Cyber Security News

Ransomware Group Data-Leak Sites Increasing as Six New Groups Emerge

The cybersecurity landscape has witnessed a significant uptick in ransomware activity, with six new data-leak sites (DLSs) linked to emerging ransomware groups identified in early 2025.

According to Cyjax, these groups include Kraken, Morpheus, GD LockerSec, Babuk2, Linkc, and the newly surfaced Anubis.

The latter operates as a sophisticated Ransomware-as-a-Service (RaaS) entity, offering affiliates tools for data extortion and monetization of unauthorized access.

Anubis stands out for its professional-grade infrastructure and operational strategy.

Its DLS currently lists four victims across the United States, Peru, and Australia.

Notably, one victim, First Defense Fire Protection (FDFP), has publicly confirmed a data breach.

The group uses its DLS to publish stolen data progressively, leveraging this tactic to pressure victims into paying ransoms.

RansomwareRansomware
Anubis’ DLS landing page.

Anubis: A New Player with Advanced Capabilities

Anubis’ operations reflect a calculated approach to targeting organizations in regions such as the US, Europe, Canada, and Australia while avoiding entities in ex-USSR and BRICS nations.

The group explicitly excludes sectors like education, government, and non-profits from its attacks.

Its DLS provides detailed analyses of leaked data, including sensitive personal information (“fullz”), internal documents, and financial details.

The group’s presence extends beyond its DLS to cybercriminal forums and social media platforms like X (formerly Twitter), where it advertises its activities and engages with affiliates.

Cybercriminal forum post containing Anubis’ victimology

Anubis has also introduced an affiliate program featuring ransomware binaries with advanced capabilities such as cross-platform functionality, anti-defense mechanisms, and privilege escalation.

Affiliates can partner with the group under revenue-sharing models that range from 50-50 for initial access monetization to 80-20 for ransomware operations.

Escalating Threats in 2025

The emergence of these six new ransomware groups highlights the growing sophistication of cybercriminal networks.

In 2024 alone, Cyjax tracked 72 extortion-related DLSs, a number that continues to rise in 2025.

These platforms are central to modern ransomware operations, enabling threat actors to publicize stolen data and escalate pressure on victims through staged disclosures.

Anubis’ DLS is particularly notable for its seamless functionality and strategic design.

It features sections like “News,” “FAQ,” “About,” and “Rules,” offering insights into its operations and methods for victims or affiliates to engage with the group.

Unlike many other extortion groups, Anubis does not impose countdowns for data release but instead relies on detailed leaks to amplify its impact.

The group’s activities underscore the persistent threat posed by RaaS models that empower even less-skilled attackers to execute sophisticated campaigns.

With one confirmed breach and three additional victims yet to respond publicly, Anubis is likely to remain active in the coming months as it expands its operations and partnerships within the cybercriminal ecosystem.

As ransomware groups continue to evolve their tactics and infrastructure, organizations must remain vigilant against these threats by strengthening their cybersecurity defenses and incident response capabilities.

Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free

Aman Mishra

Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Recent Posts

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…

1 day ago

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code execution…

1 day ago

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…

1 day ago

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…

1 day ago

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…

1 day ago

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…

1 day ago