Ransomware Group intelligence

Toufan

Inactive

Track Toufan with 117 published victims and 6 known leak locations in a single intelligence view.

Victims 117 Known published victims in this dataset

First discovered 2023-12-17 Earliest victim discovery date

Last discovered 2023-12-27 Latest victim discovery date

Inactive since 849 days Days since the latest known victim

Top country Israel 27 victims

Known locations 6 Leak or negotiation infrastructure tracked

Toufan is tracked by Breach House as a ransomware group with 117 published victims.

Israel is currently the most targeted country in this dataset.

6 known leak locations are currently associated with this group.

Top Countries

Distribution

Label	Type	Availability	Links
Leak location 1	Web location	Unknown	`t.me/s/CyberToufanBackup`
Leak location 2	Web location	Unknown	`t.me/s/CyberToufan`
Leak location 3	Web location	Unknown	`t.me/CyberToufan`
Leak location 4	Web location	Unknown	`t.me/CyberToufan02`
Leak location 5	Web location	Unknown	`t.me/CyberToufanBackup`
Leak location 6	Web location	Unknown	`toufanleaks.org`

No sector intelligence available.

Ransom Notes (0)

▼

No ransom notes available for this group.

Tools Used

▼

No tools used available.

YARA Rules (0)

▼

No YARA rules available.

Indicators of Compromise (0)

▼

No IoCs available for this group.

Negotiation Chats (0)

▼

No negotiation chats available.

No external research sources linked yet.

Victims (117)

Search, filter and paginate the victim timeline for Toufan.

Type	Target	Discovered	Country	Business Category	Intel Link
Ransomware	ecom.gov.il id10307 View details	2023-12-27	Israel	Other	—
No additional victim description available. ID 10307
Ransomware	maytronics.com id10306 View details	2023-12-27	Israel	Other	—
No additional victim description available. ID 10306
Ransomware	carolinalemke.com id10301 View details	2023-12-26	Germany	Other	—
No additional victim description available. ID 10301
Ransomware	ari.co.il id10300 View details	2023-12-26	Israel	Other	—
No additional victim description available. ID 10300
Ransomware	allot.com id10279 View details	2023-12-23		Other	—
No additional victim description available. ID 10279
Ransomware	bconnect.co.il id10273 View details	2023-12-23	Israel	Other	—
No additional victim description available. ID 10273
Ransomware	super-pharm.co.il id10272 View details	2023-12-23	Israel	Other	—
No additional victim description available. ID 10272
Ransomware	teldor.com id10261 View details	2023-12-22		Other	—
No additional victim description available. ID 10261
Ransomware	erco.co.il id10260 View details	2023-12-22	Israel	Other	—
No additional victim description available. ID 10260
Ransomware	tefentech.com id10230 View details	2023-12-20		IT	—
No additional victim description available. ID 10230
Ransomware	zoko.co.il id10229 View details	2023-12-20	Israel	Other	—
No additional victim description available. ID 10229
Ransomware	strauss-group.com id10188 View details	2023-12-19		Services	—
No additional victim description available. ID 10188
Ransomware	www.pts-tools.com id10184 View details	2023-12-19		Other	—
No additional victim description available. ID 10184
Ransomware	www.plasson-pead.com.br id10183 View details	2023-12-19	Brazil	Other	—
No additional victim description available. ID 10183
Ransomware	www.nistx.com id10182 View details	2023-12-19		Other	—
No additional victim description available. ID 10182
Ransomware	www.ktstooling.com id10181 View details	2023-12-19		Other	—
No additional victim description available. ID 10181
Ransomware	www.herrickindustrial.com id10180 View details	2023-12-19		Manufacturing / Engineering	—
No additional victim description available. ID 10180
Ransomware	www.drillmex.com id10179 View details	2023-12-19		Other	—
No additional victim description available. ID 10179
Ransomware	www.dixie-tool.com id10178 View details	2023-12-19		Other	—
No additional victim description available. ID 10178
Ransomware	www.copreinternacional.com id10177 View details	2023-12-19		Communication / Marketing	—
No additional victim description available. ID 10177
Ransomware	www.butlerbros.com id10176 View details	2023-12-19		Other	—
No additional victim description available. ID 10176
Ransomware	www.atwoodindustries.com id10175 View details	2023-12-19		Other	—
No additional victim description available. ID 10175
Ransomware	wsies.com id10174 View details	2023-12-19		Other	—
No additional victim description available. ID 10174
Ransomware	vehicle.touch-ins.co.il id10173 View details	2023-12-19	Israel	Other	—
No additional victim description available. ID 10173
Ransomware	tryhardindustrial.ca id10172 View details	2023-12-19	Canada	Manufacturing / Engineering	—
No additional victim description available. ID 10172
Ransomware	sys.udidagan.co.il id10171 View details	2023-12-19	Israel	Other	—
No additional victim description available. ID 10171
Ransomware	sys.touch-ins.co.il id10170 View details	2023-12-19	Israel	Other	—
No additional victim description available. ID 10170
Ransomware	sys-cspartnershq1.caesarstone.com id10169 View details	2023-12-19		Other	—
No additional victim description available. ID 10169
Ransomware	sys-cspartners.caesarstoneus.com id10168 View details	2023-12-19		Other	—
No additional victim description available. ID 10168
Ransomware	sys-cspartners.caesarstone.sg id10167 View details	2023-12-19	Singapore	Other	—
No additional victim description available. ID 10167
Ransomware	sys-cspartners.caesarstone.co.uk id10166 View details	2023-12-19	United Kingdom	Other	—
No additional victim description available. ID 10166
Ransomware	sys-cspartners.caesarstone.com.au id10165 View details	2023-12-19	Australia	Other	—
No additional victim description available. ID 10165
Ransomware	sys-cspartners.caesarstone.ca id10164 View details	2023-12-19	Canada	Other	—
No additional victim description available. ID 10164
Ransomware	sys.biopet.co.il id10163 View details	2023-12-19	Israel	Other	—
No additional victim description available. ID 10163
Ransomware	store.toolneeds.com id10162 View details	2023-12-19		Retail / E-commerce	—
No additional victim description available. ID 10162
Ransomware	store.brunswickindustrial.com id10161 View details	2023-12-19		Manufacturing / Engineering	—
No additional victim description available. ID 10161
Ransomware	stage.kravitz.co.il id10160 View details	2023-12-19	Israel	Other	—
No additional victim description available. ID 10160
Ransomware	shop.smithindustrialsupply.com id10159 View details	2023-12-19		Manufacturing / Engineering	—
No additional victim description available. ID 10159
Ransomware	shop.shopsupply.net id10158 View details	2023-12-19		Retail / E-commerce	—
No additional victim description available. ID 10158
Ransomware	shop.reggiemckenzieindustrial.com id10157 View details	2023-12-19		Manufacturing / Engineering	—
No additional victim description available. ID 10157
Ransomware	shop.qct.tools id10156 View details	2023-12-19		Retail / E-commerce	—
No additional victim description available. ID 10156
Ransomware	shop.lgindustrial.com id10155 View details	2023-12-19		Manufacturing / Engineering	—
No additional victim description available. ID 10155
Ransomware	shop.emprecise.com id10154 View details	2023-12-19		Retail / E-commerce	—
No additional victim description available. ID 10154
Ransomware	shop.clador.com id10153 View details	2023-12-19		Retail / E-commerce	—
No additional victim description available. ID 10153
Ransomware	shop.britecon.com id10152 View details	2023-12-19		Retail / E-commerce	—
No additional victim description available. ID 10152
Ransomware	shefa-online.co.il id10151 View details	2023-12-19	Israel	Other	—
No additional victim description available. ID 10151
Ransomware	selwayindustrialsupply.com id10150 View details	2023-12-19		Manufacturing / Engineering	—
No additional victim description available. ID 10150
Ransomware	rocket-supply.com id10149 View details	2023-12-19		Other	—
No additional victim description available. ID 10149
Ransomware	rmpis.com id10148 View details	2023-12-19		Other	—
No additional victim description available. ID 10148
Ransomware	reserved-il.com id10147 View details	2023-12-19		Other	—
No additional victim description available. ID 10147
Ransomware	pts-tools.com id10146 View details	2023-12-19		Other	—
No additional victim description available. ID 10146
Ransomware	product.touch-ins.co.il id10145 View details	2023-12-19	Israel	Communication / Marketing	—
No additional victim description available. ID 10145
Ransomware	pmt-usa.com id10144 View details	2023-12-19		Other	—
No additional victim description available. ID 10144
Ransomware	phoenix.touch-ins.co.il id10143 View details	2023-12-19	Israel	Other	—
No additional victim description available. ID 10143
Ransomware	pet.touch-ins.co.il id10142 View details	2023-12-19	Israel	Other	—
No additional victim description available. ID 10142
Ransomware	pet.biopet.co.il id10141 View details	2023-12-19	Israel	Other	—
No additional victim description available. ID 10141
Ransomware	paragon-supply.com id10140 View details	2023-12-19		Other	—
No additional victim description available. ID 10140
Ransomware	old.shefa-online.co.il id10139 View details	2023-12-19	Israel	Other	—
No additional victim description available. ID 10139
Ransomware	norviktools.com id10138 View details	2023-12-19		Other	—
No additional victim description available. ID 10138
Ransomware	northernprecisionsales.com id10137 View details	2023-12-19		Retail / E-commerce	—
No additional victim description available. ID 10137
Ransomware	newstore.johnstoncompanies.com id10136 View details	2023-12-19		Retail / E-commerce	—
No additional victim description available. ID 10136
Ransomware	mortgage.touch-ins.co.il id10135 View details	2023-12-19	Israel	Other	—
No additional victim description available. ID 10135
Ransomware	morsecuttingtools.com id10134 View details	2023-12-19		Other	—
No additional victim description available. ID 10134
Ransomware	mitchellmckinney.com id10133 View details	2023-12-19		Other	—
No additional victim description available. ID 10133
Ransomware	mgisales.com id10132 View details	2023-12-19		Retail / E-commerce	—
No additional victim description available. ID 10132
Ransomware	m.biopet.co.il id10131 View details	2023-12-19	Israel	Other	—
No additional victim description available. ID 10131
Ransomware	libertytool.com id10130 View details	2023-12-19		Other	—
No additional victim description available. ID 10130
Ransomware	ktstooling.com id10129 View details	2023-12-19		Other	—
No additional victim description available. ID 10129
Ransomware	knightesupply.com id10128 View details	2023-12-19		Other	—
No additional victim description available. ID 10128
Ransomware	keter.com id10127 View details	2023-12-19		Other	—
No additional victim description available. ID 10127
Ransomware	keter.co.il id10126 View details	2023-12-19	Israel	Other	—
No additional victim description available. ID 10126
Ransomware	its-supply.com id10125 View details	2023-12-19		Other	—
No additional victim description available. ID 10125
Ransomware	h-o.co.il id10124 View details	2023-12-19	Israel	Other	—
No additional victim description available. ID 10124
Ransomware	goronco.com id10123 View details	2023-12-19		Other	—
No additional victim description available. ID 10123
Ransomware	gordonindustrial.com id10122 View details	2023-12-19		Manufacturing / Engineering	—
No additional victim description available. ID 10122
Ransomware	global.keter.com id10121 View details	2023-12-19		Services	—
No additional victim description available. ID 10121
Ransomware	giddirect.com id10120 View details	2023-12-19		Other	—
No additional victim description available. ID 10120
Ransomware	gfwdsupply.com id10119 View details	2023-12-19		Other	—
No additional victim description available. ID 10119
Ransomware	fugatesales.com id10118 View details	2023-12-19		Retail / E-commerce	—
No additional victim description available. ID 10118
Ransomware	drillmex.com id10117 View details	2023-12-19		Other	—
No additional victim description available. ID 10117
Ransomware	dixie-tool.com id10116 View details	2023-12-19		Other	—
No additional victim description available. ID 10116
Ransomware	dctsupply.com id10115 View details	2023-12-19		Other	—
No additional victim description available. ID 10115
Ransomware	cspartnershq1.caesarstone.com id10114 View details	2023-12-19		Other	—
No additional victim description available. ID 10114
Ransomware	cspartners.caesarstoneus.com id10113 View details	2023-12-19		Other	—
No additional victim description available. ID 10113
Ransomware	cspartners.caesarstone.sg id10112 View details	2023-12-19	Singapore	Other	—
No additional victim description available. ID 10112
Ransomware	cspartners.caesarstone.co.uk id10111 View details	2023-12-19	United Kingdom	Other	—
No additional victim description available. ID 10111
Ransomware	cspartners.caesarstone.com.au id10110 View details	2023-12-19	Australia	Other	—
No additional victim description available. ID 10110
Ransomware	cspartners.caesarstone.ca id10109 View details	2023-12-19	Canada	Other	—
No additional victim description available. ID 10109
Ransomware	core.touch-ins.co.il id10108 View details	2023-12-19	Israel	Other	—
No additional victim description available. ID 10108
Ransomware	copreinternacional.com id10107 View details	2023-12-19		Communication / Marketing	—
No additional victim description available. ID 10107
Ransomware	colmarindustrial.com id10106 View details	2023-12-19		Manufacturing / Engineering	—
No additional victim description available. ID 10106
Ransomware	cmtindustrial.com id10105 View details	2023-12-19		Manufacturing / Engineering	—
No additional victim description available. ID 10105
Ransomware	cdt1.com id10104 View details	2023-12-19		Other	—
No additional victim description available. ID 10104
Ransomware	catalog.ustg.net id10103 View details	2023-12-19		Other	—
No additional victim description available. ID 10103
Ransomware	catalog.toolkrib.com id10102 View details	2023-12-19		Other	—
No additional victim description available. ID 10102
Ransomware	catalog.fotcnc.com id10101 View details	2023-12-19		Other	—
No additional victim description available. ID 10101
Ransomware	cartersoshkosh.co.il id10100 View details	2023-12-19	Israel	Other	—
No additional victim description available. ID 10100
Ransomware	butlerbros.com id10099 View details	2023-12-19		Other	—
No additional victim description available. ID 10099
Ransomware	blueashsupply.com id10098 View details	2023-12-19		Other	—
No additional victim description available. ID 10098
Ransomware	berkshireesupply.com id10097 View details	2023-12-19		Other	—
No additional victim description available. ID 10097
Ransomware	barindustrial.com id10096 View details	2023-12-19		Manufacturing / Engineering	—
No additional victim description available. ID 10096
Ransomware	badgermill.com id10095 View details	2023-12-19		Other	—
No additional victim description available. ID 10095
Ransomware	atwoodindustries.com id10094 View details	2023-12-19		Other	—
No additional victim description available. ID 10094
Ransomware	arieladar.com id10093 View details	2023-12-19		Other	—
No additional victim description available. ID 10093
Ransomware	api.touch-ins.co.il id10092 View details	2023-12-19	Israel	Other	—
No additional victim description available. ID 10092
Ransomware	apisinc.com id10091 View details	2023-12-19		Services	—
No additional victim description available. ID 10091
Ransomware	amtektool.com id10090 View details	2023-12-19		Other	—
No additional victim description available. ID 10090
Ransomware	alleghenytool.net id10089 View details	2023-12-19		Other	—
No additional victim description available. ID 10089
Ransomware	alcornindustrial.com id10088 View details	2023-12-19		Manufacturing / Engineering	—
No additional victim description available. ID 10088
Ransomware	ustg.net id10087 View details	2023-12-19		Other	—
No additional victim description available. ID 10087
Ransomware	naandanjain.com id10072 View details	2023-12-18		Other	—
No additional victim description available. ID 10072
Ransomware	Ta-Supply.com id10070 View details	2023-12-18		Other	—
No additional victim description available. ID 10070
Ransomware	techno-rezef.com id10065 View details	2023-12-17		IT	—
No additional victim description available. ID 10065
Ransomware	curver.com id10064 View details	2023-12-17		Other	—
No additional victim description available. ID 10064
Ransomware	dorot.com id10063 View details	2023-12-17		Other	—
No additional victim description available. ID 10063
Ransomware	graf.co.il id10062 View details	2023-12-17	Israel	Other	—
No additional victim description available. ID 10062
Ransomware	brother.co.il id10061 View details	2023-12-17	Israel	Other	—
No additional victim description available. ID 10061

Toufan

Overview

Top Countries

Known Leak Locations (6)

Top Activity Sectors