The Superior Court of San Joaquin said that it experienced a cybersecurity incident last year during which personal information was leaked.
Officials said an unauthorized pers…
Weekly intelligence
Trend-first
Weekly ransomware & data leak landscape
A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch.
Window: 2025-11-05 → 2025-11-11 UTC
Choose a report date
Observed events
212
Public claims in the selected week
Data leak indicators
122
57.5% of observed events
Active actors
33
Distinct groups with observed activity
Torrent-linked events
13
Events intersecting with torrent intelligence
What changed this week?
•
Kazu generated the highest visible claim volume this week, representing 16.5% of observed events.
•
57.5% of observed events in this window showed a public data-leak indicator, which is a stronger escalation signal than a fresh listing alone.
•
Government Administration was the most represented sector in this window with 28 observed events.
•
4 actor(s) appeared active this week without matching activity in the prior 30-day lookback, suggesting fresh campaigns, rebrands, or resurfacing infrastructure.
•
13 observed events in this week intersected with torrent intelligence, which is useful for understanding data-distribution tactics beyond plain leak-site posts.
Coverage snapshot
As of 2025-11-11 UTC.
Leak sites observed this week
33
Leak sites online near report date
0
Threat actor profiles updated this week
3
Countries represented this week
49
Sectors represented this week
77
Top active actors
By observed claim volumeKazu
35 events · 0 leak indicators
Qilin
35 events · 21 leak indicators
CL0P
23 events · 21 leak indicators
Warlock
17 events · 9 leak indicators
Akira
15 events · 13 leak indicators
INC Ransom
13 events · 6 leak indicators
NightSpire
9 events · 9 leak indicators
PLAY
6 events · 6 leak indicators
Emerging or resurfacing actors
No matching activity in prior 30 days- Kazu 35 events
- Warlock 17 events
- Cloak 2 events
- WikiLeaksV2 2 events
Country mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
United States85
- Qilin20 events · 13 leak indicators
- Akira14 events · 12 leak indicators
- CL0P12 events · 11 leak indicators
- INC Ransom6 events · 5 leak indicators
- PLAY4 events · 4 leak indicators
- Anubis3 events · 0 leak indicators
- Genesis3 events · 0 leak indicators
- SAFEPAY3 events · 3 leak indicators
Mexico11
- Kazu10 events · 0 leak indicators
- NightSpire1 event · 1 leak indicator
United Kingdom9
- CL0P4 events · 3 leak indicators
- Warlock2 events · 1 leak indicator
- DragonForce1 event · 1 leak indicator
- Genesis1 event · 0 leak indicators
- Qilin1 event · 1 leak indicator
Austria7
- INC Ransom5 events · 0 leak indicators
- Qilin2 events · 0 leak indicators
Canada7
- Qilin3 events · 2 leak indicators
- PLAY2 events · 2 leak indicators
- Akira1 event · 1 leak indicator
- DragonForce1 event · 1 leak indicator
Italy6
- Qilin2 events · 2 leak indicators
- DragonForce1 event · 1 leak indicator
- Everest1 event · 1 leak indicator
- RansomHouse1 event · 1 leak indicator
- Warlock1 event · 0 leak indicators
Colombia5
- Kazu5 events · 0 leak indicators
India4
- NightSpire2 events · 2 leak indicators
- Gentlemen1 event · 0 leak indicators
- Kazu1 event · 0 leak indicators
Sector mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
Government Administration28
- Kazu20 events · 0 leak indicators
- Qilin2 events · 1 leak indicator
- Beast1 event · 0 leak indicators
- INTERLOCK1 event · 1 leak indicator
- Kryptos1 event · 1 leak indicator
- NightSpire1 event · 1 leak indicator
- RALord1 event · 1 leak indicator
- Sinobi1 event · 1 leak indicator
Construction13
- Qilin3 events · 3 leak indicators
- Akira2 events · 2 leak indicators
- Genesis2 events · 0 leak indicators
- BrotherHood1 event · 0 leak indicators
- CL0P1 event · 1 leak indicator
- Devman1 event · 1 leak indicator
- INTERLOCK1 event · 1 leak indicator
- RansomHouse1 event · 0 leak indicators
Hospitality5
- Qilin2 events · 2 leak indicators
- CL0P1 event · 1 leak indicator
- INC Ransom1 event · 1 leak indicator
- Medusa1 event · 1 leak indicator
Hospitals and Health Care5
- Anubis1 event · 0 leak indicators
- CL0P1 event · 1 leak indicator
- Kazu1 event · 0 leak indicators
- Medusa1 event · 1 leak indicator
- Qilin1 event · 1 leak indicator
Industrial Machinery Manufacturing5
- DragonForce1 event · 1 leak indicator
- Genesis1 event · 0 leak indicators
- J Group1 event · 0 leak indicators
- Nitrogen1 event · 1 leak indicator
- Warlock1 event · 0 leak indicators
Legal Services5
- Qilin3 events · 1 leak indicator
- Akira2 events · 1 leak indicator
Medical Practice5
- Anubis2 events · 0 leak indicators
- Rhysida1 event · 1 leak indicator
- SAFEPAY1 event · 1 leak indicator
- Sinobi1 event · 1 leak indicator
Mining5
- Akira1 event · 1 leak indicator
- Beast1 event · 0 leak indicators
- Medusa1 event · 1 leak indicator
- Nitrogen1 event · 1 leak indicator
- Payouts King1 event · 1 leak indicator
Organization size bands
Share of weekly events by employee-size group across the last 12 reporting windows.
- 11-50 employees 41
- 51-200 employees 39
- 1,001-5,000 employees 24
- 201-500 employees 22
- 10,001+ employees 15
- 501-1,000 employees 15
Notable actor profile updates
Active actor records only.
New ransom note observed
No ransom-note change logged in this reporting window.
New actor infrastructure / contact channel
No infrastructure/contact-channel change logged in this reporting window.
New vuln / TTP intelligence
No vuln/TTP change logged in this reporting window.
Recent signal samples
Selected weekly signals.
| Actor | Sector | Country | Leak proof | Seen |
|---|---|---|---|---|
| RansomHouse | Textile Manufacturing | Italy | Data leak | 2025-11-11 |
| Anubis | Hospitals and Health Care | United States | Claim only | 2025-11-11 |
| Anubis | Medical Practice | United States | Claim only | 2025-11-11 |
| CL0P | Higher Education | United States | Data leak | 2025-11-11 |
| Payouts King | Mining | United States | Data leak | 2025-11-11 |
| SAFEPAY | Medical Practice | United States | Data leak | 2025-11-11 |
| Genesis | Construction | United States | Claim only | 2025-11-11 |
| Genesis | Law Practice | United Kingdom | Claim only | 2025-11-11 |
| Genesis | Industrial Machinery Manufacturing | United States | Claim only | 2025-11-11 |
| Genesis | Construction | United States | Claim only | 2025-11-11 |
| Akira | Legal Services | United States | Claim only | 2025-11-11 |
| Akira | Accounting | United States | Claim only | 2025-11-11 |
News and research context
Recent articles from the same time window.
Related actor: Yanluowang
A25-year-old Russian national pleaded guilty to multiple charges stemming from their participation in ransomware attacks and faces a maximum penalty up to 53 years in prison.
A…
Related actor: Nitrogen
The Nitrogen group is a sophisticated and financially motivated threat group that was first observed as a malware developer and operator in 2023. Since discovery, Nitrogen has tra…
Decrypted: Midnight Ransomware
2025-11-07
This blog dives into the technical anatomy of Midnight, its lineage from Babuk, and the critical indicators of infection. Most importantly, it offers a practical guide to decrypti…
The State of Nevada’s Governor’s Technology Office (GTO), under the leadership ofthe Office of the CIO, coordinated the remediation of a targeted cybersecuritybreach that disrupte…
RTV Noord is slachtoffer geworden van hackers. Dat heeft grote gevolgen voor uitzendingen en publicaties op al onze platforms. Er wordt hard gewerkt aan een oplossing. Het is nog…
Related actor: Hunters International
The $2.3-billion Communication Federal Credit Union has agreed to a $2.9-million settlement following a class-action lawsuit tied to a data breach that occurred between late Decem…
Notes
- Observed events reflect monitored leak-site and extortion activity, not independent confirmation of every intrusion.
- Data-leak indicators reflect visible public leak evidence or escalation, which is stronger than a fresh listing alone.
- Country, sector, and company-size metadata can be incomplete. Unknown values are excluded from the public mix views.
- The goal is to explain concentration, escalation, churn, and patterns — not to build a wall of named victims.
Method
- The page uses a fixed seven-day window based on the selected date.
- Only public-facing actor and event records are included.
- Counts and breakdowns are designed for trend review, not incident confirmation.