Settra Ransomware Tops 24h Activity With 11 New Victims
Statistical Overview
Victim Totals
- This month: 829
- This quarter: 2372
- Year to date: 4993
- Last 24h: 39
Quarterly Breakdown
Q1: 2631 | Q2: 2372 | Q3: 0 | Q4: 0
Ransomware activity remains consistent, with 39 new victims observed in the last 24 hours. The quarterly total of 2372 indicates sustained operations, and the current daily volume points to a stable, ongoing threat environment rather than an exceptional surge.
Introduction
39 new ransomware victims were recorded in the last 24 hours. The most active groups included Settra (11 victims), The_Gentlemen (8 victims), Gunra (3 victims), Medusa Locker (3 victims), and PEAR (3 victims). Affected sectors included Construction & Engineering, Professional Services, Technology/Software, and Manufacturing. The United States, France, and Canada were the most targeted geographies.
Ransomware Summary Table
| # | Group | Victims (24h) | Sample Victims | Geos | Sectors |
|---|---|---|---|---|---|
| 1 | Settra | 11 | Clc-tn.com, Ilex-paysages.com, Infinedi.net (+8) | France, United States | Construction & Engineering, Professional Services |
| 2 | The Gentlemen | 8 | Centre ophtalmologique dermont, Climax technology, Comp trading co (+5) | Japan, Taiwan | Technology / Software, Construction & Engineering |
| 3 | Gunra | 3 | On-us, Pirámide seguros, Yuditec s.a. | Venezuela, Hong Kong | Financial Services, Manufacturing |
| 4 | Medusa Locker | 3 | Banajah-bajapah, Forces, Penticton and district society for community living | None, Canada | Professional Services, Nonprofit |
| 5 | PEAR | 3 | Ora group information, Sociedad latina, Spector and lenz, pc | France, United States | Retail & Ecommerce, Nonprofit |
| 6 | Qilin | 3 | Chamco, Hemmersbach gmbh & co. kg, Kunert fashion | Germany, Canada | Technology / Software, Manufacturing |
| 7 | Akira | 2 | About todd hamaker & johnson, Advanced business systems | United States | Professional Services, Technology / Software |
| 8 | CMD | 2 | Medlink Georgia, Port Angeles Composite | United States | Manufacturing, Healthcare |
| 9 | Black Nevas | 1 | Abans group | India | Financial Services |
| 10 | Embargo | 1 | Www.maytrucking.com | United States | Transportation & Logistics |
| 11 | Genesis | 1 | Brooklyn defender services | United States | Legal |
| 12 | INC Ransom | 1 | Italy | Legal |
Settra was the most active group, with 11 new victims primarily in France and the United States across Construction & Engineering and Professional Services. The Gentlemen followed with 8 victims, targeting Technology/Software and Construction & Engineering in Japan and Taiwan. Medusa Locker and PEAR each accounted for 3 new incidents affecting Professional Services, Nonprofit, and Retail & Ecommerce sectors across Canada, France, and the United States. The targeting shows a continued focus on professional services and manufacturing, with activity in North America and Western Europe.
Victim Distribution
By Country
- United States: 17
- Canada: 3
- France: 3
- Germany: 3
- United Kingdom: 2
- Uruguay: 1
- Venezuela: 1
- India: 1
- Hong Kong: 1
- Italy: 1
By Industry
- Legal Services: 2
- Textile Manufacturing: 2
- Lumber and Building Materials: 1
- Accounting: 1
- Auditing and Certification Services: 1
- Aviation and Aerospace Component Manufacturing: 1
- Civil Engineering: 1
- Construction and Development: 1
- Healthcare: 1
- Industrial Machinery Manufacturing: 1
The United States remains the primary target country, accounting for nearly half of all new victims, followed by Canada, France, and Germany. Industry targeting is diversified, with Legal Services and Textile Manufacturing seeing multiple incidents. This reflects a broad-spectrum approach rather than hyper-specialization by most groups.
Ransomware News
Topline - Recent developments include a corporate breach by Blackfield ransomware, updated organizational tactics used by groups like Black Basta, and confirmed exploitation of a Windows Defender vulnerability by ransomware actors.
Campaigns & Operations - Blackfield ransomware breached Nidec Corporation's Taiwanese subsidiary, Nidec Chaun Choung Technology, demanding a $2 million ransom with a tiered extortion model. The attackers threatened data leakage and offered an immediate download option for $400,000. This demonstrates a data-extortion focus following a previous 2024 Nidec breach by other groups.
Vulnerabilities & TTPs - CISA confirmed ransomware gangs are exploiting the high-severity Windows Defender privilege-escalation flaw, CVE-2026-33825 (BlueHammer), to gain SYSTEM access and potentially full control of compromised machines. Separately, analysis of groups like Black Basta reveals organized, corporate-style operations. These include outsourced services, a Moscow-time call center, performance-based wages, and multi-extortion tactics that use data audits and cyber insurance as pricing signals.
Analyst Note - These incidents collectively demonstrate how ransomware operations continue to adapt by targeting infrastructure, exploiting known vulnerabilities quickly, and employing advanced organizational structures and negotiation strategies.
Technical Takeaways
- Settra was the most active ransomware group, impacting 11 organizations across Construction & Engineering and Professional Services sectors in France and the United States.
- The United States continues to be the most targeted geography, representing 17 of the 39 observed victims.
- Ransomware groups show diverse industry targeting, with Legal Services, Textile Manufacturing, and various professional services experiencing multiple incidents.
- Blackfield ransomware executed a data extortion campaign against Nidec Corporation, demanding $2 million and using a tiered payment model.
- Ransomware operators are actively exploiting the Windows Defender privilege-escalation flaw, CVE-2026-33825, for local system control. This highlights the need for timely patching.
- Analysis indicates that some ransomware syndicates, such as Black Basta, operate with corporate-like structures, including specialized roles, negotiation strategies, and multi-extortion tactics.