Quick Summary
Executive Summary
ESMS Global Limited, a business services company located in the United Kingdom, was listed on the Anubis ransomware group’s dark web portal on June 29, 2026. This discovery was made through SOCRadar’s Dark Web Monitoring. As an organization providing business services, ESMS Global handles data and access for clients, making it a potential target for extortion groups. The Anubis group has been observed to target similar entities, particularly in the business services and healthcare sectors, with recent activity focused in the United States, the United Kingdom, and France.
Technical Analysis
SOCRadar’s analysis of stealer-log telemetry for the domain esmsglobal.com yielded no direct hits in the examined sample. However, this negative result does not definitively rule out compromised credentials. It is possible that credentials exist in other, unquerged log portions, are associated with regional or alternative domain names, or were harvested via personal email aliases not linked to the corporate domain. The absence of direct evidence means that initial access through infostealer-harvested credentials remains a possibility for the Anubis group. Such credentials are a common entry vector for ransomware operations, allowing threat actors to gain access to victim networks through services like Microsoft 365 or VPNs. Therefore, continued monitoring and proactive credential hygiene are recommended.