Ransomware Group intelligence
Warlock
InactiveTrack Warlock with 78 published victims and 4 known leak locations in a single intelligence view.
Overview
Warlock is tracked by Breach House as a ransomware group with 78 published victims.
United States is currently the most targeted country in this dataset.
4 known leak locations are currently associated with this group.
Top Countries
Interactive distribution based on the currently visible victims list.
Known Leak Locations (4)
| Label | Type | Availability | Links |
|---|---|---|---|
| Leak location 1 | Onion service | Unknown | elqfbcx5nofwtqfookqml7ltx2g6q6tmddys6e25vgu3al2meim6cbqd.onion |
| Leak location 2 | Onion service | Unknown | ocwjy4ynmpbbzhumh2ama2vl3bc77lf5auqf7nf4k45lbmzoep2rbyid.onion |
| Leak location 3 | Onion service | Unknown | zfytizegsze6uiswodhbaalyy5rawaytv2nzyzdkt3susbewviqqh7yd.onion |
| Leak location 4 | Onion service | Unknown | warlockhga5iw3t54ps5iytlilf7hlvxy7kwrkidspn4qoh64s4vsuyd.onion |
Top Activity Sectors
No sector intelligence available.
Ransom Notes (0)
▼No ransom notes available for this group.
Tools Used
▼No tools used available.
YARA Rules (0)
▼No YARA rules available.
Indicators of Compromise (0)
▼No IoCs available for this group.
Negotiation Chats (0)
▼No negotiation chats available.
Research Sources
No external research sources linked yet.
Victims (78)
Search, filter and paginate the victim timeline for Warlock.
| Type | Target | Discovered | Country | Business Category | Intel Link |
|---|---|---|---|---|---|
| Ransomware | energogroup.net id23640 View details | Russian Federation | Communication / Marketing | — | |
|
No description provided. |
|||||
| Ransomware | goldenline.com id23639 View details | Poland | Communication / Marketing | — | |
|
No description provided. |
|||||
| Ransomware | bengineered.com.au id23638 View details | Australia | Communication / Marketing | — | |
|
No description provided. |
|||||
| Ransomware | mnpease.ca id23637 View details | Canada | Communication / Marketing | — | |
|
No description provided. |
|||||
| Ransomware | metro.local id23636 View details | Communication / Marketing | — | ||
|
No description provided. |
|||||
| Ransomware | cybervector.co.uk id23635 View details | United Kingdom | IT | — | |
|
No description provided. |
|||||
| Ransomware | fabrity.local id23634 View details | Communication / Marketing | — | ||
|
No description provided. |
|||||
| Ransomware | miltech.local id23633 View details | IT | — | ||
|
No description provided. |
|||||
| Ransomware | mytune.me id23632 View details | Communication / Marketing | — | ||
|
No description provided. |
|||||
| Ransomware | atg.cz id23631 View details | Czechia | Communication / Marketing | — | |
|
No description provided. |
|||||
| Ransomware | tein.co.jp id23630 View details | Japan | Communication / Marketing | — | |
|
No description provided. |
|||||
| Ransomware | bel.quadra.ru id23629 View details | Russian Federation | Communication / Marketing | — | |
|
No description provided. |
|||||
| Ransomware | ippm.org id23628 View details | Communication / Marketing | — | ||
|
No description provided. |
|||||
| Ransomware | sf.walltopia.com id23627 View details | United States | Communication / Marketing | — | |
|
No description provided. |
|||||
| Ransomware | nartis.ru id23626 View details | Russian Federation | Communication / Marketing | — | |
|
No description provided. |
|||||
| Ransomware | alphasys.bo id23625 View details | Bolivia, Plurinational State of | Communication / Marketing | — | |
|
No description provided. |
|||||
| Ransomware | silanosn.local id23624 View details | Communication / Marketing | — | ||
|
No description provided. |
|||||
| Ransomware | siball.net id22547 View details | Russian Federation | Other | — | |
|
all data |
|||||
| Ransomware | chroma.com.tw id22425 View details | Taiwan, Province of China | Other | — | |
|
all data |
|||||
| Ransomware | ferus-smit.home id22424 View details | Other | — | ||
|
all data |
|||||
| Ransomware | jubileelife.com id22423 View details | Pakistan | Other | — | |
|
all data |
|||||
| Ransomware | kmssa.net id22422 View details | Saudi Arabia | Other | — | |
|
all data |
|||||
| Ransomware | webville.net id22421 View details | Other | — | ||
|
all data |
|||||
| Ransomware | elssurveying.com id22420 View details | United States | Other | — | |
|
all data |
|||||
| Ransomware | medkar.com id22419 View details | Türkiye | Other | — | |
|
all data |
|||||
| Ransomware | okan.ru id22184 View details | Russian Federation | Finance / Legal / Insurance | — | |
|
finance data |
|||||
| Ransomware | mffood.com id22070 View details | Denmark | Agriculture / Food | — | |
|
300G data |
|||||
| Ransomware | gmpc.com id22069 View details | Communication / Marketing | — | ||
|
No description provided. |
|||||
| Ransomware | airfastindonesia.com id21933 View details | Indonesia | Other | — | |
|
all user data |
|||||
| Ransomware | infoniqa.com id21820 View details | Austria | Finance / Legal / Insurance | — | |
|
165g data, including internal documents, financial documents, employee information, CRM database, HR database, SaaS database |
|||||
| Ransomware | gmtaconline id21804 View details | Philippines | Other | — | |
|
The data has been bought by other buyers (not victims) |
|||||
| Ransomware | woodboure id21803 View details | Other | — | ||
|
The data has been bought by other buyers (not victims) |
|||||
| Ransomware | STRGOME id21802 View details | Other | — | ||
|
The data has been bought by other buyers (not victims) |
|||||
| Ransomware | argeninta id21801 View details | Other | — | ||
|
The data has been bought by other buyers (not victims) |
|||||
| Ransomware | houra id21800 View details | France | Other | — | |
|
The data has been bought by other buyers (not victims) |
|||||
| Ransomware | houxt id21799 View details | United Kingdom | Other | — | |
|
The data has been bought by other buyers (not victims) |
|||||
| Ransomware | getdomain id21798 View details | Denmark | Other | — | |
|
The data has been bought by other buyers (not victims) |
|||||
| Ransomware | kipl id21797 View details | India | Other | — | |
|
The customer has not paid, and there are no other buyers within the validity period, please enjoy your data |
|||||
| Ransomware | nszi id21796 View details | Other | — | ||
|
The customer has not paid, and there are no other buyers within the validity period, please enjoy your data |
|||||
| Ransomware | accsnet.com id21795 View details | Japan | Other | — | |
|
all data |
|||||
| Ransomware | advion.com id21794 View details | United States | Other | — | |
|
all data |
|||||
| Ransomware | mysecop.com id21793 View details | Other | — | ||
|
all data |
|||||
| Ransomware | atcmanufacturing id21792 View details | Manufacturing / Engineering | — | ||
|
all data |
|||||
| Ransomware | orange.com id21791 View details | France | Other | — | |
|
This is only a part of the files and file list. The full set of files needs to be purchased separately. |
|||||
| Ransomware | anthembio.com id21790 View details | United States | Other | — | |
|
all data |
|||||
| Ransomware | syspro.com id21789 View details | United States | Communication / Marketing | — | |
|
all data |
|||||
| Ransomware | brightwork.com id21788 View details | United States | Communication / Marketing | — | |
|
[AI generated] BrightWork.com is a project management software company that provides solutions for teams and organizations to manage and track their projects. It offers templates, reports, role-based dashboards, risk management and work automation tools. BrightWork.com is designed to be integrated with Microsoft SharePoint, thereby bringing clarity, control, and simplicity to project portfolios. |
|||||
| Ransomware | starsalliance.com id21787 View details | Other | — | ||
|
The data has been purchased by other buyers |
|||||
| Ransomware | sipecom.com id21786 View details | Ecuador | Other | — | |
|
all data |
|||||
| Ransomware | wytechnology.local id21785 View details | IT | — | ||
|
The data has been purchased by other buyers |
|||||
| Ransomware | webcids.com id21784 View details | United States | Other | — | |
|
all data |
|||||
| Ransomware | rougine-mfg.com id21783 View details | United States | Other | — | |
|
all data |
|||||
| Ransomware | magcpa.com id21782 View details | United States | Other | — | |
|
all data |
|||||
| Ransomware | wfd2027uae.ae id21781 View details | United Arab Emirates | Other | — | |
|
all data |
|||||
| Ransomware | tagorg.com id21780 View details | Jordan | Other | — | |
|
all data |
|||||
| Ransomware | hitachi-hta.com id21779 View details | Japan | Other | — | |
|
all data |
|||||
| Ransomware | primrose.com id21778 View details | United Kingdom | Communication / Marketing | — | |
|
all data |
|||||
| Ransomware | clearybuilding.us id21777 View details | United States | Construction / Real Estate | — | |
|
all data |
|||||
| Ransomware | colt.net id21776 View details | United Kingdom | Other | — | |
|
1 million documents,The full set of files needs to be purchased separately. |
|||||
| Ransomware | currimjee id20586 View details | Mauritius | Construction / Real Estate | — | |
|
[AI generated] Currimjee Group is a Mauritian company engaged in diversified sectors since 1890. Its sectors include Telecommunications, Media & IT, Energy, Real Estate, Tourism, Food & Beverages, Financial Services, Commerce & Manufacturing, and CSR. Currimjee's mission is to enhance the lives of the Mauritian population by consistently meeting their evolving needs and expectations. |
|||||
| Ransomware | via-optronics id20585 View details | Germany | Manufacturing / Engineering | — | |
|
[AI generated] Via Optronics is a global technology company that specializes in the production of interactive display systems and digital components. The company provides solutions such as enhanced displays, touch sensors, and optical bonding services. They mainly cater to consumer electronics, automotive, and industrial markets. With its headquarters in Germany, Via Optronics operates worldwide serving multiple industries. |
|||||
| Ransomware | iberol id20584 View details | Spain | Other | — | |
|
[AI generated] N/A |
|||||
| Ransomware | eira-group id20583 View details | Finland | Services | ||
|
[AI generated] N/A |
|||||
| Ransomware | KMMP id20582 View details | Japan | Other | — | |
|
[AI generated] N/A |
|||||
| Ransomware | nipponindiaim id20581 View details | India | Finance / Legal / Insurance | — | |
|
[AI generated] Nippon India Mutual Fund (NIMF), previously known as Reliance Mutual Fund, is one of the leading mutual fund companies in India. It is part of Nippon Life India Asset Management Limited, which is in turn a subsidiary of Nippon Life Insurance Company, Japan and Reliance Capital. The company offers a diverse range of investment solutions to individual and institutional investors. |
|||||
| Ransomware | unilever id20580 View details | Netherlands | Communication / Marketing | — | |
|
[AI generated] Unilever is a multinational corporation that sells branded consumer goods. Founded in 1929 and based in London, England and Rotterdam, Netherlands, their products range across food, beverages, cleaning agents, and personal care products. Unilever has products available in over 190 countries, and owns over 400 brands including Dove, Lipton, and Ben & Jerry's. |
|||||
| Ransomware | Ersar id20579 View details | Other | |||
|
[AI generated] N/A |
|||||
| Ransomware | NCVOO id20578 View details | Bermuda | Other | ||
|
[AI generated] N/A |
|||||
| Ransomware | BTHK id20577 View details | Hong Kong | Other | ||
|
All data |
|||||
| Ransomware | lactanet id20576 View details | Canada | Agriculture / Food | — | |
|
[AI generated] Lactanet is an agricultural company that provides critical information and innovative solutions to dairy farmers to optimize the health and productivity of their herds. Formed through a merger of Canadian Dairy Network, Valacta, and CanWest DHI, it uses advanced genetics and dairy management software to improve herd and farm efficiency. |
|||||
| Ransomware | ssi-mi id20575 View details | Japan | Other | — | |
|
[AI generated] N/A |
|||||
| Ransomware | dad id20574 View details | Other | — | ||
|
[AI generated] N/A |
|||||
| Ransomware | astronika id20573 View details | Poland | Manufacturing / Engineering | — | |
|
[AI generated] Astronika is a Polish company that specializes in high-tech engineering solutions, with a particular focus on space technologies. Their main activities include research, design, and development of advanced mechanical systems. They undertake complex projects that require designing custom engineering solutions, such as components for satellites and other space mechanisms. Astronika works closely with scientific institutions and the space industry. |
|||||
| Ransomware | sras id20572 View details | Other | — | ||
|
[AI generated] N/A |
|||||
| Ransomware | icidesi id20571 View details | Türkiye | Other | — | |
|
[AI generated] N/A |
|||||
| Ransomware | taos id20570 View details | United States | IT | — | |
|
[AI generated] Taos is a technology services and consulting firm that specializes in cloud, DevOps, and security solutions. Headquartered in San Jose, CA, they work with clients across various industries, including finance, healthcare, and technology. Their services range from strategic consulting to managing IT infrastructure. Their goal is to help businesses adopt new technologies and practices to improve their operations and deliver better results. |
|||||
| Ransomware | carducci id20569 View details | Services | — | ||
|
[AI generated] Carducci is an esteemed fashion brand hailing from Cape Town, South Africa. Founded in 1978, it specializes in sophisticated menswear, particularly business and casual wear, tailored suits, accessories, and footwear. The brand is renowned for its fine craftsmanship, refined textiles, and keen attention to detail. Carducci is part of the Seardel Group of Companies. |
|||||
| Ransomware | Arch-con id20568 View details | United States | Healthcare / Pharma | — | |
|
[AI generated] Arch-Con Corporation is a commercial construction company based in Houston, Texas. They work across various market sectors such as office, retail, healthcare, hospitality, industrial, and many more. Arch-Con offers construction management services at the risk of the constructor, providing guaranteed maximum prices to establish budget certainty. Their goal is to exceed client expectations using their experience, talents, and resources. |
|||||