Data leak websites for ransomware groups increase when six new groups appear

The cybersecurity landscape has a significant increase in ransomware activities with six new data leak websites (DLS), which were associated with emerging ransomware groups in early 2025.

According to Cyjax, these groups include octopuses, Morpheus, GD Liebesec, Babuk2, Linkc and the newly thawed Anubis.

The latter acts as a demanding ransomware-as-a-service company (RAAS) and offers partner tools for data pressing and monetizing the non-authorized access.

Anubis is characterized by its professional infrastructure and operating strategy in professional quality.

The DLS is currently listing four victims in the USA, Peru and Australia.

In particular, a victim, First Defense Fire Protection (FDFP), has publicly confirmed a data injury.

The group uses its DLS to gradually publish stolen data and use this tactic to put the victims under pressure to pay ransom.

Anubis: A new player with advanced functions

Anubi's operations reflect a calculated approach for the targeting of organizations in regions such as the USA, Europe, Canada and Australia and at the same time avoid units in ex-SSUSR and BRICS nations.

The group expressly excludes sectors such as education, government and non -profit organizations from their attacks.

Its DLS contains detailed analyzes of leaked data, including sensitive personal information (“Fullz”), internal documents and financial details.

The presence of the group extends via their DLS via cybercriminal forums and social media platforms such as X (formerly Twitter), where it spends its activities and deals with connected companies.

Anubis also introduced an affiliate program with ransomware binary files with advanced functions such as cross-platform functions, anti-defense mechanisms and announcements for escalation.

Affiliates can work with the group under sales participation models that are between 50 and 50 for the initial access monentization up to 80-20 for ransomware processes.

Espalate threats in 2025

The creation of these six new ransomware groups underlines the growing sophistication of cybercrimal networks.

In 2024 alone, Cyjax followed 72 blackmail -related DLS, a number that continues to increase in 2025.

These platforms are of central importance for modern ransomware operations and enable threat actors to publish stolen data and to escalate the pressure on the victims through staged disclosures.

Anubis' DLS is particularly remarkable for its seamless functionality and its strategic design.

It contains sections such as “News”, “FAQ”, “About” and “Rules” that offer insights into their operations and methods for victims or connected companies to deal with the group.

In contrast to many other blackmail groups, Anubis does not put on countdowns for data release, but is based on detailed leaks to strengthen its effects.

The group's activities underline the persistent threat from RAAS models, which enable even less qualified attackers to carry out demanding campaigns.

With a confirmed violation and three other victims who have not yet reacted publicly, Anubis will remain active in the coming months, since it expands its business and partnerships within the cyber criminal ecosystem.

While ransomware groups develop their tactics and infrastructure, organizations against these threats must remain vigilant by strengthening their cyber security defense and the reaction ability of the incidents.

Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free