Weekly intelligence Trend-first

Weekly ransomware & data leak landscape

A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch.

Window: 2026-01-26 → 2026-02-01 UTC

Choose a report date

Observed events

196

Public claims in the selected week

Data leak indicators

136

69.4% of observed events

Active actors

Distinct groups with observed activity

Torrent-linked events

Events intersecting with torrent intelligence

What changed this week?

•

CL0P generated the highest visible claim volume this week, representing 23.0% of observed events.

•

69.4% of observed events in this window showed a public data-leak indicator, which is a stronger escalation signal than a fresh listing alone.

•

Construction was the most represented sector in this window with 17 observed events.

•

4 actor(s) appeared active this week without matching activity in the prior 30-day lookback, suggesting fresh campaigns, rebrands, or resurfacing infrastructure.

•

29 observed events in this week intersected with torrent intelligence, which is useful for understanding data-distribution tactics beyond plain leak-site posts.

Coverage snapshot

As of 2026-02-01 UTC.

Leak sites observed this week

Leak sites online near report date

Threat actor profiles updated this week

Countries represented this week

Sectors represented this week

Top active actors

By observed claim volume

CL0P

45 events · 44 leak indicators

INC Ransom

18 events · 15 leak indicators

Qilin

18 events · 3 leak indicators

PLAY

13 events · 12 leak indicators

Akira

11 events · 3 leak indicators

Tengu

11 events · 9 leak indicators

Sinobi

9 events · 9 leak indicators

Devman

8 events · 0 leak indicators

Emerging or resurfacing actors

No matching activity in prior 30 days

Coinbase Cartel 7 events
PEAR 4 events
Abyss 1 event
Money Message 1 event

Country mix

Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.

United States102

CL0P15 events · 14 leak indicators
PLAY12 events · 11 leak indicators
INC Ransom11 events · 10 leak indicators
Akira10 events · 3 leak indicators
Sinobi7 events · 7 leak indicators
Qilin6 events · 2 leak indicators
Devman5 events · 0 leak indicators
Everest4 events · 4 leak indicators

Australia12

CL0P11 events · 11 leak indicators
Qilin1 event · 0 leak indicators

Canada12

CL0P9 events · 9 leak indicators
Sinobi2 events · 2 leak indicators
PLAY1 event · 1 leak indicator

United Kingdom9

CL0P3 events · 3 leak indicators
INC Ransom2 events · 2 leak indicators
Beast1 event · 0 leak indicators
INTERLOCK1 event · 1 leak indicator
Qilin1 event · 0 leak indicators
World Leaks1 event · 1 leak indicator

Germany5

Qilin2 events · 0 leak indicators
Coinbase Cartel1 event · 1 leak indicator
Gentlemen1 event · 0 leak indicators
RALord1 event · 1 leak indicator

Thailand5

INC Ransom2 events · 2 leak indicators
Qilin2 events · 0 leak indicators
BlackShrantac1 event · 0 leak indicators

Hong Kong4

CL0P2 events · 2 leak indicators
Abyss1 event · 1 leak indicator
Gentlemen1 event · 0 leak indicators

France3

Coinbase Cartel1 event · 1 leak indicator
Qilin1 event · 0 leak indicators
Tengu1 event · 1 leak indicator

Sector mix

Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.

Construction17

CL0P4 events · 4 leak indicators
Akira2 events · 0 leak indicators
Devman2 events · 0 leak indicators
INC Ransom2 events · 2 leak indicators
Qilin2 events · 0 leak indicators
DragonForce1 event · 1 leak indicator
Gentlemen1 event · 0 leak indicators
Lynx1 event · 1 leak indicator

IT Services and IT Consulting11

CL0P7 events · 7 leak indicators
Everest1 event · 1 leak indicator
Lynx1 event · 0 leak indicators
Sinobi1 event · 1 leak indicator
World Leaks1 event · 1 leak indicator

Real Estate11

CL0P6 events · 6 leak indicators
Akira2 events · 0 leak indicators
PEAR1 event · 0 leak indicators
PLAY1 event · 1 leak indicator
Tengu1 event · 1 leak indicator

Manufacturing10

CL0P2 events · 2 leak indicators
PLAY2 events · 2 leak indicators
Qilin2 events · 1 leak indicator
Akira1 event · 0 leak indicators
Everest1 event · 1 leak indicator
Gentlemen1 event · 0 leak indicators
Medusa1 event · 1 leak indicator

Hospitality7

CL0P4 events · 4 leak indicators
BlackShrantac1 event · 0 leak indicators
Genesis1 event · 0 leak indicators
Morpheus1 event · 0 leak indicators

Law Practice7

PEAR2 events · 2 leak indicators
CL0P1 event · 1 leak indicator
Devman1 event · 0 leak indicators
INC Ransom1 event · 1 leak indicator
NightSpire1 event · 0 leak indicators
PLAY1 event · 1 leak indicator

Legal Services6

INC Ransom4 events · 2 leak indicators
CL0P2 events · 2 leak indicators

Software Development6

Coinbase Cartel2 events · 1 leak indicator
ShinyHunters2 events · 2 leak indicators
Akira1 event · 0 leak indicators
INC Ransom1 event · 1 leak indicator

Organization size bands

Share of weekly events by employee-size group across the last 12 reporting windows.

11-50 employees 57
51-200 employees 47
2-10 employees 26
201-500 employees 26
1,001-5,000 employees 13
501-1,000 employees 6

Notable actor profile updates

Active actor records only.

New ransom note observed

No ransom-note change logged in this reporting window.

New actor infrastructure / contact channel

No infrastructure/contact-channel change logged in this reporting window.

New vuln / TTP intelligence

No vuln/TTP change logged in this reporting window.

Recent signal samples

Selected weekly signals.

Actor	Sector	Country	Leak proof	Seen
Everest	IT Services and IT Consulting	United States	Data leak	2026-02-01
Everest	Telecommunications	United States	Data leak	2026-02-01
Everest	Machinery Manufacturing	Japan	Data leak	2026-02-01
Everest	Manufacturing	Japan	Data leak	2026-02-01
DragonForce	Construction	United States	Data leak	2026-02-01
PLAY	Manufacturing	United States	Data leak	2026-02-01
Everest	Financial Services	Panama	Data leak	2026-02-01
Everest	Hospitals and Health Care	United States	Data leak	2026-02-01
Everest	Business Consulting and Services	United States	Data leak	2026-02-01
INTERLOCK	Primary and Secondary Education	United States	Data leak	2026-02-01
DragonForce	Motor Vehicle Manufacturing	United States	Data leak	2026-02-01
INC Ransom	Legal Services	United States	Data leak	2026-01-31

News and research context

Recent articles from the same time window.

New Britain’s ‘network disruption’ was due to ransomware attack, mayor says 2026-01-31

NEW BRITAIN, Conn. (WTNH) — New Britain Mayor Bobby Sanchez confirmed Friday that the “network disruption” the city’s police department was experiencing was due to a ransomware a…

DOE’s Liberty Eclipse simulates ransomware and stealth attacks to prepare utilities for real-world grid cyber threats - Industrial Cyber 2026-01-30

The Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response brought utilities, industry experts, and government defenders together on Plum Island,…

Cyber Centre releases Ransomware Threat Outlook 2025 to 2027 2026-01-29

Today, the Canadian Centre for Cyber Security (Cyber Centre), part of the Communications Security Establishment Canada (CSE), released its Ransomware Threat Outlook 2025 to 2027,…

Ransomware crims forced to take off-RAMP as FBI seizes forum • The Register 2026-01-29

Ransomware crims have just lost one of their best business platforms. US law enforcement has seized the notorious RAMP cybercrime forum's dark web and clearnet domains. RAMP, w…

Broken decryptor leaves Sicarii ransomware victims adrift | Computer Weekly 2026-01-28

Related actor: Sicari

A coding error, possibly introduced thanks to over-reliance on artificial intelligence (AI) vibe coding tools, has rendered an emergent strain of ransomware an acutely dangerous t…

Un ciberataque paraliza el funcionamiento del Ayuntamiento de Sanxenxo, Pontevedra: les piden 5.000 dólares en bitcoins 2026-01-28

Un ataque informático al servidor mantiene desde este lunes prácticamente paralizado el funcionamiento del Ayuntamiento de Sanxenxo (Pontevedra), según ha confirmado en las última…

2026-01-23 Wisner Baum Data Breach Notice to Consumers 2026-01-27

What Happened: Like many other organizations, we recently identified unauthorized access to certain computer systems and immediately took steps to secure and protect your informat…

Dresden State Art Collections pummeled by cyber incident 2026-01-27

Germany's Dresden State Art Collections, or SKD which manages 15 museums and is among the oldest museum networks in Europe had its online ticket sales, visitor services, and shop…

Enviro-Hub Reports Ransomware Attack With No Material Operational Impact So Far 2026-01-27

Related actor: Insomnia

Enviro-Hub Holdings Ltd. has shared an announcement. Enviro-Hub Holdings has disclosed that its group servers were recently hit by a ransomware attack, with an unknown party ga…

Annual Threat Report - Health Sector 2026 - Health-ISAC - Health Information Sharing and Analysis Center 2026-01-26

The report features insights from the Health-ISAC Ransomware Events Database, Indicator Sharing program, Physical Security, and Targeted Alerts initiative, showcasing the communit…

Notes

Observed events reflect monitored leak-site and extortion activity, not independent confirmation of every intrusion.
Data-leak indicators reflect visible public leak evidence or escalation, which is stronger than a fresh listing alone.
Country, sector, and company-size metadata can be incomplete. Unknown values are excluded from the public mix views.
The goal is to explain concentration, escalation, churn, and patterns — not to build a wall of named victims.

Method

The page uses a fixed seven-day window based on the selected date.
Only public-facing actor and event records are included.
Counts and breakdowns are designed for trend review, not incident confirmation.