • Qilin1 event · 1 leak indicator
Italy3
  • Qilin2 events · 2 leak indicators
  • DragonForce1 event · 1 leak indicator
Singapore3
  • Lynx2 events · 2 leak indicators
  • World Leaks1 event · 1 leak indicator
Brazil2
  • Dire Wolf1 event · 1 leak indicator
  • Global1 event · 1 leak indicator

Sector mix

Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
Construction10
  • Akira4 events · 2 leak indicators
  • Qilin4 events · 2 leak indicators
  • Sinobi2 events · 2 leak indicators
Hospitals and Health Care9
  • Sinobi3 events · 3 leak indicators
  • Global2 events · 2 leak indicators
  • Akira1 event · 0 leak indicators
  • Beast1 event · 0 leak indicators
  • Cephalus1 event · 1 leak indicator
  • Qilin1 event · 1 leak indicator
Law Practice8
  • Cephalus3 events · 2 leak indicators
  • PLAY2 events · 2 leak indicators
  • Akira1 event · 1 leak indicator
  • Dire Wolf1 event · 1 leak indicator
  • Leaknet Blog1 event · 1 leak indicator
Financial Services7
  • INC Ransom2 events · 2 leak indicators
  • Qilin2 events · 0 leak indicators
  • Cephalus1 event · 1 leak indicator
  • Kill Security1 event · 1 leak indicator
  • Sinobi1 event · 1 leak indicator
Industrial Machinery Manufacturing7
  • Sinobi3 events · 3 leak indicators
  • Akira2 events · 1 leak indicator
  • DragonForce1 event · 1 leak indicator
  • Qilin1 event · 1 leak indicator
IT Services and IT Consulting6
  • Cephalus1 event · 1 leak indicator
  • DragonForce1 event · 1 leak indicator
  • INC Ransom1 event · 1 leak indicator
  • Qilin1 event · 1 leak indicator
  • SAFEPAY1 event · 1 leak indicator
  • Sinobi1 event · 1 leak indicator
Manufacturing5
  • Dire Wolf2 events · 1 leak indicator
  • DragonForce1 event · 1 leak indicator
  • Lynx1 event · 1 leak indicator
  • Sinobi1 event · 1 leak indicator
Real Estate5
  • Sinobi2 events · 2 leak indicators
  • Beast1 event · 0 leak indicators
  • DragonForce1 event · 1 leak indicator
  • PLAY1 event · 1 leak indicator

Organization size bands

Share of weekly events by employee-size group across the last 12 reporting windows.
  • 11-50 employees 48
  • 51-200 employees 48
  • 201-500 employees 17
  • 2-10 employees 15
  • 501-1,000 employees 12
  • 1,001-5,000 employees 3

Notable actor profile updates

Active actor records only.
New ransom note observed
No ransom-note change logged in this reporting window.
New actor infrastructure / contact channel
No infrastructure/contact-channel change logged in this reporting window.
New vuln / TTP intelligence
No vuln/TTP change logged in this reporting window.

Recent signal samples

Selected weekly signals.
Actor Sector Country Leak proof Seen
Medusa Insurance Georgia Claim only 2025-08-26
Lynx Legal Services Australia Data leak 2025-08-26
Lynx Accounting United Kingdom Claim only 2025-08-26
PLAY Real Estate United States Data leak 2025-08-26
PLAY Truck Transportation Canada Data leak 2025-08-26
PLAY Beverage Manufacturing United States Data leak 2025-08-26
PLAY Law Practice United States Data leak 2025-08-26
PLAY Law Practice United States Data leak 2025-08-26
SAFEPAY Education Administration Programs Germany Data leak 2025-08-26
World Leaks Electrical Equipment Manufacturing United States Data leak 2025-08-26
World Leaks Textile Manufacturing Denmark Data leak 2025-08-26
World Leaks Education Administration Programs Canada Data leak 2025-08-26

News and research context

Recent articles from the same time window.
Omfattande cyberattack – data kan ha läckt 2025-08-26
Related actor: DATACARRY
Känsliga personuppgifter kan ha läckt efter att systemdataleverantören Miljödata utsatts för en cyberattack. 80 procent av Sveriges kommuner använder leverantören och nu pressa…

Notes

  • Observed events reflect monitored leak-site and extortion activity, not independent confirmation of every intrusion.
  • Data-leak indicators reflect visible public leak evidence or escalation, which is stronger than a fresh listing alone.
  • Country, sector, and company-size metadata can be incomplete. Unknown values are excluded from the public mix views.
  • The goal is to explain concentration, escalation, churn, and patterns — not to build a wall of named victims.

Method

  • The page uses a fixed seven-day window based on the selected date.
  • Only public-facing actor and event records are included.
  • Counts and breakdowns are designed for trend review, not incident confirmation.