Ransom-DB

Threat actors never sleeps. Neither do we. 👁️ The standard for Ransomware Intelligence just got higher. Ransom-DB monitors threat groups and thousands of incidents in real-time. 🌍 🗺️ Live Ransomware Threat Map 📡 Full API Access 📝 Ransomware Blog 📊 Statistics And much more ... ✅ Core access is still FREE. 🚀 Launch deal: 50% OFF Annual Subscriptions (RDB2026). 🚨 Start tracking: ransom-db.com

🚨 Ransom group "SLSH" publishes "The National Association of Insurance Commissioners" - United States 🇺🇸 📍 Location: Kansas City, Missouri, USA 🏢 Industry: Insurance Regulation / Nonprofit Association 🔗 Website: naic.org Sets model laws and coordinates regulatory policy for U.S. insurance markets. It supports consumer protection and market stability across all 50 states, D.C., and U.S. territories.

🚨 Ransom group "Lapsus" publishes "AYA Bank" - Myanmar 🇲🇲 📍 Location: Myanmar 🏢 Industry: Banking and Financial Services 🔗 Website: ayabank.com AYA Bank, founded in 2010, is a leading private bank serving individuals, businesses, and the government across Myanmar. With 261 branches, 623 ATMs, and nearly 3 million customers, it delivers nationwide retail, corporate, and digital banking services.

🚨 Ransom group "APT73" publishes "gov.br" - Brazil 🇧🇷 📍 Location: Brasília, Brazil 🏢 Industry: National Government (Digital Services) 🔗 Website: gov.br Brazil's official federal digital platform centralizes 5,600+ services, from tax filings and social programs to document management. As of April 2025, it served about 166 million users-around 78% of the population-streamlining citizen interactions nationwide.

🚨 Ransom group "APT73" publishes "viennaairport.com" - Austria 🇦🇹 📍 Location: Vienna, Austria 🏢 Industry: Airports & Aviation 🔗 Website: viennaairport.com Flughafen Wien AG operates Vienna International Airport, delivering airport operations, ground handling, security, and commercial services. It also manages Malta International Airport and Košice International Airport.

@HuntressLabs ?

🚨 Ransom group "Icarus" publishes "Huntress" - United States 🇺🇸 📍 Location: United States 🏢 Industry: Cybersecurity 🔗 Website: huntress.com Huntress, founded in 2015 by former NSA operators, provides managed cybersecurity for SMBs and MSPs, including EDR, ITDR, SIEM, and security awareness training. It delivers enterprise-grade protection without the complexity.

New "Prinz Eugen" website. no idea if the operators sees this - new site is garbage.

🚨 Ransom group "Qilin" publishes "CENTRAL BANK OF LIBYA" - Libya 🇱🇾 📍 Location: Tripoli, Libya 🏢 Industry: Central Banking 🔗 Website: cbl.gov.ly The Central Bank of Libya, established in 1956, is the nation’s sole monetary authority. It issues and regulates the Libyan dinar, manages gold and foreign currency reserves, supervises commercial banks, and implements monetary policy to maintain financial stability.

🚨 We now monitor ransom group "Wallstreet" with 1 victim: "Omax Autos" - India 🇮🇳 Omax Autos Limited manufactures sheet metal components for the automotive and non-automotive sectors.

🚨 We now mionitor a new ransomware operation "SevyWare" launches RaaS affiliate program. The group claims ties to former SLSH and Conti members and is actively recruiting Initial Access Brokers and insiders with a 90/10 revenue split. Notably, SevyWare advertises "Violence as a Service (arson)" alongside traditional ransomware services.

⚡MAJOR SHIFT IN #LOCKBIT #DATALEAK HOSTING TECHNIQUES [SAVE THIS 🧵] 💡The group moved away from hosting Victim's Data Leak on their 10 Vanity TOR Domains since May 25, 2026 💡Found 8 new TOR Domains (End of Thread) #OSINT #security #hack #malware #cybersecurity #darkweb #TOR

🚨 Ransom group "Brain Cipher" publishes "The Mint Gaming Hall" - United States 🇺🇸 📍 Location: Franklin, Kentucky, USA 🏢 Industry: Horse Racing & Gaming 🔗 Website: themintgaming.com The Mint Gaming Hall, established in 1990, is Kentucky’s premier entertainment destination offering historical racing machines, simulcasting, food and beverage services, live horse racing, and thoroughbred horse events.

🚨 We now monitor Booba Project A newly tracked threat actor claiming data extraction before system lockdown, offering decryption tooling after payment. We'll continue tracking activity, victims, infrastructure, and updates related to this group.

We built a lookup to check if your Fortinet domain is exposed. FortiBleed: 73,932 firewalls across 194 countries with live VPN and admin creds in criminal hands. Not a CVE - it's scanning, infostealer dumps, and cracked SSL VPN hashes in one working set.

LockBit's latest batch leans on Latin American government: Yucatan's state infrastructure agency (IDEFEEY) and Mato Grosso's state health secretariat (SES-MT), both listed in the same window with a 02 July deadline. Public-sector and health data, claimed and not yet confirmed.

Scattered Lapsus$ Hunters just posted a scheduled maintenance and infrastructure upgrades notice on its leak site - the same uptime housekeeping a SaaS vendor runs. Small detail, big tell: modern extortion crews operate like product companies, with infrastructure to maintain, deadlines to manage, and a victim pipeline to keep online. The leak site is the storefront; this is them taking it down for service.

Scattered Lapsus$ Hunters is working through higher education now: it listed four US colleges overnight - Illinois Central, Moody Bible Institute, Glendale Community College and Houston Community College - days after adding Sysco and Kodak. Student and staff records are the draw, the same higher-ed targeting we saw in the ShinyHunters PeopleSoft campaign. Claim only, nothing published yet.

@dancho_danchev welcome back

Dear folks, This is Dancho. Do you remember me? ddanchev.blogspot.com | @ddanchev" target="_blank" rel="nofollow noopener">archive.org/details/@ddanc… | en.wikipedia.org/wiki/Draft:Dan… | grokipedia.com/page/dancho-da… Also my Open Letter about DDanchev Leaks here - pastebin.com/7h64ZqUf Reply back and say some nice words if you remember me or at least a good old fashioned keep up the good work. CC: @BleepinComputer @LawrenceAbrams @g0njxa @RussianPanda9xx @fastfire @H4ckManac @SOSIntel @banthisguy9349 @Threatlabz @ValeryMarchive @AShukuhi @ddd1ms @Jon__DiMaggio @SttyK @jamieantisocial @EvilRabbitSec @Cyber_0leg @GangExposed @Ransom_DB @azalsecurity @joetidy @WhichbufferArda @malwrhunterteam @cyberfeeddigest @H4ckmanac @ransomnews

🚨 Ransom group "Anubis" publishes "KoMiCo" - South Korea 🇰🇷 📍 Location: Anseong-si, South Korea 🏢 Industry: Semiconductor equipment services 🔗 Website: komico.com KoMiCo specializes in precision cleaning and special coating for semiconductor equipment parts, serving semiconductor, display, and solar photovoltaics sectors. Founded in 1996, it operates globally with sites across the U.S., China, Taiwan, Singapore, Japan, and the Czech Republic.

🚨 Ransom group “SLSH” publishes new alleged victims: • Sysco Corporation • Deep Well Services • kodak.com • hccs.edu The posts claim large-scale exposure of Salesforce records, customer/student PII, internal corporate data, and other sensitive information. Updated: 16 June 2026