Genesis Ransomware Group Lists Five New Victims Including Healthcare and Engineering Firms

The ransomware group Genesis has published claims against five organizations on its dark web leak site, marking a significant burst of activity from this emerging threat actor. The newly listed targets span multiple sectors: Rain Makers Solutions, Van Atta Engineering, Prescott & Holden, The American Board of Preventive Medicine, and CarePoint Health. The inclusion of healthcare-related entities raises particular concern given the sector's history of being targeted by ransomware operations seeking to maximize leverage through operational disruption.

The posted claims remain unverified, and it is unclear whether data exfiltration has occurred or what ransom demands have been issued. Genesis appears to be a relatively new entrant in the ransomware ecosystem, and threat intelligence analysts are monitoring the group's operational patterns, encryption methods, and negotiation tactics. The diversity of targets—ranging from engineering firms to medical credentialing organizations—suggests either an opportunistic attack strategy or the work of an initial access broker supplying compromised networks to multiple affiliates.

Healthcare organizations listed in the posts, including CarePoint Health and The American Board of Preventive Medicine, face heightened risk if sensitive patient data or credentialing records were accessed. Ransomware attacks against medical providers can trigger regulatory scrutiny under HIPAA and similar frameworks, compounding operational and reputational damage. Organizations named in such posts are advised to initiate incident response protocols, preserve forensic evidence, and assess potential data exposure. The Genesis listings underscore the continued threat posed by new ransomware groups entering the field, even as law enforcement actions have disrupted several major operations in recent months.