Ransomware Group intelligence
Hellcat
InactiveTrack Hellcat with 22 published victims and 7 known leak locations in a single intelligence view.
Overview
Hellcat is tracked by Breach House as a ransomware group with 22 published victims.
United States is currently the most targeted country in this dataset.
7 known leak locations are currently associated with this group.
Top Countries
Interactive distribution based on the currently visible victims list.
Known Leak Locations (7)
| Label | Type | Availability | Links |
|---|---|---|---|
| Leak location 1 | Onion service | Unknown | hellcakbszllztlyqbjzwcbdhfrodx55wq77kmftp4bhnhsnn5r3odad.onion |
| Leak location 2 | Onion service | Unknown | hellcakbszllztlyqbjzwcbdhfrodx55wq77kmftp4bhnhsnn5r3odad.onion |
| Leak location 3 | Onion service | Unknown | hellcatdcy653ma43t2ryf2ztw5yfanqsbfmapndbqvteh5itctoijyd.onion |
| Leak location 4 | Onion service | Unknown | hellcatdnrsu4i5uctbklunpfyv2ppiioh5sb3leu4dfgizinrve3gqd.onion |
| Leak location 5 | Onion service | Unknown | hellcatdohzngkuh7zruzhi2wojrawbnzbyzljtkw6iluv5ussfer4id.onion |
| Leak location 6 | Onion service | Unknown | hellcatdue7rasyoi4oh6t3fhra5bpcj5t6xmrm4vjicfqdvrl24ijid.onion |
| Leak location 7 | Onion service | Unknown | hellcatj6xgvho4qxnr2nbzzthsqel577i5wvzcpfjgavbo3d5l657id.onion |
Top Activity Sectors
No sector intelligence available.
Ransom Notes (0)
▼No ransom notes available for this group.
Tools Used
▼No tools used available.
YARA Rules (0)
▼No YARA rules available.
Indicators of Compromise (0)
▼No IoCs available for this group.
Negotiation Chats (0)
▼No negotiation chats available.
Research Sources
No external research sources linked yet.
Victims (22)
Search, filter and paginate the victim timeline for Hellcat.
| Type | Target | Discovered | Country | Business Category | Intel Link |
|---|---|---|---|---|---|
| Ransomware | www id19719 View details | Other | — | ||
|
wwwwwwwwww |
|||||
| Ransomware | test id19258 View details | Other | — | ||
|
Today, we have hacked Example Corp, In total, we managed to steal over 33TB of Data, Including personal information's of millions around the globe |
|||||
| Ransomware | Potomac Financial Services id19074 View details | United States | Finance / Legal / Insurance | — | |
|
We have breached a U.S.-based financial services firm. 381GB of sensitive data has been secured. The name will be made public in a few hours. This is a warning. |
|||||
| Ransomware | P**o*** id19025 View details | Finance / Legal / Insurance | — | ||
|
We have breached a U.S.-based financial services firm. 381GB of sensitive data has been secured. The name will be made public in a few hours. This is a warning. |
|||||
| Ransomware | CVTE id19024 View details | China | IT | — | |
|
We have breached the internal systems of Guangzhou Shiyuan Electronic Technology, securing sensitive files that, if exposed, would cause serious disruption across operations and partnerships. |
|||||
| Ransomware | HighWire Press id18976 View details | United States | Communication / Marketing | — | |
|
Jiraware <<3 !! We hold sensitive data from HighWire Press, a leading platform serving scholarly publishers. The data includes internal documents, communications, and materials that could impact both HighWire and its publishing partners. |
|||||
| Ransomware | Racami id18975 View details | United States | Services | — | |
|
Jiraware <<3 !! We have breached Racami’s internal systems. The data in our possession poses a serious threat to their business continuity, reputation, and client trust. |
|||||
| Ransomware | Asseco id18974 View details | Poland | Finance / Legal / Insurance | — | |
|
Jiraware <<3 !! We have breached Asseco’s internal systems, stealing sensitive files, communications, financial records, and source material |
|||||
| Ransomware | LeoVegas AB id18973 View details | Sweden | Energy | — | |
|
We have compromised the internal systems of LeoVegas AB. The data in our possession threatens their operations, regulatory compliance, and customer trust. |
|||||
| Ransomware | Transsion Holdings id18783 View details | China | Communication / Marketing | — | |
|
We hold almost 70GB of sensitive data from Transsion, a leading mobile device provider with $8.6B in revenue. This includes emails, internal communications, source codes, project planning, and data from Transsion and its partners. |
|||||
| Ransomware | Grupo Santillana id18677 View details | Spain | Communication / Marketing | — | |
|
We hold sensitive files from Santillana, the largest business unit of Spain’s publicly traded Prisa media group. The company must act quickly to prevent the exposure of this data. |
|||||
| Ransomware | Omnitracs id18676 View details | United States | Communication / Marketing | — | |
|
We hold sensitive files from Omnitracs, a leading provider of fleet management and logistics solutions. The company must act swiftly to prevent the exposure of this data. |
|||||
| Ransomware | Electronics For Imaging id18478 View details | United States | Public Sector | — | |
|
We hold 19GB of sensitive files from Electronics For Imaging, Inc., including critical corporate data that could jeopardize the company's operations, client relationships, and reputation if released publicly. |
|||||
| Ransomware | Ascom Holding AG id18432 View details | Switzerland | Retail / E-commerce | — | |
|
44GB of sensitive data including internal reports, sales documents, confidential contracts, development tools, and source code stolen from Ascom. |
|||||
| Ransomware | OneDealer id18093 View details | Germany | Retail / E-commerce | — | |
|
We have obtained over 330,000 records from OneDealer partners, including sales reports, leads, customer data, and vehicle details with VINs and license plates. Affected companies include AutoHellas, AutoBesikos, KosmoCar, AWT, Karenta AE, QA, Proaxia, Hyundai, BMW, Audi, Kia, |
|||||
| Ransomware | Car Care Plan - Turkey id16397 View details | Türkiye | Finance / Legal / Insurance | — | |
|
We have successfully stolen over50 GBof data from Car Care Plan, including financial records with sensitive information, legal documents and statements, customer records, along with internal documents and records. All the data has been encrypted, and without our decryption key, it is almost impossible to decrypt.To ensure the return of this data, we are demanding a ransom of0.5 BTC. The deadline for this payment is fast approaching. Once the payment is received, the decryption key will be provided, and the data will be returned without delay. It is up to Car Care Plan to act accordingly. |
|||||
| Ransomware | Sistem Informasi Pengelolaan Keuangan Daerah (SIPKD) id16387 View details | Indonesia | Agriculture / Food | — | |
|
We have successfully stolen82 GBof data, including backups, from the e-Finance system of Blora Regency, known as theSistem Informasi Pengelolaan Keuangan Daerah (SIPKD). The data spans from 2018 to the present and remains in our possession. To ensure its safe return, we are demanding1.5 BTC. The deadline for this payment is fast approaching. Once the payment is received, the data will be returned without further delay. The terms are clear, and it is up to Blora Regency's authorities to act accordingly. |
|||||
| Ransomware | Pinger - USA id16386 View details | United States | Communication / Marketing | — | |
|
We have successfully breached Pinger, obtaining 111 GB of sensitive data. This includes over 9 million user records, private messages, voice messages, internal tools such as phone number lookup and notification sender, backend systems, and source codes. Since the ransom was not paid, all the data has been publicly released. |
|||||
| Ransomware | College of Business - Tanzania id15146 View details | Tanzania, United Republic of | Education | — | |
|
We have released over 500,000 records from Tanzania’s College of Business Education, containing student names, phone numbers, emails, and additional data, including possible billing information. |
|||||
| Ransomware | Ministry of Education - Jordan id15145 View details | Jordan | Education | — | |
|
We have successfully accessed and compromised a range of sensitive documents from Jordan's Ministry of Education. This includes images of identification cards, divorce papers, and various letters addressed to the Minister. |
|||||
| Ransomware | Schneider Electric - France id15144 View details | France | Construction / Real Estate | — | |
|
[IA generated] Schneider Electric, based in France, is a global leader in energy management and automation. The company focuses on digital transformation by integrating world-leading process and energy technologies. It provides solutions for homes, buildings, data centers, infrastructure, and industries, enhancing efficiency and sustainability. Schneider Electric emphasizes innovation and sustainability in its offerings. |
|||||
| Ransomware | The Knesset - Israel id14970 View details | Israel | Communication / Marketing | — | |
|
We have successfully compromised the Knesset's secure networks and extracted 64GB of sensitive data. This includes internal communications and confidential documents. |
|||||