Weekly intelligence Trend-first

Weekly ransomware & data leak landscape

A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch.

Window: 2026-01-14 → 2026-01-20 UTC
Choose a report date
Previous week Next week
Observed events
157
Public claims in the selected week
Data leak indicators
87
55.4% of observed events
Active actors
24
Distinct groups with observed activity
Torrent-linked events
4
Events intersecting with torrent intelligence

What changed this week?

Qilin generated the highest visible claim volume this week, representing 21.7% of observed events.
55.4% of observed events in this window showed a public data-leak indicator, which is a stronger escalation signal than a fresh listing alone.
Construction was the most represented sector in this window with 13 observed events.
2 actor(s) appeared active this week without matching activity in the prior 30-day lookback, suggesting fresh campaigns, rebrands, or resurfacing infrastructure.
4 observed events in this week intersected with torrent intelligence, which is useful for understanding data-distribution tactics beyond plain leak-site posts.
6 tracked leak sites were still online as of the report date snapshot, giving useful context on current ecosystem churn and monitoring pressure.

Coverage snapshot

As of 2026-01-20 UTC.
Leak sites observed this week
24
Leak sites online near report date
6
Threat actor profiles updated this week
0
Countries represented this week
38
Sectors represented this week
73

Top active actors

By observed claim volume
Qilin
34 events · 13 leak indicators
Gentlemen
27 events · 1 leak indicator
Sinobi
15 events · 14 leak indicators
Akira
14 events · 2 leak indicators
CL0P
10 events · 10 leak indicators
Tengu
10 events · 10 leak indicators
Everest
7 events · 7 leak indicators
INC Ransom
7 events · 7 leak indicators

Emerging or resurfacing actors

No matching activity in prior 30 days
  • Eraleignews 1 event
  • Sarcoma 1 event

Country mix

Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
United States63
  • Qilin13 events · 4 leak indicators
  • Akira12 events · 0 leak indicators
  • Sinobi9 events · 9 leak indicators
  • CL0P6 events · 6 leak indicators
  • INC Ransom5 events · 5 leak indicators
  • Genesis4 events · 0 leak indicators
  • PLAY4 events · 4 leak indicators
  • Everest2 events · 2 leak indicators
United Kingdom11
  • Sinobi3 events · 2 leak indicators
  • Qilin2 events · 2 leak indicators
  • CL0P1 event · 1 leak indicator
  • DragonForce1 event · 1 leak indicator
  • Eraleignews1 event · 1 leak indicator
  • Everest1 event · 1 leak indicator
  • Genesis1 event · 0 leak indicators
  • INC Ransom1 event · 1 leak indicator
Canada6
  • Qilin2 events · 1 leak indicator
  • CL0P1 event · 1 leak indicator
  • DragonForce1 event · 1 leak indicator
  • INC Ransom1 event · 1 leak indicator
  • Nitrogen1 event · 1 leak indicator
Italy6
  • Qilin3 events · 1 leak indicator
  • Gentlemen2 events · 0 leak indicators
  • Sarcoma1 event · 1 leak indicator
Taiwan5
  • Everest3 events · 3 leak indicators
  • Gentlemen1 event · 0 leak indicators
  • Qilin1 event · 0 leak indicators
India4
  • Tengu2 events · 2 leak indicators
  • Everest1 event · 1 leak indicator
  • Sinobi1 event · 1 leak indicator
Malaysia4
  • Gentlemen3 events · 0 leak indicators
  • Qilin1 event · 1 leak indicator
Spain4
  • Qilin2 events · 1 leak indicator
  • Gentlemen1 event · 0 leak indicators
  • NightSpire1 event · 1 leak indicator

Sector mix

Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
Construction13
  • Qilin7 events · 3 leak indicators
  • Akira2 events · 0 leak indicators
  • DragonForce1 event · 1 leak indicator
  • INC Ransom1 event · 1 leak indicator
  • SAFEPAY1 event · 1 leak indicator
  • Tengu1 event · 1 leak indicator
Financial Services7
  • Gentlemen3 events · 1 leak indicator
  • CL0P2 events · 2 leak indicators
  • Eraleignews1 event · 1 leak indicator
  • RALord1 event · 1 leak indicator
Law Practice7
  • Qilin2 events · 1 leak indicator
  • Sinobi2 events · 2 leak indicators
  • Akira1 event · 0 leak indicators
  • CL0P1 event · 1 leak indicator
  • MS13-0891 event · 0 leak indicators
Government Administration5
  • Gentlemen2 events · 0 leak indicators
  • Genesis1 event · 0 leak indicators
  • Sinobi1 event · 1 leak indicator
  • Tengu1 event · 1 leak indicator
Hospitals and Health Care5
  • Benzona1 event · 0 leak indicators
  • Qilin1 event · 0 leak indicators
  • SAFEPAY1 event · 1 leak indicator
  • Sinobi1 event · 1 leak indicator
  • Tengu1 event · 1 leak indicator
Machinery Manufacturing5
  • Gentlemen2 events · 0 leak indicators
  • Akira1 event · 0 leak indicators
  • Everest1 event · 1 leak indicator
  • Tengu1 event · 1 leak indicator
Retail5
  • Gentlemen2 events · 0 leak indicators
  • Tengu2 events · 2 leak indicators
  • Qilin1 event · 0 leak indicators
IT Services and IT Consulting4
  • Gentlemen2 events · 0 leak indicators
  • Everest1 event · 1 leak indicator
  • Qilin1 event · 1 leak indicator

Organization size bands

Share of weekly events by employee-size group across the last 12 reporting windows.
  • 11-50 employees 43
  • 51-200 employees 43
  • 1,001-5,000 employees 15
  • 201-500 employees 15
  • 501-1,000 employees 14
  • 2-10 employees 9

Notable actor profile updates

Active actor records only.
New ransom note observed
No ransom-note change logged in this reporting window.
New actor infrastructure / contact channel
No infrastructure/contact-channel change logged in this reporting window.
New vuln / TTP intelligence
No vuln/TTP change logged in this reporting window.

Recent signal samples

Selected weekly signals.
Actor Sector Country Leak proof Seen
Gentlemen Non-profit Organizations Dominican Republic Claim only 2026-01-20
Gentlemen Retail Czech Republic Claim only 2026-01-20
Gentlemen Fire Protection United Arab Emirates Claim only 2026-01-20
Gentlemen IT Services and IT Consulting France Claim only 2026-01-20
CL0P Financial Services United States Data leak 2026-01-20
CL0P Financial Services United Kingdom Data leak 2026-01-20
CL0P Food and Beverage Manufacturing New Zealand Data leak 2026-01-20
CL0P Law Practice United States Data leak 2026-01-20
CL0P Software Development United States Data leak 2026-01-20
CL0P Public Relations and Communications Services United States Data leak 2026-01-20
CL0P Real Estate United States Data leak 2026-01-20
CL0P Retail Office Equipment France Data leak 2026-01-20

News and research context

Recent articles from the same time window.
Cyber incidents - Inverclyde Council 2026-01-20
Inverclyde Council has experienced cyber incidents which include an education user account being compromised. We continue to work with the relevant authorities and partners.…
Detailed Analysis of DragonForce Ransomware 2026-01-15
Related actor: DragonForce
The DragonForce ransomware group was first discovered on December 13, 2023, when a user named @dragonforce, active on BreachForums uploaded a post titled “aglgases.com — gigabytes…

Notes

  • Observed events reflect monitored leak-site and extortion activity, not independent confirmation of every intrusion.
  • Data-leak indicators reflect visible public leak evidence or escalation, which is stronger than a fresh listing alone.
  • Country, sector, and company-size metadata can be incomplete. Unknown values are excluded from the public mix views.
  • The goal is to explain concentration, escalation, churn, and patterns — not to build a wall of named victims.

Method

  • The page uses a fixed seven-day window based on the selected date.
  • Only public-facing actor and event records are included.
  • Counts and breakdowns are designed for trend review, not incident confirmation.