Weekly intelligence Trend-first

Weekly ransomware & data leak landscape

A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch.

Window: 2025-10-20 → 2025-10-26 UTC
Choose a report date
Previous week Next week
Observed events
144
Public claims in the selected week
Data leak indicators
105
72.9% of observed events
Active actors
34
Distinct groups with observed activity
Torrent-linked events
6
Events intersecting with torrent intelligence

What changed this week?

Qilin generated the highest visible claim volume this week, representing 21.5% of observed events.
72.9% of observed events in this window showed a public data-leak indicator, which is a stronger escalation signal than a fresh listing alone.
Construction was the most represented sector in this window with 7 observed events.
5 actor(s) appeared active this week without matching activity in the prior 30-day lookback, suggesting fresh campaigns, rebrands, or resurfacing infrastructure.
6 observed events in this week intersected with torrent intelligence, which is useful for understanding data-distribution tactics beyond plain leak-site posts.

Coverage snapshot

As of 2025-10-26 UTC.
Leak sites observed this week
34
Leak sites online near report date
0
Threat actor profiles updated this week
3
Countries represented this week
33
Sectors represented this week
69

Top active actors

By observed claim volume
Qilin
31 events · 15 leak indicators
Sinobi
11 events · 11 leak indicators
CL0P
10 events · 9 leak indicators
Genesis
9 events · 9 leak indicators
Akira
7 events · 7 leak indicators
Lynx
7 events · 7 leak indicators
DragonForce
6 events · 6 leak indicators
Tengu
6 events · 6 leak indicators

Emerging or resurfacing actors

No matching activity in prior 30 days
  • Genesis 9 events
  • Tengu 6 events
  • BlackField 4 events
  • Brain Cipher 2 events
  • FulcrumSec 1 event

Country mix

Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
United States80
  • Qilin19 events · 9 leak indicators
  • Sinobi10 events · 10 leak indicators
  • Genesis9 events · 9 leak indicators
  • CL0P7 events · 6 leak indicators
  • Akira6 events · 6 leak indicators
  • Lynx5 events · 5 leak indicators
  • PLAY4 events · 4 leak indicators
  • DragonForce3 events · 3 leak indicators
Canada8
  • Qilin2 events · 0 leak indicators
  • Akira1 event · 1 leak indicator
  • Anubis1 event · 0 leak indicators
  • Brain Cipher1 event · 0 leak indicators
  • CL0P1 event · 1 leak indicator
  • Coinbase Cartel1 event · 0 leak indicators
  • SAFEPAY1 event · 1 leak indicator
Brazil4
  • Beast1 event · 0 leak indicators
  • RALord1 event · 1 leak indicator
  • Sinobi1 event · 1 leak indicator
  • Tengu1 event · 1 leak indicator
Australia3
  • Anubis1 event · 0 leak indicators
  • CL0P1 event · 1 leak indicator
  • Lynx1 event · 1 leak indicator
France3
  • CL0P1 event · 1 leak indicator
  • Medusa1 event · 1 leak indicator
  • RALord1 event · 1 leak indicator
Germany3
  • Lynx1 event · 1 leak indicator
  • RALord1 event · 1 leak indicator
  • SAFEPAY1 event · 1 leak indicator
Switzerland3
  • DragonForce1 event · 1 leak indicator
  • PEAR1 event · 1 leak indicator
  • Qilin1 event · 1 leak indicator
India2
  • Kryptos1 event · 1 leak indicator
  • RALord1 event · 1 leak indicator

Sector mix

Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
Construction7
  • PLAY2 events · 2 leak indicators
  • DragonForce1 event · 1 leak indicator
  • Qilin1 event · 0 leak indicators
  • RALord1 event · 1 leak indicator
  • SAFEPAY1 event · 1 leak indicator
  • Sinobi1 event · 1 leak indicator
Real Estate7
  • Qilin3 events · 2 leak indicators
  • Akira1 event · 1 leak indicator
  • BlackField1 event · 0 leak indicators
  • SAFEPAY1 event · 1 leak indicator
  • Sinobi1 event · 1 leak indicator
Financial Services6
  • Akira1 event · 1 leak indicator
  • BlackShrantac1 event · 0 leak indicators
  • CL0P1 event · 1 leak indicator
  • Genesis1 event · 1 leak indicator
  • Qilin1 event · 0 leak indicators
  • RansomHouse1 event · 0 leak indicators
Government Administration5
  • Lynx2 events · 2 leak indicators
  • Brain Cipher1 event · 0 leak indicators
  • Medusa1 event · 1 leak indicator
  • Qilin1 event · 0 leak indicators
Law Practice5
  • Anubis2 events · 0 leak indicators
  • BlackField1 event · 0 leak indicators
  • LeakedData1 event · 1 leak indicator
  • Qilin1 event · 0 leak indicators
Oil and Gas5
  • DragonForce1 event · 1 leak indicator
  • Genesis1 event · 1 leak indicator
  • INC Ransom1 event · 1 leak indicator
  • Lynx1 event · 1 leak indicator
  • RansomHouse1 event · 0 leak indicators
Hospitality4
  • Obscura1 event · 1 leak indicator
  • Qilin1 event · 1 leak indicator
  • RALord1 event · 1 leak indicator
  • World Leaks1 event · 1 leak indicator
Legal Services4
  • Genesis2 events · 2 leak indicators
  • Akira1 event · 1 leak indicator
  • Kairos1 event · 1 leak indicator

Organization size bands

Share of weekly events by employee-size group across the last 12 reporting windows.
  • 51-200 employees 35
  • 11-50 employees 28
  • 201-500 employees 22
  • 2-10 employees 15
  • 1,001-5,000 employees 13
  • 501-1,000 employees 10

Notable actor profile updates

Active actor records only.
New ransom note observed
No ransom-note change logged in this reporting window.
New actor infrastructure / contact channel
No infrastructure/contact-channel change logged in this reporting window.
New vuln / TTP intelligence
No vuln/TTP change logged in this reporting window.

Recent signal samples

Selected weekly signals.
Actor Sector Country Leak proof Seen
Coinbase Cartel Ground Passenger Transportation Canada Claim only 2025-10-26
PLAY Construction United States Data leak 2025-10-26
PLAY Retail Groceries United States Data leak 2025-10-26
Gentlemen Investment Management Vietnam Claim only 2025-10-26
Qilin IT Services and IT Consulting Sweden Claim only 2025-10-26
Everest Airlines and Aviation Ireland Claim only 2025-10-26
Qilin Non-profit Organizations United States Data leak 2025-10-26
INC Ransom Oil and Gas United States Data leak 2025-10-26
Everest Airlines and Aviation United Arab Emirates Claim only 2025-10-26
DragonForce Industrial Machinery Manufacturing United States Data leak 2025-10-26
DragonForce Oil and Gas United States Data leak 2025-10-26
DragonForce Construction United States Data leak 2025-10-26

News and research context

Recent articles from the same time window.
Warlock Ransomware: Old Actor, New Tricks? 2025-10-23
Related actor: Warlock
The China-based actor behind the Warlock ransomware may not be a new player and has links to malicious activity dating as far back as 2019. The Warlock ransomware first appeare…
Information about IT Incident - Yunex Traffic Global | EN 2025-10-22
Related actor: Crimson Collective
Yunex Traffic recently took action to manage unauthorized access to limited parts of our internal product development IT systems. We immediately took steps to secure our systems a…
【重要】ランサムウェア感染によるシステム障害発生によるご注文受付停止のお知らせとお詫び 2025-10-20
Related actor: RansomHouse
現在、アスクルWebサイトにてランサムウェア感染によるシステム障害が発生しており、受注、出荷業務を停止しております。 個人情報や顧客データなどの外部への流出を含めた影響範囲については現在調査を進めており、わかり次第お知らせいたします。

Notes

  • Observed events reflect monitored leak-site and extortion activity, not independent confirmation of every intrusion.
  • Data-leak indicators reflect visible public leak evidence or escalation, which is stronger than a fresh listing alone.
  • Country, sector, and company-size metadata can be incomplete. Unknown values are excluded from the public mix views.
  • The goal is to explain concentration, escalation, churn, and patterns — not to build a wall of named victims.

Method

  • The page uses a fixed seven-day window based on the selected date.
  • Only public-facing actor and event records are included.
  • Counts and breakdowns are designed for trend review, not incident confirmation.