insomnia
Ransomware group profile
Description
Insomnia is a cybercriminal group that began operations in October 2025, focusing on data theft and extortion without encrypting systems. It primarily targets small to mid-sized organizations, particularly in the healthcare sector, using stolen credentials and legitimate tools to evade detection.
Key insights
- •Insomnia uses stolen credentials and exploits authentication bypass vulnerabilities for initial access.
- •The group targets primarily healthcare organizations, threatening public exposure of sensitive data at risk of leakage.
- •Insomnia maintains a low profile during lateral movements by using legitimate administrative tools.
- •The operational model avoids ransomware, instead relying on the threat of data leaks for financial gain.
- •They often steal sensitive records like patient files and tax documents but do not engage in data encryption.
- •Insomnia's tactics focus on speed and low visibility, complicating traditional detection methods.
Threat Level & Status Breakdown
For insomnia · Based on incidents in selected period
Status Breakdown
Recent activity
Monthly attack count for insomnia in the selected period
Intelligence
IOCs, YARA/Sigma rules, and related families for insomnia
- 92023d65623cca545802f483cfeabe8ce9f0c3520e0de2edd6eb38460069f25d
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for insomnia
T1078
T1078
T1080
T1080
T1021
T1021
T1021.001
T1021.001
T1562
T1562
T1046
T1046
T1071
T1071
T1210
T1210
T1567
T1567
T1486
T1486
Victims(37)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| ************* | — | — | — | Claimed | about 8 hours ago | |
| ************* | ********.com | US United States | — | Claimed | about 11 hours ago | |
| Mid-Cumberland Human Resource Agency | mchra.com | US United States | Professional Services | Claimed | 16 days ago | |
| The Vant Group | thevantgroup.com | US United States | Professional Services | Claimed | 14 days ago | |
| Nephrology Associates | — | US United States | Healthcare | Claimed | about 2 months ago | |
| METO Systems | metosystems.com | US United States | Manufacturing | Claimed | 2 months ago | |
| United Medical Doctors | unitedmd.com | US United States | Healthcare | Claimed | 3 months ago | |
| Noble Inc. | nobleoilfieldservices.com | US United States | Energy & Utilities | Claimed | 3 months ago | |
| *****d **d**** ****o** | ***.com | US United States | Healthcare | Claimed | 3 months ago | |
| Atlas Ocean Voyages | atlasoceanvoyages.com | US United States | Hospitality | Claimed | 3 months ago | |
| **l** ****** ****** C*** | ****.com | US United States | Healthcare | Claimed | 3 months ago | |
| Valley Family Health Care | vfhc.org | US United States | Healthcare | Claimed | 3 months ago | |
| Belmont Plastic Surgery | belmontplasticsurgeryva.com | US United States | Healthcare | Claimed | 4 months ago | |
| Zaner Group | zaner.com | US United States | Financial Services | Claimed | 4 months ago | |
| Thrash Commercial Contractors | thrashco.com | US United States | Other | Claimed | 4 months ago | |
| Chiarottino | chiarottino.com.br | BR Brazil | Professional Services | Claimed | 5 months ago | |
| Enviro-Hub Holdings | enviro-hub.com | SG Singapore | Manufacturing | Claimed | 5 months ago | |
| Application Solution Providers | aspdd.com | US United States | Technology | Claimed | 4 months ago | |
| AdMark Asia Group | admarkasiagroup.com | US United States | Professional Services | Claimed | 4 months ago | |
| Aviam Corporate Housing | aviam.com | US United States | Hospitality | Claimed | 4 months ago |
Page 1 of 2
Affected countries(10)
Countries where this group has been reported to target or leak victims.