Genesis Ransomware Claims 9 Victims in 24h

Statistical Overview

Victim Totals

  • This month: 92
  • This quarter: 92
  • Year to date: 5098
  • Last 24h: 18

Quarterly Breakdown

Q1: 2631 | Q2: 2386 | Q3: 92 | Q4: 0

Ransomware activity remains consistent with previous quarters, though Q3 shows a lower overall volume. Genesis, Wallstreet, and UnSafe are the main contributors to observed activity this period.

Introduction

In the past 24 hours, 18 new ransomware victims were publicly identified across sectors and geographies. The Genesis group accounted for the most new victims, followed by Wallstreet and UnSafe. Affected sectors include technology, construction, and healthcare, with activity in the United States and Germany.

Ransomware Summary Table

#GroupVictims (24h)Sample VictimsGeosSectors
1Genesis9Apex agro, llc, Bri-tech, inc, Dicon (+6)United StatesTechnology / Software, Construction & Engineering
2Wallstreet5Asisken, Baraga county memorial hospital, Edgewood police department (+2)Ecuador, United StatesInsurance, Healthcare
3UnSafe2Deutsche Bank,GermanyFinancial Services, Technology / Software
4Medusa Locker1BamatahIranTechnology / Software
5Payload1Vela film s.r.l.ItalyMedia & Entertainment

Genesis registered nine new victims, primarily in the technology and construction sectors within the United States, dominating this period's ransomware activity. Wallstreet affiliates continued to target healthcare and insurance organizations in the U.S. and Ecuador, affecting Baraga County Memorial Hospital. UnSafe focused on financial services and technology firms in Germany; this included an attack on Deutsche Bank, suggesting the group targets high-value organizations.

Victim Distribution

By Country

  • United States: 12
  • Germany: 2
  • Ecuador: 1
  • India: 1
  • Iran: 1
  • Italy: 1

By Industry

  • Healthcare: 3
  • Construction: 2
  • Health Insurance: 1
  • Financial Services: 1
  • Information Technology and Services: 1
  • Automotive Manufacturing: 1
  • Financial Technology: 1
  • Film and Television Production: 1
  • Automotive: 1
  • Chemicals & Related Products: 1

The United States continues to experience most ransomware incidents, reflecting its broad economy. Industry targeting remains diversified, with concentrations in healthcare, construction, and technology, suggesting opportunistic or broad-spectrum attacks rather than a narrow, sector-specific focus.

Ransomware News

Topline

Threats now combine sophisticated attack vectors and automation, affecting enterprise security.

Campaigns & Operations

North Korean-linked Contagious Interview actors have expanded malicious package distribution across development platforms like npm, Packagist, and Go, alongside a Chrome extension. They deployed 108 packages and 162 artifacts. PolinRider detailed this operation, showing developer trust as an attack vector, as further described in research on tracking Lazarus Group activity.

Vulnerabilities & TTPs

The Bad Epoll vulnerability (CVE-2026-46242) requires prompt patching in Linux/Android privilege escalation. JadePuffer's emergence is a key development in ransomware tactics, showing advanced ransomware automation through an autonomous LLM agent. This agent performs rapid reconnaissance, credential harvesting, lateral movement, and encryption, executing an adaptive response sequence in just 31 seconds.

Analyst Note

These incidents reveal a shared enterprise weakness in identity scope and velocity. This shows the need to correlate provenance, patch status, and token risk across development, infrastructure, and security teams, instead of addressing alerts in isolation.

Technical Takeaways

  • Genesis affiliates are the most prolific ransomware operators this period, primarily targeting technology and construction sectors.
  • Healthcare remains a consistent target for ransomware groups like Wallstreet.
  • High-value organizations, including financial institutions (Deutsche Bank) and critical infrastructure (Baraga County Memorial Hospital), continue to be compromised.
  • Emerging ransomware tactics include the use of autonomous LLM agents (JadePuffer) for rapid, automated attack execution.
  • Threats are characterized by a convergence of supply chain attacks, privilege escalation vulnerabilities, and advanced automation, requiring integrated security measures.