The Gentelman Ransomware Claims 14 Healthcare, Retail Victims
Statistical Overview
Victim Totals
- This month: 27
- This quarter: 1573
- Year to date: 4198
- Last 24h: 29
Quarterly Breakdown
Q1: 2631 | Q2: 1573 | Q3: 0 | Q4: 0
Ransomware activity maintains a consistent volume, with 29 new victims reported in the last 24 hours. Quarterly data indicates substantial impact across global organizations, accumulating 1573 victims in Q2.
Introduction
In the last 24 hours, ransomware operators claimed 29 new victims across various sectors and geographies. The Gentelman group was active, accounting for 14 of these new compromises. Other groups included DragonForce, Abyss, INC Ransom, and Lapsus. Primary affected sectors observed include Healthcare, Retail & Ecommerce, Professional Services, and Government / Public Sector, with attacks concentrated in North America, including the United States and Canada.
Ransomware Summary Table
| # | Group | Victims (24h) | Sample Victims | Geos | Sectors |
|---|---|---|---|---|---|
| 1 | The Gentelman | 14 | Anandji haridas, Arabian procession holding, Bouri group (+11) | Hong Kong, Canada | Healthcare, Retail & Ecommerce |
| 2 | DragonForce | 3 | Panorama bpo, Synex international pvt ltd, Taos mountain casino | United States, Peru | Construction & Engineering, Professional Services |
| 3 | Abyss | 2 | Landkreis-limburg-weilburg.de, School facility consultants | Germany, United States | Professional Services, Government / Public Sector |
| 4 | INC Ransom | 2 | Bradley law firm, Champaign-Urbana Public Health District | United States | Healthcare, Legal |
| 5 | Lapsus | 2 | Mapfre assurance, Mercor | United States, Spain | Insurance, Technology / Software |
| 6 | Play News | 2 | Digitall graphics, Hightower communications | United States, Canada | Professional Services, Telecommunications |
| 7 | AiLock | 1 | Schneebeli | Switzerland | Manufacturing |
| 8 | Brain Cipher | 1 | Squamish.net | Canada | Government / Public Sector |
| 9 | Bravox | 1 | Grupo mauá | Brazil | Professional Services |
| 10 | Kairos | 1 | Mortensenlawoffices | United States | Legal |
Ransomware activity remains active, largely driven by The Gentelman, which claimed 14 victims, predominantly in Healthcare and Retail & Ecommerce across Hong Kong and Canada. Other groups such as DragonForce and Abyss also contributed to the victim count, targeting sectors like Professional Services and Government / Public Sector. INC Ransom impacted the Champaign-Urbana Public Health District in the United States. This shows the ongoing threat to critical public services. The geographic distribution shows a continued focus on North America, alongside incidents in Europe, South America, and Asia. Further insights into the activity of The Gentelman ransomware group are available in our dedicated analysis.
Victim Distribution
By Country
- United States: 11
- Canada: 4
- India: 2
- Brazil: 2
- Spain: 1
- Thailand: 1
- Switzerland: 1
- Sri Lanka: 1
- Saudi Arabia: 1
- Portugal: 1
By Industry
- Legal Services: 2
- Automotive Manufacturing: 2
- Telecommunications: 2
- Insurance: 1
- Water Utility: 1
- School Facility Planning and Consulting: 1
- Public Health: 1
- Law Practice: 1
- Industrial Textile Manufacturing: 1
- Healthcare: 1
The United States continues to be the primary target region, accounting for 11 out of 29 new victims, followed by Canada. Industry targeting is diverse. Legal Services and Automotive Manufacturing each saw multiple incidents, with Telecommunications also experiencing two, reflecting a broad opportunistic approach by ransomware groups.
Ransomware News
Topline
VSP Solutions, an Australian video security distributor, is responding to a cyber security incident claimed by the Stormous ransomware-as-a-service group.
Campaigns & Operations
Stormous has reportedly exfiltrated and published over 40 GB of data from VSP Solutions, encompassing financial backups (QuickBooks & Reckon), email archives, staff personal folders, and customer databases. The company has engaged forensic experts, notified law enforcement and Australian government agencies, and is investigating the incident's scope. Stormous, known for its double-extortion tactics and data publication, continues to use compromised access against technology and business services globally.
Vulnerabilities & TTPs
The specific initial access vector for the VSP Solutions breach was not detailed. However, Stormous's operational methods consistently involve data exfiltration followed by publication if demands are unmet, employing double-extortion as a core tactic.
Analyst Note
This incident shows the persistent threat posed by established ransomware-as-a-service groups like Stormous, which continue to successfully compromise and extort organizations through data theft and publication.
Technical Takeaways
- The Gentelman emerged as the most active ransomware group, responsible for nearly half of the new victims observed.
- Targeting remains globally diverse but shows a concentration in North America, with the United States and Canada experiencing a large volume of attacks.
- Healthcare, Retail & Ecommerce, Professional Services, and Government / Public Sector are among the top-affected sectors, indicating continued opportunistic targeting across various industries.
- Ransomware-as-a-service (RaaS) groups, exemplified by Stormous, continue to use double-extortion tactics involving data theft and publication to pressure victims.
- Critical infrastructure entities, such as public health districts, remain vulnerable to compromise by groups like INC Ransom.
