Livingston HealthCare is currently experiencing a disruption to our phone systems and network due to a potential cybersecurity incident. Out of an abundance of caution, we have te…
Weekly intelligence
Trend-first
Weekly ransomware & data leak landscape
A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch.
Window: 2026-02-11 → 2026-02-17 UTC
Choose a report date
Observed events
207
Public claims in the selected week
Data leak indicators
132
63.8% of observed events
Active actors
35
Distinct groups with observed activity
Torrent-linked events
3
Events intersecting with torrent intelligence
What changed this week?
•
Gentlemen generated the highest visible claim volume this week, representing 14.0% of observed events.
•
63.8% of observed events in this window showed a public data-leak indicator, which is a stronger escalation signal than a fresh listing alone.
•
Construction was the most represented sector in this window with 14 observed events.
•
6 actor(s) appeared active this week without matching activity in the prior 30-day lookback, suggesting fresh campaigns, rebrands, or resurfacing infrastructure.
•
3 observed events in this week intersected with torrent intelligence, which is useful for understanding data-distribution tactics beyond plain leak-site posts.
•
2 tracked leak sites were still online as of the report date snapshot, giving useful context on current ecosystem churn and monitoring pressure.
Coverage snapshot
As of 2026-02-17 UTC.
Leak sites observed this week
35
Leak sites online near report date
2
Threat actor profiles updated this week
7
Countries represented this week
43
Sectors represented this week
79
Top active actors
By observed claim volumeGentlemen
29 events · 0 leak indicators
Qilin
23 events · 12 leak indicators
LockBit 5.0
21 events · 20 leak indicators
DragonForce
18 events · 15 leak indicators
NightSpire
14 events · 12 leak indicators
INC Ransom
13 events · 10 leak indicators
Akira
11 events · 3 leak indicators
PLAY
10 events · 10 leak indicators
Emerging or resurfacing actors
No matching activity in prior 30 days- Meduza Locker 6 events
- Gunra 3 events
- Kairos 2 events
- Payload 2 events
- Cloak 1 event
- SecP0 1 event
Country mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
United States81
- Qilin16 events · 10 leak indicators
- DragonForce9 events · 7 leak indicators
- PLAY8 events · 8 leak indicators
- Genesis7 events · 0 leak indicators
- Akira6 events · 0 leak indicators
- INC Ransom5 events · 4 leak indicators
- Insomnia3 events · 3 leak indicators
- ShinyHunters3 events · 3 leak indicators
Canada11
- Akira3 events · 1 leak indicator
- INC Ransom2 events · 2 leak indicators
- Meduza Locker2 events · 2 leak indicators
- PLAY2 events · 2 leak indicators
- Kairos1 event · 1 leak indicator
- ShinyHunters1 event · 1 leak indicator
Italy8
- Akira2 events · 2 leak indicators
- DragonForce1 event · 1 leak indicator
- Gentlemen1 event · 0 leak indicators
- INC Ransom1 event · 1 leak indicator
- NightSpire1 event · 1 leak indicator
- Qilin1 event · 0 leak indicators
- Space Bears1 event · 1 leak indicator
United Kingdom7
- Qilin2 events · 1 leak indicator
- World Leaks2 events · 2 leak indicators
- DragonForce1 event · 1 leak indicator
- Gentlemen1 event · 0 leak indicators
- INTERLOCK1 event · 1 leak indicator
Germany5
- Cloak1 event · 0 leak indicators
- Coinbase Cartel1 event · 0 leak indicators
- DragonForce1 event · 1 leak indicator
- INC Ransom1 event · 1 leak indicator
- Space Bears1 event · 1 leak indicator
United Arab Emirates5
- Gentlemen2 events · 0 leak indicators
- INC Ransom2 events · 1 leak indicator
- Gunra1 event · 1 leak indicator
India4
- Gentlemen2 events · 0 leak indicators
- NightSpire2 events · 2 leak indicators
Spain4
- Gentlemen1 event · 0 leak indicators
- Kill Security1 event · 1 leak indicator
- Lynx1 event · 1 leak indicator
- NightSpire1 event · 1 leak indicator
Sector mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
Construction14
- Gentlemen3 events · 0 leak indicators
- INC Ransom3 events · 2 leak indicators
- DragonForce2 events · 2 leak indicators
- Akira1 event · 0 leak indicators
- Gunra1 event · 1 leak indicator
- Leaknet Blog1 event · 1 leak indicator
- PLAY1 event · 1 leak indicator
- Qilin1 event · 1 leak indicator
Legal Services8
- Qilin3 events · 1 leak indicator
- Beast2 events · 0 leak indicators
- Akira1 event · 0 leak indicators
- Genesis1 event · 0 leak indicators
- SecP01 event · 1 leak indicator
Financial Services7
- ShinyHunters3 events · 3 leak indicators
- DragonForce1 event · 0 leak indicators
- Gunra1 event · 1 leak indicator
- Kill Security1 event · 1 leak indicator
- LeakedData1 event · 1 leak indicator
Retail7
- Akira2 events · 1 leak indicator
- Qilin2 events · 1 leak indicator
- DragonForce1 event · 1 leak indicator
- Gentlemen1 event · 0 leak indicators
- Payload1 event · 1 leak indicator
Accounting6
- Qilin2 events · 1 leak indicator
- Akira1 event · 0 leak indicators
- INC Ransom1 event · 1 leak indicator
- Lynx1 event · 0 leak indicators
- PLAY1 event · 1 leak indicator
Industrial Machinery Manufacturing6
- DragonForce2 events · 2 leak indicators
- Akira1 event · 0 leak indicators
- NightSpire1 event · 1 leak indicator
- PLAY1 event · 1 leak indicator
- World Leaks1 event · 1 leak indicator
Government Administration5
- Gentlemen3 events · 0 leak indicators
- DragonForce1 event · 1 leak indicator
- Rhysida1 event · 1 leak indicator
Hospitality5
- Gentlemen2 events · 0 leak indicators
- Insomnia1 event · 1 leak indicator
- Kairos1 event · 1 leak indicator
- Qilin1 event · 1 leak indicator
Organization size bands
Share of weekly events by employee-size group across the last 12 reporting windows.
- 11-50 employees 50
- 51-200 employees 47
- 201-500 employees 21
- 2-10 employees 17
- 501-1,000 employees 17
- 1,001-5,000 employees 16
Notable actor profile updates
Active actor records only.
New ransom note observed
BQTlock
2026-02-15 UTC
Updating with additional ransom note
New actor infrastructure / contact channel
BlackField
2026-02-11 UTC
Adding new email addresses
New vuln / TTP intelligence
No vuln/TTP change logged in this reporting window.
Recent signal samples
Selected weekly signals.
| Actor | Sector | Country | Leak proof | Seen |
|---|---|---|---|---|
| Rhysida | Government Administration | United States | Data leak | 2026-02-17 |
| Eraleignews | Government Relations Services | Peru | Data leak | 2026-02-17 |
| Eraleignews | Higher Education | Thailand | Data leak | 2026-02-17 |
| Genesis | Law Practice | United States | Claim only | 2026-02-17 |
| Genesis | Furniture and Home Furnishings Manufacturing | United States | Claim only | 2026-02-17 |
| Genesis | Legal Services | United States | Claim only | 2026-02-17 |
| Genesis | Machinery Manufacturing | United States | Claim only | 2026-02-17 |
| Genesis | Real Estate | United States | Claim only | 2026-02-17 |
| Genesis | Medical Practice | United States | Claim only | 2026-02-17 |
| Qilin | Architecture and Planning | United States | Data leak | 2026-02-17 |
| Leaknet Blog | Construction | United States | Data leak | 2026-02-17 |
| Qilin | Truck Transportation | United States | Data leak | 2026-02-17 |
News and research context
Recent articles from the same time window.
Polish police have detained a 47-year-old man suspected of ties to the Phobos ransomware group and seized computers and mobile phones containing stolen credentials, credit card nu…
Related actor: 0APT
The Howler Cell Threat Research Team conducted a detailed technical analysis of 0APT, a Rust-based ransomware family that recently surfaced alongside a coordinated bluff campaign.…
ランサムウェア感染被害のお知らせ | 【公式】ワシントンホテル株式会社
2026-02-17
このたび、当社の一部サーバーが第三者による不正アクセス及びランサムウェアによる感染被害を受けましたのでお知らせいたします。
当社は、本件発生を受け対策本部を設置のうえ、外部専門家の助言を受けながら、原因究明と被害状況の確認、情報流出の有無などの調査、ならびに復旧への対応を進めております。
被害の全容究明には今しばらくの時間を要する見込みですが、現…
Following a cybersecurity breach, the Land and Agricultural Development Bank of South Africa is under scrutiny as reports emerge of a R50 million ransom demand. The bank has confi…
Related actor: Rhysida
OysterLoader, also known as Broomstick and CleanUp, is a malware developed in C++, composed of multiple stages, belonging to the loader (A.k.a.: downloader) malware family. First…
The following is an update to County residents about the recent ransomware attack. Winona County officials are being assisted by nationally recognized cybersecurity and data foren…
Informatiepagina cyberincident | Odido
2026-02-12
Odido is getroffen door een cyberaanval, waarbij gegevens van een aantal klanten zijn geraakt.Odido is getroffen door een cyberaanval, waarbij gegevens van klanten zijn geraakt. H…
Related actor: World Leaks
World Leaks, the cyber-criminal data extortion group which has targeted some of the world’s biggest companies, has added a novel, never-before-seen malware to their arsenal, resea…
Related actor: DragonForce
DragonForce is a ransomware group that first emerged on December 13, 2023, when a user identified as @dragonforce on BreachForums uploaded stolen data. The group developed and dep…
Notes
- Observed events reflect monitored leak-site and extortion activity, not independent confirmation of every intrusion.
- Data-leak indicators reflect visible public leak evidence or escalation, which is stronger than a fresh listing alone.
- Country, sector, and company-size metadata can be incomplete. Unknown values are excluded from the public mix views.
- The goal is to explain concentration, escalation, churn, and patterns — not to build a wall of named victims.
Method
- The page uses a fixed seven-day window based on the selected date.
- Only public-facing actor and event records are included.
- Counts and breakdowns are designed for trend review, not incident confirmation.