25 New Ransomware Victims as Com Ecosystem Expands
Statistical Overview
Victim Totals
- This month: 744
- This quarter: 1522
- Year to date: 4147
- Last 24h: 25
Quarterly Breakdown
Q1: 2631 | Q2: 1522 | Q3: 0 | Q4: 0
Ransomware activity maintains a consistent pace and contributes to the overall victim count this quarter, with many new compromises reported.
Introduction
The past period saw 25 new ransomware victims, showing persistent activity across diverse sectors and geographies. The_Gentelman emerged as the most active group, accounting for four of these incidents. Primary target sectors included Legal Services and Healthcare, while the United States remained the most frequently impacted country.
Ransomware Summary Table
| # | Group | Victims (24h) | Sample Victims | Geos | Sectors |
|---|---|---|---|---|---|
| 1 | The Gentelman | 4 | Corporacion prokompra, Fonderia corra, Grupo premier (+1) | Italy, Mexico | Agriculture & Food, Manufacturing |
| 2 | Akira | 2 | Interstate roofing, Schacht law office | United States | Construction & Engineering, Legal |
| 3 | CMD | 2 | Capital Family Physicians, Heart of America Eye Care | United States | Healthcare |
| 4 | Chaos | 2 | Entransinternational.com, Powerhousenow.com | United States | Manufacturing, Professional Services |
| 5 | Everest | 2 | Asopagos s.a., Ерм | United Kingdom, Colombia | Government / Public Sector, Professional Services |
| 6 | 0day-syndicate | 1 | Braincell braincell.sa rfcargo.braincell.solutions rf.braincell.solutions governata.com | Saudi Arabia | Technology / Software |
| 7 | AiLock | 1 | Restorative therapies, inc. | United States | Manufacturing |
| 8 | Genesis | 1 | Peña & bromberg | United States | Legal |
| 9 | Gunra | 1 | Somafix | France | Retail & Ecommerce |
| 10 | INC Ransom | 1 | belimed.com | Switzerland | Healthcare |
| 11 | Lamashtu | 1 | Shanpoornammetals.com | Malaysia | Energy & Utilities |
| 12 | LeakedData | 1 | Fox rothschild llp | United States | Legal |
The_Gentelman was the most prolific group, claiming four victims across manufacturing and agriculture. Groups such as Akira, Chaos, CMD, and Everest each reported two new compromises. These targeted a mix of professional services, construction, healthcare, and government entities. CMD ransomware continued its targeting of the healthcare sector. Everest's compromise of Asopagos s.a. in Colombia indicates ongoing risk to the Government/Public Sector.
Victim Distribution
By Country
- United States: 14
- Venezuela: 1
- Colombia: 1
- United Kingdom: 1
- Switzerland: 1
- Sri Lanka: 1
- Saudi Arabia: 1
- Mexico: 1
- Malaysia: 1
- Italy: 1
By Industry
- Legal Services: 3
- Healthcare: 2
- Retail: 2
- Business Services & Supplies: 1
- Wholesale Greenhouse: 1
- Transportation Equipment Manufacturing: 1
- Precious Metals Refining: 1
- Medical Equipment Manufacturing: 1
- Facilities Services: 1
- Education: 1
The United States remains the primary target country for ransomware, representing over half of the reported victims. Targeting is diverse, but Legal Services and Healthcare sectors show a significant concentration, demonstrating persistent threats to professional and essential services.
Ransomware News
Topline
The period shows complex criminal ecosystems are emerging alongside persistent ransomware and extortion campaigns, influencing cyber insurance market dynamics.
Campaigns & Operations
Flashpoint's analysis details "The Com," a diffuse neo-Nazi criminal ecosystem. Its "Hacker Com" wing is involved in breaches, DDoS attacks, and ransomware activity, recruits from gaming communities, and targets cloud and SaaS platforms. Separately, Qilin ransomware confirmed a cyber incident at Kennedy McLaughlin & Associates, an accounting firm, and DragonForce allegedly breached QLS Group, a Victorian retail logistics firm. ShinyHunters conducted a voice-phishing attack against Charter Communications, compromising an employee's Microsoft Entra identity and accessing a Salesforce instance, affecting 4.9 million accounts. A ransomware-style cyberattack also impacted Portraitbox GmbH, a German IT service provider for school photographers.
Vulnerabilities & TTPs
Threat actors are using sophisticated social engineering tactics, such as the voice-phishing attack ShinyHunters used to gain initial access via a compromised Microsoft Entra identity for Salesforce. The Com ecosystem targets critical cloud and SaaS platforms, including Okta, Salesforce, and Microsoft 365, showing a focus on widely adopted enterprise solutions.
Analyst Note
These incidents show threat actors are becoming more sophisticated, and strong defense is needed against social engineering and supply chain compromises.
Technical Takeaways
- The_Gentelman is the most active group, claiming four new victims across manufacturing and agriculture.
- The United States is the primary target country, accounting for 14 of the 25 reported ransomware victims.
- Legal Services and Healthcare are consistently targeted by various ransomware groups, along with Manufacturing.
- Extortion campaigns continue to use social engineering techniques, specifically voice-phishing, to compromise cloud and SaaS platforms.
- New threat ecosystems, such as "The Com," are emerging, integrating ransomware with broader criminal activities like child exploitation and physical intimidation.
