GLOVERSVILLE, N.Y. (NEWS10)– On Saturday, the city of Gloversville announced it was hit by a ransomware attack. According to officials, a digital ransom note was discovered by the…
Weekly intelligence
Trend-first
Weekly ransomware & data leak landscape
A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch.
Window: 2025-10-22 → 2025-10-28 UTC
Choose a report date
Observed events
160
Public claims in the selected week
Data leak indicators
113
70.6% of observed events
Active actors
35
Distinct groups with observed activity
Torrent-linked events
8
Events intersecting with torrent intelligence
What changed this week?
•
Qilin generated the highest visible claim volume this week, representing 24.4% of observed events.
•
70.6% of observed events in this window showed a public data-leak indicator, which is a stronger escalation signal than a fresh listing alone.
•
Real Estate was the most represented sector in this window with 10 observed events.
•
4 actor(s) appeared active this week without matching activity in the prior 30-day lookback, suggesting fresh campaigns, rebrands, or resurfacing infrastructure.
•
8 observed events in this week intersected with torrent intelligence, which is useful for understanding data-distribution tactics beyond plain leak-site posts.
•
1 tracked leak sites were still online as of the report date snapshot, giving useful context on current ecosystem churn and monitoring pressure.
Coverage snapshot
As of 2025-10-28 UTC.
Leak sites observed this week
35
Leak sites online near report date
1
Threat actor profiles updated this week
2
Countries represented this week
36
Sectors represented this week
71
Top active actors
By observed claim volumeQilin
39 events · 19 leak indicators
PLAY
11 events · 11 leak indicators
Akira
10 events · 8 leak indicators
CL0P
8 events · 8 leak indicators
Sinobi
8 events · 8 leak indicators
Everest
6 events · 1 leak indicator
Tengu
6 events · 6 leak indicators
Devman
5 events · 4 leak indicators
Emerging or resurfacing actors
No matching activity in prior 30 days- Tengu 6 events
- NightSpire 4 events
- CiphBit 3 events
- Leaknet Blog 1 event
Country mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
United States73
- Qilin21 events · 11 leak indicators
- Akira9 events · 8 leak indicators
- PLAY8 events · 8 leak indicators
- CL0P5 events · 5 leak indicators
- Sinobi4 events · 4 leak indicators
- DragonForce3 events · 3 leak indicators
- Genesis3 events · 0 leak indicators
- Rhysida3 events · 3 leak indicators
Canada10
- Qilin3 events · 1 leak indicator
- PLAY2 events · 2 leak indicators
- Anubis1 event · 0 leak indicators
- CL0P1 event · 1 leak indicator
- Coinbase Cartel1 event · 0 leak indicators
- INC Ransom1 event · 1 leak indicator
- SAFEPAY1 event · 1 leak indicator
France5
- CiphBit1 event · 1 leak indicator
- CL0P1 event · 1 leak indicator
- INC Ransom1 event · 1 leak indicator
- Medusa1 event · 1 leak indicator
- RALord1 event · 1 leak indicator
Germany5
- Beast1 event · 0 leak indicators
- Chaos1 event · 1 leak indicator
- CiphBit1 event · 1 leak indicator
- Everest1 event · 0 leak indicators
- SAFEPAY1 event · 1 leak indicator
Australia4
- Anubis1 event · 0 leak indicators
- CL0P1 event · 1 leak indicator
- Lynx1 event · 1 leak indicator
- Sinobi1 event · 1 leak indicator
Brazil4
- Beast2 events · 0 leak indicators
- Sinobi1 event · 1 leak indicator
- Tengu1 event · 1 leak indicator
Thailand4
- NightSpire3 events · 3 leak indicators
- INC Ransom1 event · 1 leak indicator
India3
- Kryptos1 event · 1 leak indicator
- NightSpire1 event · 1 leak indicator
- RALord1 event · 1 leak indicator
Sector mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
Real Estate10
- Qilin4 events · 2 leak indicators
- Akira1 event · 1 leak indicator
- BlackField1 event · 0 leak indicators
- INC Ransom1 event · 1 leak indicator
- NightSpire1 event · 1 leak indicator
- PEAR1 event · 1 leak indicator
- SAFEPAY1 event · 1 leak indicator
Law Practice9
- Anubis2 events · 0 leak indicators
- Qilin2 events · 1 leak indicator
- Akira1 event · 1 leak indicator
- BlackField1 event · 0 leak indicators
- Genesis1 event · 0 leak indicators
- LeakedData1 event · 1 leak indicator
- PEAR1 event · 1 leak indicator
Construction8
- PLAY2 events · 2 leak indicators
- Qilin2 events · 0 leak indicators
- BlackNevas1 event · 0 leak indicators
- CL0P1 event · 1 leak indicator
- DragonForce1 event · 1 leak indicator
- SAFEPAY1 event · 1 leak indicator
Financial Services7
- Akira1 event · 1 leak indicator
- CL0P1 event · 1 leak indicator
- Genesis1 event · 0 leak indicators
- INC Ransom1 event · 1 leak indicator
- Qilin1 event · 0 leak indicators
- RansomHouse1 event · 0 leak indicators
- Sinobi1 event · 1 leak indicator
Oil and Gas5
- DragonForce1 event · 1 leak indicator
- INC Ransom1 event · 1 leak indicator
- Leaknet Blog1 event · 1 leak indicator
- Qilin1 event · 1 leak indicator
- RansomHouse1 event · 0 leak indicators
Retail5
- NightSpire2 events · 2 leak indicators
- PLAY1 event · 1 leak indicator
- Qilin1 event · 0 leak indicators
- Sinobi1 event · 1 leak indicator
Hospitals and Health Care4
- Qilin2 events · 0 leak indicators
- Devman1 event · 0 leak indicators
- Rhysida1 event · 1 leak indicator
Transportation, Logistics, Supply Chain and Storage4
- Chaos1 event · 1 leak indicator
- Medusa1 event · 1 leak indicator
- PLAY1 event · 1 leak indicator
- Sinobi1 event · 1 leak indicator
Organization size bands
Share of weekly events by employee-size group across the last 12 reporting windows.
- 51-200 employees 41
- 11-50 employees 28
- 201-500 employees 19
- 1,001-5,000 employees 15
- 2-10 employees 13
- 501-1,000 employees 13
Notable actor profile updates
Active actor records only.
New ransom note observed
No ransom-note change logged in this reporting window.
New actor infrastructure / contact channel
No infrastructure/contact-channel change logged in this reporting window.
New vuln / TTP intelligence
No vuln/TTP change logged in this reporting window.
Recent signal samples
Selected weekly signals.
| Actor | Sector | Country | Leak proof | Seen |
|---|---|---|---|---|
| Sinobi | Environmental Services | United States | Data leak | 2025-10-28 |
| Sinobi | Financial Services | United States | Data leak | 2025-10-28 |
| BlackShrantac | Business Consulting and Services | United States | Claim only | 2025-10-28 |
| Genesis | Industrial Machinery Manufacturing | United States | Claim only | 2025-10-28 |
| INC Ransom | Financial Services | Tunisia | Data leak | 2025-10-28 |
| Qilin | Law Practice | United States | Data leak | 2025-10-28 |
| Rhysida | Automotive | United States | Data leak | 2025-10-28 |
| NightSpire | Retail | Thailand | Data leak | 2025-10-28 |
| NightSpire | Real Estate | Thailand | Data leak | 2025-10-28 |
| NightSpire | Retail | India | Data leak | 2025-10-28 |
| PLAY | Motor Vehicle Manufacturing | United States | Data leak | 2025-10-28 |
| PLAY | Transportation, Logistics, Supply Chain and Storage | Canada | Data leak | 2025-10-28 |
News and research context
Recent articles from the same time window.
Related actor: Qilin
In recent trends, the open-source software Cyberduck — which enables file transfers to cloud servers — has been widely abused in cases involving Qilin ransomware. By abusing legit…
The Irish government 's Housing Agency said it had been notified of the "cyber incident" involving engineering firm, Jennings O'Donovan, which assesses defective block grant schem…
The new guidance helps organisations spot weaknesses in their supply chain before criminals do – setting out clear practical steps to check the security of key suppliers and safeg…
Warlock Ransomware: Old Actor, New Tricks?
2025-10-23
Related actor: Warlock
The China-based actor behind the Warlock ransomware may not be a new player and has links to malicious activity dating as far back as 2019.
The Warlock ransomware first appeare…
Der Metallverarbeiter Nickelhütte Aue wurde Ziel einer Cyberattacke. Das Unternehmen kämpft aktuell mit verschlüsselten Daten und IT-Ausfällen.
Wie die Nickelhütte Aue auf ihre…
Related actor: Qilin
Qilin n'est pas un groupe de pirates informatiques, mais une "franchise" qui permet d'utiliser ses services contre rémunération. Apparue en 2022, elle reste nimbée de mystère.…
NEW YORK – New York Attorney General Letitia James today announced a settlement with a public accounting firm, Wojeski & Company (Wojeski), to strengthen its data security to prot…
On October 15, 2025, Jewett-Cameron Trading Co. Ltd. (the "Company") learned that a threat actor had gained unauthorized access to portions of the Company's information technology…
Related actor: Crimson Collective
Yunex Traffic recently took action to manage unauthorized access to limited parts of our internal product development IT systems. We immediately took steps to secure our systems a…
Notes
- Observed events reflect monitored leak-site and extortion activity, not independent confirmation of every intrusion.
- Data-leak indicators reflect visible public leak evidence or escalation, which is stronger than a fresh listing alone.
- Country, sector, and company-size metadata can be incomplete. Unknown values are excluded from the public mix views.
- The goal is to explain concentration, escalation, churn, and patterns — not to build a wall of named victims.
Method
- The page uses a fixed seven-day window based on the selected date.
- Only public-facing actor and event records are included.
- Counts and breakdowns are designed for trend review, not incident confirmation.