Arsenal Exploits TTP Matrix KillChain Mapa Actores SSLBL RansomLook Ransomwhere Alertas CyberNews

exitium

5 incidentes 3 paises 4 sectores ransomware Ultimo: 2026-06-25

Exitium is a data extortion group that emerged in early March 2026, known for operating a Tor-based leak site and primarily focusing on bulk data exfiltration followed by public naming-and-shaming, rather than relying heavily on file encryption. This group is characterized by its "data-centric" approach, acting as a data broker where encryption is often a secondary or even absent component of their extortion tactics, as evidenced by only one of their initial five publicly claimed victims experiencing full encryption. The group's motivation is purely financial, and there is no public attribution to any specific origin country or known nation-state. They distinguish themselves by prioritizing the theft and exposure of sensitive data over the more traditional ransomware model of encrypting systems first.

RansomLook pivots

Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.

Abrir perfil →

Data

Recent Browse Trending Stats

Intel

Group URLs Crypto Leaks Notes Analyses Torrents

Info

API Glossary About

Victimas

TTPs unicas

Info robada historica

400 GB

Rescates reclamados

N/D

Pagos detectados

N/D

TTPs observadas

T1566 Phishing

Paises afectados

United States (3)

Taiwan (1)

Brazil (1)

Paises objetivo (SOCRadar)

Brazil

Canada

Germany

Spain

France

India

Italy

Panama

Singapore

Thailand

Sectores atacados

Healthcare (1) Energy (1) Agriculture and Food Production (1) Public Sector (1)

Sectores objetivo (SOCRadar)

Agriculture&ForestryEnergy & Utilities ConstructionManufacturingHealthCare & Social AssistancePublic AdministrationFood ManufacturingElectrical&Electronical ManufacturingElectrical Equipment, Appliance, and Component ManufacturingOffices of Physicians