qilin
CRITICAL86
Victims disclosed (30d)
Technology, Not Found, Manufacturing
Snapshot • Dec 3, 2025
Live Intelligence
Ransomware Tracker
Fresh intelligence sourced from ransomware.live, prioritising Canadian disclosures and extortion campaigns.
Last refresh: Dec 5, 2025
Canadian Threat Pulse
🇨🇦 Live ransomware intelligence feed.
Powered by ransomware.live Pro. We prioritise Ontario, GTA, British Columbia, and Quebec victims to drive rapid outreach across our Canadian client base.
Last refresh
Dec 5, 2025
Live polling active
Ransomware IOC
29
Victims disclosed in the past 30 days
−22% MoMCloud Drift
0
Misconfiguration paths blocked this week
0% WoWIdentity Attacks
0
Credential-stuffing bursts contained
0% WoWplay
CRITICAL79
Victims disclosed (30d)
Not Found, Manufacturing, Agriculture and Food Production
Snapshot • Nov 18, 2025
akira
CRITICAL75
Victims disclosed (30d)
Not Found, Manufacturing, Agriculture and Food Production
Snapshot • Dec 3, 2025
Canadian victims
771
Unique Canadian disclosures preserved in the archive.
Global spotlight
100
Victims tracked worldwide in the rolling archive.
Active crews
25
Top 20 ransomware crews ranked by victim disclosures in this archive.
qilin: 86 logged
Canadian Heat Map
Provinces weighted by confirmed disclosures across the rolling ransomware archive.
Canadian Exposure Map
Hover provinces or markers for detail
Live density
- mactavishco.caAlberta
safepay
Published Dec 5, 2025
- Quality Engineered HomesOntario
akira
Published Dec 3, 2025
- ravand.comNova Scotia
devman
Published Dec 2, 2025
- National Money Mart CompanyOntario
everest
Published Nov 25, 2025
- Kids & CompanyOntario
sinobi
Published Nov 25, 2025
- omegatoolcorp.comOntario
incransom
Published Nov 24, 2025
Regional Spotlight
Ontario, GTA, British Columbia, and Quebec accounts comprise the majority of Canadian disclosures today. We surface the most recent activity in each market.
GTA and Ottawa focus
Ontario
- Quality Engineered HomesakiraDec 3, 2025
- National Money Mart CompanyeverestNov 25, 2025
- Kids & CompanysinobiNov 25, 2025
- omegatoolcorp.comincransomNov 24, 2025
- NovAtel (belongs to Hexagon)qilinNov 24, 2025
- Collge Superieur De MontrealrhysidaNov 24, 2025
Toronto metro
GTA
- baisyaakov.caincransomNov 18, 2025
- dwgra.comincransomOct 26, 2025
- ggw.netsafepaySep 3, 2025
Lower Mainland & Island
British Columbia
- No recent listings in this pull.
Montréal & provincial
Quebec
- No recent listings in this pull.
Most Active Ransomware Crews (90 days)
TAG momentum report
Most active crews observed by TAG over the last quarter with last-seen timestamps.
- TAG
01. incransom
42 victims logged · Last seen Dec 5, 2025
- TAG
02. safepay
27 victims logged · Last seen Dec 5, 2025
- TAG
03. qilin
86 victims logged · Last seen Dec 5, 2025
- TAG
04. dragonforce
10 victims logged · Last seen Dec 5, 2025
- TAG
05. nitrogen
7 victims logged · Last seen Dec 5, 2025
- TAG
06. interlock
7 victims logged · Last seen Dec 5, 2025
- TAG
07. lockbit3
38 victims logged · Last seen Dec 5, 2025
- TAG
08. akira
75 victims logged · Last seen Dec 5, 2025
- TAG
09. rhysida
17 victims logged · Last seen Dec 3, 2025
- TAG
10. everest
8 victims logged · Last seen Dec 2, 2025
- TAG
11. lynx
15 victims logged · Last seen Nov 27, 2025
- TAG
12. play
79 victims logged · Last seen Nov 18, 2025
Global exposure
Country distribution for victims captured within the combined archive.
Global Extortion Surface
Victim geography & supply-chain exposure
Hover bubbles for detail
| Rank | Country/Region | Victims |
|---|---|---|
| 1 | Canada | 400 |
| 2 | United States | 45 |
| 3 | Germany | 7 |
| 4 | Australia | 4 |
| 5 | Switzerland | 3 |
| 6 | Portugal | 2 |
| 7 | Spain | 2 |
| 8 | France | 2 |
| 9 | United Kingdom | 2 |
| 10 | Taiwan | 2 |
| 11 | Italy | 2 |
| 12 | Poland | 1 |
Intelligence headlines
Curated advisories surfaced alongside ransomware activity.
- Open source · cyber.gc.ca ↗CCCS warns of increased ransomware targeting Canadian municipalitiesJan 15, 2025
Canadian Centre for Cyber Security
The Cyber Centre observed coordinated credential-stuffing attempts preceding LockBit compromises in Ontario.
- Open source · ransomware.live ↗Healthcare sector sees spike in extortion incidentsJan 12, 2025
Ransomware.live
Ransomware.live telemetry shows healthcare victim listings rising 18% week-over-week.
Five-Year Canadian Threat Trend
Comparative look at ransomware disclosures versus phishing, smishing, vishing, and business email compromise (BEC) reports across Canada.
Next data feeds
Broaden coverage with phishing, vulnerability, and IoC sources wired into the backend.
Phishing & Malware
Canadian Centre for Cyber Security Advisories
Official bulletins covering critical vulnerabilities, phishing campaigns, and ransomware guidance tailored to Canadian operators.
/api/threats/cyber-centreDocumentation ↗Vulnerability Intelligence
CISA Known Exploited Vulnerabilities (KEV)
Authoritative catalogue of vulnerabilities actively exploited in the wild with remediation deadlines to drive patch prioritisation.
/api/threats/kevDocumentation ↗IoC Feeds
Abuse.ch ThreatFox
Community-driven repository of fresh indicators of compromise spanning malware, C2 infrastructure, and phishing kits.
/api/threats/threatfoxDocumentation ↗Phishing Intelligence
OpenPhish Commercial API
Continuously updated feed of verified phishing URLs suitable for mail and web gateway enforcement.
/api/threats/phishingDocumentation ↗Malware & Botnet Activity
Shadowserver Daily Reports
Global sensor telemetry on malware callbacks, exposed services, and botnet drones to support containment playbooks.
/api/threats/shadowserverDocumentation ↗
Live Ransomware Disclosures
Tracking leagues sourced from ransomware.live and Solutioners telemetry.
| Threat Group | Victim | Date Published |
|---|---|---|
| incransom | bennett.edu | Dec 5, 2025 |
| anubis | Duhabex | Dec 5, 2025 |
| safepay | mmc.de | Dec 5, 2025 |
| safepay | juliuskoch.com | Dec 5, 2025 |
| safepay | untereisesheim.de | Dec 5, 2025 |
| safepay | steuerberater-scheerer.de | Dec 5, 2025 |
| safepay | mactavishco.ca | Dec 5, 2025 |
| safepay | barnet.com.au | Dec 5, 2025 |
| qilin | Beecher Walker Architects | Dec 5, 2025 |
| safepay | wachtmann.eu | Dec 5, 2025 |
| safepay | becksgroup.au | Dec 5, 2025 |
| safepay | hyperdomemedicalcentre.com.au | Dec 5, 2025 |
| dragonforce | King City Lumber | Dec 5, 2025 |
| qilin | Shumate Mechanical | Dec 5, 2025 |
| nitrogen | AvtechTyee | Dec 5, 2025 |
| interlock | Fargo Park District | Dec 5, 2025 |
| dragonforce | 3S Software (Secured Smart Systems Overview Metrics) | Dec 5, 2025 |
| lockbit3 | new blog domain lockbit 5.0 | Dec 5, 2025 |
| nova | National Health Insurance Management Authority | Dec 5, 2025 |
| akira | Consolidated Sterilizer Systems | Dec 5, 2025 |
| akira | Foster & Eldridge | Dec 5, 2025 |
| akira | Rosland Capital | Dec 5, 2025 |
| akira | Advanced Power | Dec 5, 2025 |
| akira | Sieger design | Dec 5, 2025 |
| anubis | Smith Fire Systems | Dec 4, 2025 |
| qilin | Kana Pipeline Inc | Dec 4, 2025 |
| qilin | Medisend | Dec 4, 2025 |
| qilin | Scientology | Dec 4, 2025 |
| qilin | Espaço Casa | Dec 4, 2025 |
| qilin | McManes Law | Dec 4, 2025 |
| qilin | Institutional & Supermarket Equipment | Dec 4, 2025 |
| qilin | Peter Meijer Architect | Dec 4, 2025 |
| qilin | Maset | Dec 4, 2025 |
| qilin | Yellow Cab of Columbus | Dec 4, 2025 |
| nova | Atenção Primária à Saúde Brazil | Dec 4, 2025 |
| akira | The Minor Firm | Dec 4, 2025 |
| akira | ABC Home & Commercial Services | Dec 4, 2025 |
| spacebears | Slimsoft | Dec 4, 2025 |
| qilin | IES Synergy | Dec 3, 2025 |
| sinobi | CCJM | Dec 3, 2025 |