I am writing to inform you that it appears the school and sixth form has been a victim of a cyber-attack. This has taken down the school IT system. This means that we currently do…
Weekly intelligence
Trend-first
Weekly ransomware & data leak landscape
A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch.
Window: 2025-12-31 → 2026-01-06 UTC
Choose a report date
Observed events
114
Public claims in the selected week
Data leak indicators
64
56.1% of observed events
Active actors
22
Distinct groups with observed activity
Torrent-linked events
1
Events intersecting with torrent intelligence
What changed this week?
•
Qilin generated the highest visible claim volume this week, representing 23.7% of observed events.
•
56.1% of observed events in this window showed a public data-leak indicator, which is a stronger escalation signal than a fresh listing alone.
•
Construction was the most represented sector in this window with 12 observed events.
•
2 actor(s) appeared active this week without matching activity in the prior 30-day lookback, suggesting fresh campaigns, rebrands, or resurfacing infrastructure.
•
1 observed events in this week intersected with torrent intelligence, which is useful for understanding data-distribution tactics beyond plain leak-site posts.
Coverage snapshot
As of 2026-01-06 UTC.
Leak sites observed this week
22
Leak sites online near report date
0
Threat actor profiles updated this week
1
Countries represented this week
24
Sectors represented this week
59
Top active actors
By observed claim volumeQilin
27 events · 9 leak indicators
Lynx
21 events · 2 leak indicators
Sinobi
15 events · 15 leak indicators
PLAY
11 events · 11 leak indicators
Dire Wolf
7 events · 7 leak indicators
Akira
5 events · 1 leak indicator
INC Ransom
5 events · 1 leak indicator
Everest
4 events · 3 leak indicators
Emerging or resurfacing actors
No matching activity in prior 30 days- Sicari 1 event
- Vect 1 event
Country mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
United States63
- Qilin16 events · 8 leak indicators
- Sinobi13 events · 13 leak indicators
- PLAY9 events · 9 leak indicators
- Lynx8 events · 1 leak indicator
- Akira3 events · 0 leak indicators
- DragonForce2 events · 2 leak indicators
- Everest2 events · 2 leak indicators
- INC Ransom2 events · 0 leak indicators
France6
- Lynx3 events · 0 leak indicators
- Dire Wolf1 event · 1 leak indicator
- RALord1 event · 1 leak indicator
- Sinobi1 event · 1 leak indicator
Australia5
- Lynx4 events · 0 leak indicators
- Qilin1 event · 0 leak indicators
Germany5
- Akira2 events · 1 leak indicator
- Everest1 event · 0 leak indicators
- PLAY1 event · 1 leak indicator
- Qilin1 event · 0 leak indicators
Canada4
- Lynx2 events · 0 leak indicators
- INC Ransom1 event · 1 leak indicator
- PLAY1 event · 1 leak indicator
Italy3
- BrotherHood1 event · 0 leak indicators
- Qilin1 event · 0 leak indicators
- RALord1 event · 1 leak indicator
Spain3
- Dire Wolf1 event · 1 leak indicator
- INC Ransom1 event · 0 leak indicators
- Sinobi1 event · 1 leak indicator
Turkey3
- Qilin2 events · 1 leak indicator
- Dire Wolf1 event · 1 leak indicator
Sector mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
Construction12
- Qilin4 events · 1 leak indicator
- Akira2 events · 1 leak indicator
- PLAY2 events · 2 leak indicators
- Sinobi2 events · 2 leak indicators
- Lynx1 event · 0 leak indicators
- Rhysida1 event · 1 leak indicator
Appliances, Electrical, and Electronics Manufacturing7
- Lynx3 events · 0 leak indicators
- Qilin2 events · 1 leak indicator
- Chaos1 event · 1 leak indicator
- DragonForce1 event · 1 leak indicator
Hospitals and Health Care6
- Qilin4 events · 2 leak indicators
- Medusa1 event · 1 leak indicator
- Sinobi1 event · 1 leak indicator
Government Administration5
- Lynx3 events · 0 leak indicators
- INC Ransom1 event · 0 leak indicators
- Tengu1 event · 1 leak indicator
Information Technology and Services4
- PLAY2 events · 2 leak indicators
- Everest1 event · 1 leak indicator
- Qilin1 event · 1 leak indicator
IT Services and IT Consulting3
- BQTlock1 event · 0 leak indicators
- DragonForce1 event · 1 leak indicator
- INC Ransom1 event · 0 leak indicators
Mining3
- Lynx1 event · 0 leak indicators
- PLAY1 event · 1 leak indicator
- Qilin1 event · 0 leak indicators
Accounting2
- Dire Wolf1 event · 1 leak indicator
- PLAY1 event · 1 leak indicator
Organization size bands
Share of weekly events by employee-size group across the last 12 reporting windows.
- 51-200 employees 39
- 11-50 employees 36
- 201-500 employees 15
- 501-1,000 employees 7
- 1,001-5,000 employees 5
- 2-10 employees 5
Notable actor profile updates
Active actor records only.
New ransom note observed
No ransom-note change logged in this reporting window.
New actor infrastructure / contact channel
No infrastructure/contact-channel change logged in this reporting window.
New vuln / TTP intelligence
No vuln/TTP change logged in this reporting window.
Recent signal samples
Selected weekly signals.
| Actor | Sector | Country | Leak proof | Seen |
|---|---|---|---|---|
| Everest | Information Technology and Services | United States | Data leak | 2026-01-06 |
| Gentlemen | Oil and Gas | Romania | Claim only | 2026-01-06 |
| Qilin | Beverage Manufacturing | United Kingdom | Claim only | 2026-01-06 |
| INTERLOCK | Wellness and Fitness Services | United States | Data leak | 2026-01-06 |
| INTERLOCK | Aviation and Aerospace | United Kingdom | Data leak | 2026-01-06 |
| Qilin | Artists and Writers | United States | Data leak | 2026-01-06 |
| Rhysida | Construction | United States | Data leak | 2026-01-06 |
| RALord | Food Production | France | Data leak | 2026-01-06 |
| Qilin | Hospitals and Health Care | United States | Claim only | 2026-01-06 |
| Qilin | Hospitals and Health Care | United States | Data leak | 2026-01-06 |
| Qilin | Oil and Gas | United States | Claim only | 2026-01-06 |
| PLAY | Construction | United States | Data leak | 2026-01-06 |
News and research context
Recent articles from the same time window.
Brightspeed Investigating Cyberattack
2026-01-05
Related actor: Crimson Collective
US fiber broadband provider Brightspeed is investigating claims of a cyberattack after a notorious hacking group boasted about breaching its systems.
The investigation was trig…
Leduc Country target of cybersecurity attack
2026-01-05
Leduc County said it was the target of a deliberate cybersecurity attack which disabled some of the county’s information technology (IT) systems.
A news release issued Sunday a…
Notes
- Observed events reflect monitored leak-site and extortion activity, not independent confirmation of every intrusion.
- Data-leak indicators reflect visible public leak evidence or escalation, which is stronger than a fresh listing alone.
- Country, sector, and company-size metadata can be incomplete. Unknown values are excluded from the public mix views.
- The goal is to explain concentration, escalation, churn, and patterns — not to build a wall of named victims.
Method
- The page uses a fixed seven-day window based on the selected date.
- Only public-facing actor and event records are included.
- Counts and breakdowns are designed for trend review, not incident confirmation.