Ransomware Group intelligence

Exitium

Active

Track Exitium with 4 published victims and 1 known leak locations in a single intelligence view.

Victims 4 Known published victims in this dataset

First discovered 2026-03-17 Earliest victim discovery date

Last discovered 2026-04-14 Latest victim discovery date

Inactive since 11 days Days since the latest known victim

Top country United States 1 victims

Known locations 1 Leak or negotiation infrastructure tracked

Exitium is tracked by Breach House as a ransomware group with 4 published victims.

United States is currently the most targeted country in this dataset.

1 known leak locations are currently associated with this group.

Top Countries

Distribution

Label	Type	Availability	Links
Leak location 1	Onion service	Unknown	`m3ksukzn2glzfdvlusohril7n3iyk4z4fudf6mm22lwhpbpt5aiee5qd.onion`

No sector intelligence available.

Ransom Notes (0)

▼

No ransom notes available for this group.

Tools Used

▼

No tools used available.

YARA Rules (0)

▼

No YARA rules available.

Indicators of Compromise (0)

▼

No IoCs available for this group.

Negotiation Chats (0)

▼

No negotiation chats available.

No external research sources linked yet.

Victims (4)

Search, filter and paginate the victim timeline for Exitium.

Type	Target	Discovered	Country	Business Category
Ransomware	Gastroenterology & Hepatology of CNY id28206 View details	2026-04-14	NY	Healthcare / Medicine
Website: gandhofcny.com Zoominfo: https://www.zoominfo.com/c/gastroenterology--hepatology-of-cny-pc/346091487 Data sample, whole internal data will be sold if they wouldn't pay ransom. Also Digestive Disease Center of CNY, LLC (ddcofcny.com) GI practice + AAAHC-accredited endoscopy center. Syracuse, New York, USA. Full database for sale — 167,303 patients, 124,761 SSN, 49,798 with sensitive diagnoses: - 167,303 patients — 124,761 with SSN, 166,402 (99%) with address, 164,296 (98%) with phone, 85,318 (51%) with email - 1,093,863 diagnoses (ICD-10), 1,547,142 medications, 186,246 pathology specimens with narrative reports - Sensitive (dx + meds): 49,798 patients — 44,861 with SSN. Mental health: 43,902 \| Substance/Alcohol: 5,111 \| STIs: 2,779 \| Cancer: 2,708 \| Hepatitis C: 1,906 - Includes notable individuals (politicians, businesspeople, public figures) ID 28206
Ransomware	Ming Hwei Energy id27655 View details	2026-03-29	Taiwan, Province of China	Energy
Zoominfo: https://www.zoominfo.com/c/ming-hwei-energy-co-ltd/446006038 A small private B2B firm (11–50 staff, <$5M revenue), part of a Taiwanese fastener conglomerate. Manufacturer of solar cells in a niche where Taiwanese firms are consistently undercut by Chinese pricing. Their infra encrypted. ID 27655
Ransomware	Marborges Agroindustria id27537 View details	2026-03-23	Brazil	Agriculture / Food
Zoominfo: https://www.zoominfo.com/c/marborges-agroindustria/547271801 Company in Brasil with a bad security. ID 27537
Ransomware	Fannin CAD id27399 View details	2026-03-17	United States	—
Zoominfo: https://www.zoominfo.com/pic/fannin-central-appraisal-district/1117264519 Exfiltrated: 400 GB of data ID 27399

Exitium

Overview

Top Countries

Known Leak Locations (1)

Top Activity Sectors