BridgePay Network Solutions confirmed late Friday that the incident disrupting its payment gateway was caused by ransomware.
In an update posted Feb. 6, the company said it has…
Weekly intelligence
Trend-first
Weekly ransomware & data leak landscape
A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch.
Window: 2026-02-02 → 2026-02-08 UTC
Choose a report date
Observed events
183
Public claims in the selected week
Data leak indicators
113
61.7% of observed events
Active actors
35
Distinct groups with observed activity
Torrent-linked events
4
Events intersecting with torrent intelligence
What changed this week?
•
Qilin generated the highest visible claim volume this week, representing 20.8% of observed events.
•
61.7% of observed events in this window showed a public data-leak indicator, which is a stronger escalation signal than a fresh listing alone.
•
Construction was the most represented sector in this window with 12 observed events.
•
5 actor(s) appeared active this week without matching activity in the prior 30-day lookback, suggesting fresh campaigns, rebrands, or resurfacing infrastructure.
•
4 observed events in this week intersected with torrent intelligence, which is useful for understanding data-distribution tactics beyond plain leak-site posts.
Coverage snapshot
As of 2026-02-08 UTC.
Leak sites observed this week
35
Leak sites online near report date
0
Threat actor profiles updated this week
5
Countries represented this week
38
Sectors represented this week
80
Top active actors
By observed claim volumeQilin
38 events · 22 leak indicators
Gentlemen
22 events · 1 leak indicator
Akira
19 events · 5 leak indicators
Insomnia
17 events · 17 leak indicators
CL0P
10 events · 10 leak indicators
PLAY
10 events · 9 leak indicators
INC Ransom
7 events · 6 leak indicators
Payouts King
7 events · 6 leak indicators
Emerging or resurfacing actors
No matching activity in prior 30 days- Insomnia 17 events
- Green Blood 2 events
- Linkc 2 events
- Space Bears 1 event
- Termite 1 event
Country mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
United States89
- Qilin18 events · 12 leak indicators
- Insomnia15 events · 15 leak indicators
- Akira11 events · 2 leak indicators
- PLAY9 events · 8 leak indicators
- DragonForce4 events · 4 leak indicators
- Payouts King4 events · 3 leak indicators
- Sinobi4 events · 4 leak indicators
- Anubis3 events · 0 leak indicators
Canada9
- CL0P3 events · 3 leak indicators
- BravoX1 event · 1 leak indicator
- DragonForce1 event · 1 leak indicator
- Lynx1 event · 0 leak indicators
- Qilin1 event · 0 leak indicators
- SAFEPAY1 event · 1 leak indicator
- Sinobi1 event · 1 leak indicator
Germany7
- Qilin3 events · 2 leak indicators
- Akira1 event · 0 leak indicators
- PLAY1 event · 1 leak indicator
- Rhysida1 event · 1 leak indicator
- World Leaks1 event · 1 leak indicator
France6
- Gentlemen2 events · 0 leak indicators
- Akira1 event · 0 leak indicators
- BravoX1 event · 1 leak indicator
- Qilin1 event · 0 leak indicators
- Sinobi1 event · 1 leak indicator
Italy6
- Akira1 event · 1 leak indicator
- CL0P1 event · 1 leak indicator
- Gentlemen1 event · 0 leak indicators
- Medusa1 event · 1 leak indicator
- Payouts King1 event · 1 leak indicator
- Qilin1 event · 1 leak indicator
United Kingdom6
- Akira2 events · 0 leak indicators
- CL0P2 events · 2 leak indicators
- Anubis1 event · 0 leak indicators
- Qilin1 event · 0 leak indicators
Japan4
- BlackShrantac1 event · 0 leak indicators
- Gentlemen1 event · 0 leak indicators
- INC Ransom1 event · 0 leak indicators
- Qilin1 event · 1 leak indicator
Mexico4
- Qilin3 events · 2 leak indicators
- Payouts King1 event · 1 leak indicator
Sector mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
Construction12
- DragonForce3 events · 3 leak indicators
- Akira2 events · 1 leak indicator
- Sinobi2 events · 2 leak indicators
- CL0P1 event · 1 leak indicator
- Gentlemen1 event · 0 leak indicators
- PLAY1 event · 1 leak indicator
- Qilin1 event · 1 leak indicator
- SAFEPAY1 event · 1 leak indicator
Law Practice10
- Anubis2 events · 0 leak indicators
- Insomnia2 events · 2 leak indicators
- Qilin2 events · 1 leak indicator
- Akira1 event · 0 leak indicators
- BravoX1 event · 1 leak indicator
- CL0P1 event · 1 leak indicator
- INC Ransom1 event · 1 leak indicator
IT Services and IT Consulting9
- Qilin2 events · 1 leak indicator
- Akira1 event · 0 leak indicators
- Anubis1 event · 0 leak indicators
- CL0P1 event · 1 leak indicator
- Devman1 event · 0 leak indicators
- Gentlemen1 event · 0 leak indicators
- Sinobi1 event · 1 leak indicator
- Tengu1 event · 1 leak indicator
Hospitals and Health Care8
- Insomnia5 events · 5 leak indicators
- CL0P1 event · 1 leak indicator
- Qilin1 event · 1 leak indicator
- Termite1 event · 1 leak indicator
Accounting5
- Akira1 event · 0 leak indicators
- INC Ransom1 event · 1 leak indicator
- Qilin1 event · 0 leak indicators
- SAFEPAY1 event · 1 leak indicator
- Sinobi1 event · 1 leak indicator
Financial Services5
- Qilin2 events · 1 leak indicator
- Gentlemen1 event · 0 leak indicators
- INC Ransom1 event · 1 leak indicator
- Sinobi1 event · 1 leak indicator
Real Estate5
- PLAY2 events · 2 leak indicators
- CL0P1 event · 1 leak indicator
- Kill Security1 event · 1 leak indicator
- RALord1 event · 1 leak indicator
Airlines and Aviation4
- Akira1 event · 0 leak indicators
- Everest1 event · 1 leak indicator
- Gentlemen1 event · 0 leak indicators
- PLAY1 event · 1 leak indicator
Organization size bands
Share of weekly events by employee-size group across the last 12 reporting windows.
- 11-50 employees 53
- 51-200 employees 49
- 201-500 employees 24
- 2-10 employees 19
- 1,001-5,000 employees 12
- 501-1,000 employees 7
Notable actor profile updates
Active actor records only.
New ransom note observed
Genesis
2026-02-08 UTC
Adding ransom note
New actor infrastructure / contact channel
Genesis
2026-02-08 UTC
Adding TOX ID, adding email address
New vuln / TTP intelligence
No vuln/TTP change logged in this reporting window.
Recent signal samples
Selected weekly signals.
| Actor | Sector | Country | Leak proof | Seen |
|---|---|---|---|---|
| Gentlemen | Software Development | United States | Claim only | 2026-02-08 |
| BravoX | Law Practice | France | Data leak | 2026-02-08 |
| Insomnia | Legal Services | Brazil | Data leak | 2026-02-08 |
| Insomnia | Environmental Services | Singapore | Data leak | 2026-02-08 |
| Insomnia | Medical Practice | United States | Data leak | 2026-02-08 |
| Insomnia | Law Practice | United States | Data leak | 2026-02-08 |
| Insomnia | Hospitals and Health Care | United States | Data leak | 2026-02-08 |
| Insomnia | Non-profit Organizations | United States | Data leak | 2026-02-08 |
| Insomnia | Medical Equipment Manufacturing | United States | Data leak | 2026-02-08 |
| Insomnia | Defense and Space Manufacturing | United States | Data leak | 2026-02-08 |
| Insomnia | Defense and Space Manufacturing | United States | Data leak | 2026-02-08 |
| Insomnia | Hospitals and Health Care | United States | Data leak | 2026-02-08 |
News and research context
Recent articles from the same time window.
Cierre parcial de la sede electrónica del Ministerio de Ciencia, Innovación y Universidades
2026-02-07
Cierre parcial de la sede electrónica del Ministerio de Ciencia, Innovación y Universidades
Como consecuencia de una incidencia técnica en proceso de valoración se ha procedido…
Related actor: Rhysida
Imagine the call you hope to never receive: your organization is under a full-blown ransomware attack. Systems are locked, data is inaccessible, and cybercriminals are demanding a…
According to Bleeping Computer, La Sapienza University in Rome, Europe's largest university by student enrollment, has been subjected to a significant cyberattack that has cripple…
Related actor: 0APT
A new actor called 0APT is causing a stir after they launched a dark web leak site and posted a large number of major companies, both genuine and fake, triggering real incident re…
Related actor: CL0P
Q4 of 2025 was marked by the latest large-scale data theft campaign by the CL0P ransomware gang, this time exploiting a zero-day vulnerability in Oracle E-Business Suite (EBS). Th…
The Gozo Channel company was hit by a cyber attack earlier on Tuesday, but the incident did not affect ferry operations.
In a statement, the company said the incident affected…
Nitrogen Ransomware: ESXi malware has a bug!
2026-02-03
Related actor: Nitrogen
Because of this bug, the corrupted public key is used in the key exchange to encrypt each file. Normally, when a public-private Curve25519 keypair is generated, the private key is…
IT-Sicherheit | Hochschule Emden/Leer
2026-02-03
Hochschulen in Deutschland sind wie andere Organisationen täglich Angriffen auf ihre IT-Infrastruktur und Sicherheitssysteme ausgesetzt. Aus diesem Grund haben die Prävention, das…
In October 2023, CISA added a knownRansomwareCampaignUse field to KEV, designed to help organizations prioritize more effectively. Relying on KEV for prioritization is already a t…
Notes
- Observed events reflect monitored leak-site and extortion activity, not independent confirmation of every intrusion.
- Data-leak indicators reflect visible public leak evidence or escalation, which is stronger than a fresh listing alone.
- Country, sector, and company-size metadata can be incomplete. Unknown values are excluded from the public mix views.
- The goal is to explain concentration, escalation, churn, and patterns — not to build a wall of named victims.
Method
- The page uses a fixed seven-day window based on the selected date.
- Only public-facing actor and event records are included.
- Counts and breakdowns are designed for trend review, not incident confirmation.