This page collects WhisperX intelligence signals tagged #double-extortion. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
Two ransomware-as-a-service operations, DragonForce and Qilin, have published fresh victim entries on their respective dark web leak sites, according to real-time threat intelligence monitoring. DragonForce listed CF Evans Construction as a newly compromised target, while Qilin simultaneously posted Lindabury on its le...
The ransomware-as-a-service group Qilin has posted a claim on a dark-web forum asserting that it obtained undisclosed data from Fogel Capital Management, a financial services firm. The claim, dated May 2026 according to the associated intelligence link, appeared on the social media platform Mastodon and remains unverif...
A new post from the Qilin ransomware group has surfaced referencing the shipping services sector, according to a post on Mastodon. The announcement, which links to a RansomLook group page for Qilin, suggests the threat actors may be preparing to target or have already targeted organizations within the shipping and logi...
The ransomware-as-a-service group Qilin has reportedly posted about Exco Technologies, a Canadian industrial extrusion machinery manufacturer, on a dark-web leak site linked to the threat actor. The post, detected via threat intelligence monitoring feeds, signals a potential ransomware incident or data exfiltration tar...
The LAMASHTU ransomware operation has added Sistemas Electrónicos y de Telecomunicaciones to its public dark web leak site, signaling a fresh victim in what threat intelligence trackers describe as an active extortion campaign. The listing, surfaced through OSINT monitoring of the group's Tor-based infrastructure, sugg...
Two ransomware-as-a-service operations have published fresh victim listings on their respective dark web blogs, according to threat intelligence monitoring. The Genesis ransomware group posted multiple organizations, while InCRansom added at least one new target to their leak site. Genesis, an established ransomware o...
A ransomware collective identifying as Genesis has appeared to reference a Casino Gaming Commission in a post shared via a dark web forum, according to a monitoring feed captured on Mastodon. The brief signal, detected through automated threat intelligence aggregation, suggests the group may be preparing to publish or ...
A new post from the Aurora ransomware group has surfaced, claiming responsibility for targeting Startec Group of Companies. The alleged compromise was flagged through a notification referencing the RansomLook threat intelligence platform, which monitors dark web ransomware activity. The full scope of the claimed intrus...
The Akira ransomware group has reportedly listed Kaplan Companies on its dark web leak site, according to threat intelligence monitoring sources tracking the operation. The posting places the company directly in the crosshairs of one of the most active ransomware-as-a-service groups currently operating in the cybercrim...
The Qilin ransomware operation has listed Mediapost Spain on its dark web leak site, according to a post shared on Mastodon referencing the RansomLook monitoring platform. The listing signals that the Spanish arm of the European postal and logistics company has fallen victim to the ransomware group's double-extortion t...
A new blog post from the ransomware collective known as Everest has surfaced, claiming responsibility for a database breach affecting a company within the Norstella portfolio. The post, titled "Evaluate a Norstella company - Database Leaked," appeared on the group's dark web portal and includes what is presented as pro...
Integrated Process Engineers & Constructors, a firm specializing in process engineering and construction services, has been added to the GENESIS ransomware leak site, according to OSINT monitoring sources. The listing suggests that data associated with the company may have been published on the dark web platform follow...
A ransomware group identifying itself as Coinbase Cartel has reportedly posted information regarding Buenos Aires Software, an Argentine software company, on a known dark-web leak site. The posting, visible through the threat intelligence platform Ransomlook, suggests an active extortion or data theft operation against...
The DRAGONFORCE ransomware operation has listed marketing services firm MicroMarketing as a victim on its dark web leak site, according to threat intelligence tracking by RedPacketSecurity. The listing suggests the group has exfiltrated data from the company and may be preparing to release it publicly if ransom demands...
The QILIN ransomware operation has added LTJ Industrial Services to its public victim roster, signaling potential data exposure from the industrial sector. RedPacket Security, a threat intelligence tracker, documented the addition, indicating the group may possess sensitive corporate data and is demanding payment to pr...
West Pharmaceutical Services, a major player in the pharmaceutical manufacturing sector, fell victim to a sophisticated cybersecurity breach on May 4, 2026. Attackers successfully infiltrated the company's systems, encrypted critical data, and exfiltrated sensitive information before the intrusion was identified. The s...
The Qilin ransomware operation has added Schulte-Lindhorst Gmbh & Co. to its public list of claimed victims, signaling a potential data breach at the German company. The posting, detected on dark web channels monitored through threat intelligence feeds, marks the latest addition to Qilin's portfolio of compromised orga...