Live Intelligence

Ransomware Tracker

Fresh intelligence sourced from ransomware.live, prioritising Canadian disclosures and extortion campaigns.

Last refresh: May 17, 2026

Canadian Threat Pulse

🇨🇦 Live ransomware intelligence feed.

Powered by ransomware.live Pro. We prioritise Ontario, GTA, British Columbia, and Quebec victims to drive rapid outreach across our Canadian client base.

Last refresh

May 17, 2026

Live polling active

Ransomware IOC

Victims disclosed in the past 30 days

0% MoM

Cloud Drift

Misconfiguration paths blocked this week

0% WoW

Identity Attacks

Credential-stuffing bursts contained

0% WoW

play

CRITICAL

Victims disclosed (30d)

Not Found, Manufacturing, Consumer Services

Snapshot • Feb 22, 2026

qilin

CRITICAL

Victims disclosed (30d)

Not Found, Technology, Manufacturing

Snapshot • Feb 9, 2026

akira

CRITICAL

Victims disclosed (30d)

Not Found, Manufacturing, Consumer Services

Snapshot • Feb 20, 2026

Canadian victims

849

Unique Canadian disclosures preserved in the archive.

Global spotlight

100

Victims tracked worldwide in the rolling archive.

Active crews

Top 20 ransomware crews ranked by victim disclosures in this archive.

play: 85 logged

North America Heat Map

Canada, the United States, and Mexico weighted by confirmed disclosures across the rolling ransomware archive.

Live telemetry

Global Extortion Surface

Victim geography & supply-chain exposure

Hover bubbles for detail

thinlinetech.comUnited States
abyss
Published Feb 26, 2026
milespartnership.comUnited States
chaos
Published Feb 26, 2026
Envirogen TechnologiesUnited States
anubis
Published Feb 26, 2026
SilvestresUnited States
thegentlemen
Published Feb 25, 2026
Tricolor HoldingsUnited States
kittykatkrew
Published Feb 25, 2026
Birmingham Museum of ArtUnited States
termite
Published Feb 24, 2026

Regional Spotlight

Ontario, GTA, British Columbia, and Quebec accounts comprise the majority of Canadian disclosures today. We surface the most recent activity in each market.

High-priority outreach

GTA and Ottawa focus

Ontario

McFarlane Agencies
akira
Feb 20, 2026
CCR Solutions
dragonforce
Feb 18, 2026
Ondine Biomedical
incransom
Feb 16, 2026
Charm Diamond Centres
akira
Feb 16, 2026
Ardene Holdings
akira
Feb 13, 2026
Mep Technologies
akira
Feb 12, 2026

Toronto metro

GTA

STRATEGICOBJECTIVES.COM
clop
Feb 7, 2026
Markham Stouffville Hospital
anubis
Dec 16, 2025
baisyaakov.ca
incransom
Nov 18, 2025
dwgra.com
incransom
Oct 26, 2025

Lower Mainland & Island

British Columbia

CCCM.BC.CA
clop
Jan 25, 2026

Montréal & provincial

Quebec

No recent disclosures

Most Active Ransomware Crews (90 days)

TAG momentum report

Most active crews observed by TAG over the last quarter with last-seen timestamps.

01. thegentlemen
19 victims logged · Last seen Feb 25, 2026
TAG
02. incransom
48 victims logged · Last seen Feb 25, 2026
TAG
03. vect
16 victims logged · Last seen Feb 25, 2026
TAG
04. coinbasecartel
10 victims logged · Last seen Feb 24, 2026
TAG
05. dragonforce
15 victims logged · Last seen Feb 24, 2026
TAG
06. cloak
9 victims logged · Last seen Feb 24, 2026
TAG
07. qilin
72 victims logged · Last seen Feb 24, 2026
TAG
08. akira
69 victims logged · Last seen Feb 24, 2026
TAG
09. play
85 victims logged · Last seen Feb 22, 2026
TAG
10. safepay
23 victims logged · Last seen Feb 7, 2026
TAG
11. clop
53 victims logged · Last seen Feb 7, 2026
TAG
12. lynx
19 victims logged · Last seen Feb 3, 2026
TAG

Global exposure

Country distribution for victims captured within the combined archive.

Global Extortion Surface

Victim geography & supply-chain exposure

Hover bubbles for detail

Rank	Country/Region	Victims
1	Canada	400
2	United States	38
3	Italy	4
4	India	3
5	Thailand	3
6	France	3
7	Brazil	3
8	Germany	3
9	United Arab Emirates	2
10	Japan	2
11	Colombia	2
12	Spain	2

Intelligence headlines

Curated advisories surfaced alongside ransomware activity.

News feed not populated yet.

Showing cached news items while the live feed refreshes.

Five-Year Canadian Threat Trend

Comparative look at ransomware disclosures versus phishing, smishing, vishing, and business email compromise (BEC) reports across Canada.

Security Canada roll-up

Next data feeds

Broaden coverage with phishing, vulnerability, and IoC sources wired into the backend.

Phishing & Malware
Canadian Centre for Cyber Security Advisories
Official bulletins covering critical vulnerabilities, phishing campaigns, and ransomware guidance tailored to Canadian operators.
/api/threats/cyber-centreDocumentation ↗
Vulnerability Intelligence
CISA Known Exploited Vulnerabilities (KEV)
Authoritative catalogue of vulnerabilities actively exploited in the wild with remediation deadlines to drive patch prioritisation.
/api/threats/kevDocumentation ↗
IoC Feeds
Abuse.ch ThreatFox
Community-driven repository of fresh indicators of compromise spanning malware, C2 infrastructure, and phishing kits.
/api/threats/threatfoxDocumentation ↗
Phishing Intelligence
OpenPhish Commercial API
Continuously updated feed of verified phishing URLs suitable for mail and web gateway enforcement.
/api/threats/phishingDocumentation ↗
Malware & Botnet Activity
Shadowserver Daily Reports
Global sensor telemetry on malware callbacks, exposed services, and botnet drones to support containment playbooks.
/api/threats/shadowserverDocumentation ↗

Live Ransomware Disclosures

Tracking leagues sourced from ransomware.live and Solutioners telemetry.

Threat Group	Victim	Date Published
abyss	thinlinetech.com	Feb 26, 2026
chaos	milespartnership.com	Feb 26, 2026
anubis	Envirogen Technologies	Feb 26, 2026
tengu	Al Arif Contracting Co. (L.L.C)	Feb 25, 2026
tengu	martec.it	Feb 25, 2026
everest	111	Feb 25, 2026
thegentlemen	OCEANIST ENGINEERING	Feb 25, 2026
thegentlemen	Advanced Connection Corporation	Feb 25, 2026
thegentlemen	REDACTED	Feb 25, 2026
thegentlemen	SATO	Feb 25, 2026
thegentlemen	Nathalin Group	Feb 25, 2026
thegentlemen	Silvestres	Feb 25, 2026
thegentlemen	Boutique Harley-Davidson	Feb 25, 2026
handala	Clalit: Israel’s Largest Healthcare Organization Falls to Cyber Resistance	Feb 25, 2026
incransom	APRO Asian Protection Pte Ltd	Feb 25, 2026
incransom	WE Fitness	Feb 25, 2026
killsec	primaria ungheni	Feb 25, 2026
kittykatkrew	Tricolor Holdings	Feb 25, 2026
vect	Del Rey	Feb 25, 2026
vect	Sus Insumos S.A.S	Feb 25, 2026
termite	Birmingham Museum of Art	Feb 24, 2026
coinbasecartel	Symeta	Feb 24, 2026
coinbasecartel	Triumph Group	Feb 24, 2026
atomsilo	A large bank in Asia	Feb 24, 2026
termite	The Siskiyou Telephone	Feb 24, 2026
coinbasecartel	Westwing Home & Living	Feb 24, 2026
termite	Jones Haber	Feb 24, 2026
everest	Boltech	Feb 24, 2026
thegentlemen	Wachendorff	Feb 24, 2026
thegentlemen	Global Trust Advisors	Feb 24, 2026
thegentlemen	Dos	Feb 24, 2026
thegentlemen	El IBR	Feb 24, 2026
thegentlemen	Industrias Iberia	Feb 24, 2026
thegentlemen	Smartbytes	Feb 24, 2026
thegentlemen	OKJ Group	Feb 24, 2026
thegentlemen	MUST Informatique	Feb 24, 2026
dragonforce	Middlesex Transporters	Feb 24, 2026
thegentlemen	Ruamjai	Feb 24, 2026
dragonforce	Hudson Awning	Feb 24, 2026
coinbasecartel	Dalet	Feb 24, 2026

🇨🇦 Live ransomware intelligence feed.

play

qilin

akira

North America Heat Map

Ontario

GTA

British Columbia

Quebec

Most Active Ransomware Crews (90 days)

TAG momentum report

Global exposure

Intelligence headlines

Five-Year Canadian Threat Trend

Next data feeds

Canadian Centre for Cyber Security Advisories

CISA Known Exploited Vulnerabilities (KEV)

Abuse.ch ThreatFox

OpenPhish Commercial API

Shadowserver Daily Reports

Live Ransomware Disclosures