Ransomware Group intelligence

Helldown

Inactive

Track Helldown with 37 published victims and 2 known leak locations in a single intelligence view.

Victims 37 Known published victims in this dataset

First discovered 2024-08-13 Earliest victim discovery date

Last discovered 2024-11-06 Latest victim discovery date

Inactive since 535 days Days since the latest known victim

Top country United States 9 victims

Known locations 2 Leak or negotiation infrastructure tracked

Helldown is tracked by Breach House as a ransomware group with 37 published victims.

United States is currently the most targeted country in this dataset.

2 known leak locations are currently associated with this group.

Top Countries

Distribution

Label	Type	Availability	Links
Leak location 1	Onion service	Unknown	`onyxcgfg4pjevvp5h34zvhaj45kbft3dg5r33j5vu3nyp7xic3vrzvad.onion`
Leak location 2	Onion service	Unknown	`onyxcym4mjilrsptk5uo2dhesbwntuban55mvww2olk5ygqafhu3i3yd.onion`

No sector intelligence available.

Ransom Notes (0)

▼

No ransom notes available for this group.

Tools Used

▼

No tools used available.

YARA Rules (0)

▼

No YARA rules available.

Indicators of Compromise (0)

▼

No IoCs available for this group.

Negotiation Chats (0)

▼

No negotiation chats available.

No external research sources linked yet.

Victims (37)

Search, filter and paginate the victim timeline for Helldown.

Type	Target	Discovered	Country	Business Category
Ransomware	klinkamkurpark id15199 View details	2024-11-06	Germany	Other
klinik-am-kurpark.de ID 15199
Ransomware	hausdesstiftens.org id15198 View details	2024-11-06	Germany	Other
hausdesstiftens.org ID 15198
Ransomware	nightnurse.ch id15197 View details	2024-11-06	Switzerland	Other
www.nightnurse.ch ID 15197
Ransomware	fuelco id15196 View details	2024-11-06		Energy
fuelco-us.com ID 15196
Ransomware	VALLEYFIRM id15195 View details	2024-11-06	Hong Kong	Other
valleyfirm.com ID 15195
Ransomware	children id15194 View details	2024-11-06	India	Other
generaldentistryforchildren.com ID 15194
Ransomware	knoxlawcenter id15193 View details	2024-11-06	United States	Finance / Legal / Insurance
www.knoxlawcenter.com ID 15193
Ransomware	AMERICANVENTURE id15192 View details	2024-11-06	United States	Other
americanventures.com ID 15192
Ransomware	CSIKBS id15191 View details	2024-11-06	Japan	Other
www.csikitchenandbath.com ID 15191
Ransomware	SANJACINTOCOUNY id15190 View details	2024-11-06	United States	Other
www.co.san-jacinto.tx.us ID 15190
Ransomware	compassfs id15189 View details	2024-11-06	United States	Other
www.compassfs.net ID 15189
Ransomware	lacliniqueducoureur id15188 View details	2024-11-06	Canada	Other
lacliniqueducoureur.com ID 15188
Ransomware	TIVOLI-33 id15187 View details	2024-11-06	France	Other
tivoli-33.org ID 15187
Ransomware	qualiform.cz id15186 View details	2024-11-06	Czechia	Other
www.qualiform.cz ID 15186
Ransomware	SMARTS-ENGINEER id15185 View details	2024-11-06	Russian Federation	Manufacturing / Engineering
www.smarts-engineering.de ID 15185
Ransomware	HBGJEWISHCOMMUN id13970 View details	2024-08-24	United States	Other
www.jewishharrisburg.org ID 13970
Ransomware	barryavenueplating id13962 View details	2024-08-23	United States	Hospitality / Food & Beverage / Tourism
www.barryavenueplating.com ID 13962
Ransomware	rsk-immobilien id13961 View details	2024-08-23	Germany	Other
www.rsk-immobilien.de ID 13961
Ransomware	cincinnatipainphysicians id13949 View details	2024-08-22	United States	Services
www.cincinnatipainphysicians.com ID 13949
Ransomware	kbosecurity.co.uk id13936 View details	2024-08-22	United Kingdom	Other
kbosecurity.co.uk ID 13936
Ransomware	khonaysser.com id13935 View details	2024-08-22	Lebanon	Other
khonaysser.com ID 13935
Ransomware	BARRYAVEPLATING id13922 View details	2024-08-21	United States	Hospitality / Food & Beverage / Tourism
BARRYAVEPLATING ID 13922
Ransomware	RSK-IMMOBILIEN id13921 View details	2024-08-21	Germany	Other
RSK-IMMOBILIEN ID 13921
Ransomware	ATP id13905 View details	2024-08-20	Italy	Other
atpsassari.it ID 13905
Ransomware	Khonaysser id13896 View details	2024-08-19	Lebanon	Other
Khonaysser ID 13896
Ransomware	kbo id13890 View details	2024-08-18	United Kingdom	Other
Here's something encrypted, password is required to continue reading. ID 13890
Ransomware	zyxel id13867 View details	2024-08-17	Netherlands	IT
Zyxel.eu is a European branch of Zyxel Communications Corporation, a global leader in networking solutions. It specializes in providing innovative and reliable internet connectivity products and services, including routers, switches, security appliances, and cloud-based network management systems. Zyxel focuses on empowering businesses and home users with cutting-edge technology to enhance their digital experiences. ID 13867
Ransomware	hugwi id13824 View details	2024-08-14	Switzerland	IT
Hugwi.ch is a Swiss-based company specializing in providing cutting-edge digital solutions, with a focus on web development, e-commerce, and custom software. They offer tailored services to businesses, enhancing their online presence and operational efficiency. Known for their innovation and customer-centric approach, Hugwi.ch combines technical expertise with creative design to deliver high-quality, scalable solutions that meet diverse client needs. ID 13824
Ransomware	SCHLATTNER id13810 View details	2024-08-13	Germany	Other
No additional victim description available. ID 13810
Ransomware	deganis id13809 View details	2024-08-13	France	Other
No additional victim description available. ID 13809
Ransomware	XPERT Business Solutions GmbH id13802 View details	2024-08-13	Austria	Services
No additional victim description available. ID 13802
Ransomware	MyFreightWorld id13801 View details	2024-08-13	United States	Transportation / Travel / Logistics
No additional victim description available. ID 13801
Ransomware	cbmm id13800 View details	2024-08-13	Brazil	Other
No additional victim description available. ID 13800
Ransomware	AZIENDA TRASPORTI PUBBLICI S.P.A. id13799 View details	2024-08-13	Italy	Other
No additional victim description available. ID 13799
Ransomware	briju id13798 View details	2024-08-13	Poland	Other
No additional victim description available. ID 13798
Ransomware	vindix id13797 View details	2024-08-13	Poland	Other
No additional victim description available. ID 13797
Ransomware	Albatros id13796 View details	2024-08-13	Italy	Other
No additional victim description available. ID 13796

Helldown

Overview

Top Countries

Known Leak Locations (2)

Top Activity Sectors