Cota Co., Ltd., a TSE Prime Market–listed company based in Kyoto Prefecture and active in the consumer and cosmetics-related field, reported a significant disruption to its intern…
Weekly intelligence
Trend-first
Weekly ransomware & data leak landscape
A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch.
Window: 2026-03-25 → 2026-03-31 UTC
Choose a report date
Observed events
227
Public claims in the selected week
Data leak indicators
132
58.1% of observed events
Active actors
39
Distinct groups with observed activity
Torrent-linked events
8
Events intersecting with torrent intelligence
What changed this week?
•
Qilin generated the highest visible claim volume this week, representing 14.5% of observed events.
•
58.1% of observed events in this window showed a public data-leak indicator, which is a stronger escalation signal than a fresh listing alone.
•
Construction was the most represented sector in this window with 14 observed events.
•
7 actor(s) appeared active this week without matching activity in the prior 30-day lookback, suggesting fresh campaigns, rebrands, or resurfacing infrastructure.
•
8 observed events in this week intersected with torrent intelligence, which is useful for understanding data-distribution tactics beyond plain leak-site posts.
•
3 tracked leak sites were still online as of the report date snapshot, giving useful context on current ecosystem churn and monitoring pressure.
Coverage snapshot
As of 2026-03-31 UTC.
Leak sites observed this week
39
Leak sites online near report date
3
Threat actor profiles updated this week
11
Countries represented this week
47
Sectors represented this week
84
Top active actors
By observed claim volumeQilin
33 events · 16 leak indicators
Gentlemen
27 events · 0 leak indicators
Akira
16 events · 12 leak indicators
ATTACKER
13 events · 11 leak indicators
INC Ransom
12 events · 8 leak indicators
Coinbase Cartel
11 events · 8 leak indicators
PLAY
11 events · 11 leak indicators
NightSpire
10 events · 6 leak indicators
Emerging or resurfacing actors
No matching activity in prior 30 days- ATTACKER 13 events
- NetRunner 7 events
- BlackNevas 5 events
- Audit Team 4 events
- Krybit 1 event
- Sarcoma 1 event
- SECUROTROP 1 event
Country mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
United States93
- Akira13 events · 9 leak indicators
- Qilin12 events · 4 leak indicators
- ATTACKER9 events · 8 leak indicators
- INC Ransom9 events · 5 leak indicators
- Genesis7 events · 0 leak indicators
- Leaknet Blog5 events · 5 leak indicators
- PLAY5 events · 5 leak indicators
- Coinbase Cartel4 events · 2 leak indicators
United Kingdom9
- PLAY4 events · 4 leak indicators
- Coinbase Cartel1 event · 1 leak indicator
- Genesis1 event · 0 leak indicators
- Payload1 event · 1 leak indicator
- Qilin1 event · 1 leak indicator
- World Leaks1 event · 1 leak indicator
France7
- Gentlemen3 events · 0 leak indicators
- Anubis1 event · 0 leak indicators
- Coinbase Cartel1 event · 1 leak indicator
- DragonForce1 event · 1 leak indicator
- Qilin1 event · 0 leak indicators
Canada6
- ATTACKER2 events · 2 leak indicators
- Qilin2 events · 2 leak indicators
- Akira1 event · 1 leak indicator
- Payload1 event · 1 leak indicator
Germany6
- Akira1 event · 1 leak indicator
- Coinbase Cartel1 event · 0 leak indicators
- NightSpire1 event · 1 leak indicator
- PLAY1 event · 1 leak indicator
- Qilin1 event · 0 leak indicators
- World Leaks1 event · 1 leak indicator
Japan6
- NetRunner2 events · 2 leak indicators
- NightSpire2 events · 1 leak indicator
- Everest1 event · 1 leak indicator
- Gentlemen1 event · 0 leak indicators
India5
- BlackNevas2 events · 0 leak indicators
- BlackShrantac1 event · 0 leak indicators
- Gentlemen1 event · 0 leak indicators
- INC Ransom1 event · 1 leak indicator
Italy5
- Gentlemen2 events · 0 leak indicators
- Qilin2 events · 2 leak indicators
- NetRunner1 event · 1 leak indicator
Sector mix
Share of weekly events across the last 12 reporting windows. Click to expand top actors for this week.
Construction14
- Qilin5 events · 4 leak indicators
- PLAY2 events · 2 leak indicators
- Akira1 event · 1 leak indicator
- ATTACKER1 event · 1 leak indicator
- Coinbase Cartel1 event · 1 leak indicator
- Everest1 event · 0 leak indicators
- Gentlemen1 event · 0 leak indicators
- NightSpire1 event · 1 leak indicator
Law Practice10
- INC Ransom4 events · 2 leak indicators
- Anubis1 event · 0 leak indicators
- ATTACKER1 event · 1 leak indicator
- Gentlemen1 event · 0 leak indicators
- LeakedData1 event · 1 leak indicator
- PLAY1 event · 1 leak indicator
- SECUROTROP1 event · 1 leak indicator
IT Services and IT Consulting8
- Akira1 event · 1 leak indicator
- ATTACKER1 event · 1 leak indicator
- Coinbase Cartel1 event · 0 leak indicators
- FulcrumSec1 event · 1 leak indicator
- Gentlemen1 event · 0 leak indicators
- Medusa1 event · 1 leak indicator
- Qilin1 event · 0 leak indicators
- World Leaks1 event · 1 leak indicator
Industrial Machinery Manufacturing7
- Gentlemen2 events · 0 leak indicators
- Qilin2 events · 2 leak indicators
- BlackNevas1 event · 0 leak indicators
- Genesis1 event · 0 leak indicators
- PLAY1 event · 1 leak indicator
Software Development7
- Coinbase Cartel2 events · 1 leak indicator
- ATTACKER1 event · 0 leak indicators
- Crypto241 event · 1 leak indicator
- Sarcoma1 event · 1 leak indicator
- ShinyHunters1 event · 1 leak indicator
- World Leaks1 event · 1 leak indicator
Insurance6
- Leaknet Blog2 events · 2 leak indicators
- BlackNevas1 event · 0 leak indicators
- Genesis1 event · 0 leak indicators
- Payload1 event · 1 leak indicator
- PEAR1 event · 1 leak indicator
Financial Services5
- Gentlemen2 events · 0 leak indicators
- Akira1 event · 0 leak indicators
- Coinbase Cartel1 event · 1 leak indicator
- Qilin1 event · 0 leak indicators
Government Administration5
- XP952 events · 0 leak indicators
- Gentlemen1 event · 0 leak indicators
- INC Ransom1 event · 1 leak indicator
- ShinyHunters1 event · 1 leak indicator
Organization size bands
Share of weekly events by employee-size group across the last 12 reporting windows.
- 51-200 employees 67
- 11-50 employees 49
- 201-500 employees 22
- 1,001-5,000 employees 14
- 2-10 employees 14
- 501-1,000 employees 14
Notable actor profile updates
Active actor records only.
New ransom note observed
BlackField
2026-03-28 UTC
Adding additional ransom note
New actor infrastructure / contact channel
NightSpire
2026-03-31 UTC
Adding new email addresses
New vuln / TTP intelligence
No vuln/TTP change logged in this reporting window.
Recent signal samples
Selected weekly signals.
| Actor | Sector | Country | Leak proof | Seen |
|---|---|---|---|---|
| Everest | Motor Vehicle Manufacturing | Japan | Data leak | 2026-03-31 |
| Payouts King | Medical Equipment Manufacturing | United States | Data leak | 2026-03-31 |
| Payouts King | Food and Beverage Services | United States | Data leak | 2026-03-31 |
| Leaknet Blog | Wholesale | United States | Data leak | 2026-03-31 |
| Qilin | Transportation, Logistics, Supply Chain and Storage | Italy | Data leak | 2026-03-31 |
| Qilin | IT Services and IT Consulting | Australia | Claim only | 2026-03-31 |
| Qilin | Transportation, Logistics, Supply Chain and Storage | Canada | Data leak | 2026-03-31 |
| Leaknet Blog | Sporting Goods Manufacturing | United States | Data leak | 2026-03-31 |
| Krybit | Automotive | Austria | Claim only | 2026-03-31 |
| Genesis | Technology, Information and Internet | United States | Claim only | 2026-03-31 |
| Genesis | Insurance | United States | Claim only | 2026-03-31 |
| Genesis | Medical Practice | United States | Claim only | 2026-03-31 |
News and research context
Recent articles from the same time window.
Related actor: Qilin
According to the GD, prior to August last year, the Qilin ransomware group, LockBit 5.0, and other unidentified cybercriminals sent a malicious phishing link to the official email…
Click on link led to NSP data breach: report
2026-03-29
The Nova Scotia Power malware attack was caused by an employee visiting a compromised website, the Office of the Privacy Commissioner of Canada revealed Thursday.
On…
On March 16, 2026, CareCloud, Inc. (the "Company") experienced a temporary network disruption in its CareCloud Health division that partially impacted the functionality and data a…
The Jackson County Sheriff’s Office suffered a ransomware attack last week that knocked out the department’s computer systems, Lt. Adam Nicholson said Wednesday.
“We pretty mu…
A city school has been forced to close for four days after a cyber attack on its IT systems.
St Anne's Catholic School in Southampton messaged parents on Sunday to say its netw…
Like many organizations, Goodwill of Greater Grand Rapids faces the risk of cybersecurity attacks. Recently, we experienced an attack that disrupted a portion of our network envir…
Related actor: Qilin
Am Donnerstag, 26. März 2026, wurde das IT-Netzwerk der Partei Die Linke Ziel eines schwerwiegenden Cyberangriffs. Dazu erklärt der Bundesgeschäftsführer der Partei Die Linke, Jan…
Related actor: PAY2KEY
In late February, Beazley Security's Incident Response team responded to a ransomware intrusion at a U.S. healthcare organization attributed to Pay2key, an Iranian government-link…
Le processus de double-extorsion est désormais bien installé dans les pratiques des cybercriminels. Ils lancent une attaque, volent des données à leur victime, en chiffrent, dépos…
Notes
- Observed events reflect monitored leak-site and extortion activity, not independent confirmation of every intrusion.
- Data-leak indicators reflect visible public leak evidence or escalation, which is stronger than a fresh listing alone.
- Country, sector, and company-size metadata can be incomplete. Unknown values are excluded from the public mix views.
- The goal is to explain concentration, escalation, churn, and patterns — not to build a wall of named victims.
Method
- The page uses a fixed seven-day window based on the selected date.
- Only public-facing actor and event records are included.
- Counts and breakdowns are designed for trend review, not incident confirmation.