Ransomware Intelligence

linkc

Ransomware group profile

6Victims
45Impact score

Description

Linkc is a newly recognized ransomware group that surfaced in February 2025, primarily using a double extortion approach by encrypting victim systems and exfiltrating sensitive data. Its notable attack on H2O.ai highlighted its capability to steal critical data, including GPT model source code. Linkc operates a minimalist data leak site, emphasizing immediate impact by showcasing stolen data and listing its victims.

Key insights

  • Operates a double extortion model, encrypting and exfiltrating data.
  • Initially gained attention through a significant attack on H2O.ai.
  • Utilizes an onion-based data leak site to publish stolen data.
  • Ransom demands can reach up to $15 million.
  • Targets a variety of sectors including technology and finance.
  • Showcases victims and proof of data theft on its leak site.

Industries

EducationFinancial ServicesGovernment & DefenseHealthcareManufacturingRetail & E-CommerceTechnology

Threat Level & Status Breakdown

For linkc · Based on incidents in selected period

1.1threat level
Aggressiveness1.5/ 10
Lethality0.8/ 10
Criticality0.8/ 10

Status Breakdown

Data Leaked16.7%1
Claimed83.3%5
First seenFeb 2026
Last seenApr 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJun 6, 2026

Recent activity

Monthly attack count for linkc in the selected period

6Total attacks
3peak in Apr
2avg / month
↑ 2 vs first month
FebMarApr00.751.52.253

Intelligence

IOCs, YARA/Sigma rules, and related families for linkc

  1. 0e763d1e4b3d54fb8bacdac6aed2c829084bab22baf94364eb4037c7ed8749b7
  2. e52a6b8ce269e1b7e5b867cff03b89b00f053796386829222777196875655fbd
  3. 0cfcf8c717dd81329c0cd9f4e97b92c9d8e7625f0a7ae57a1f2bbf36ee7af2b5
  4. ddf43bb27ddcc7fdd51c87932adc1a6eb439d732eeb7f59a0dc37cea72e50d48
  5. dd71e236f7177d0cde094be4154a267b42f8349afb1295adf48e0340ce85f384
  6. 31dbbe239abed435e3635308a0c1d14816daf76f121f846efdf3de8f27d05ca6
  7. c29ea05ca3a11e1e0ffd59b0f2f5a64c51b072b5e4cb348956f62b1a919fdd5f
  8. 78f0880c58cd4d00d7a33edd12ca9f4d39f9c460ae090629f5a1baf46abafdfb
  9. c482942640ca0fd3bf9875a9e3d89aea95b9d162f3b747d5a625bb89f4e7fb94
  10. fc5c5c99e17bb086c8b6ca9c23bbc2510758ee3f96ee39261c9ad5ff6ce83787
  11. 74624d9dfb5188376d13a93b7bb76321666c1371ec6d1fa7c2eff5284ad658d7
  12. cb25b97600eb1fb741049d1959f6656420c5338c64363beb585f7d83862a7a97
  13. 5bfafd2f7b59fcb7bbf8827cd24061a450da4db6339d94ec51b3d8f3e55057cd
  14. e377d3a8fe0833c0538fda763b9d89d00ac1b723057ad264aea56eb56e3d0dc9
  15. 8c098b6e18f901fb9f1d0a7aecc056c341a2cac7f358c2ad62c314f8e9b52750
  16. 768b34ba5b6d83b5f837e945c8310bab454d5b9a299c011f4c81a4d78267c62f
  17. 22e652557481b90518054a3d1877245a30048578d6b05a34bf5988c33dcacafc
  18. eb82b18770627d2161145844b9a89a7f5f42c5f42fc25f1d22b5d8c87844a0e6
  19. 0842a5650e34f59e565367e55178cf84301c9670d746c2fed70255eba0cdf77f
  20. f5c21f94527f0ca09abac952bbd71f8eb84fa845d3622343ca4b6e007bffcdfc
  21. 971e52b0d2c85757b2ab34141667d8794c2811cfed971d16241ecb33f60c3dba
  22. 18cca1b2fb73aab59c6d280c6226aa29082706f2ee8fe26bd9327a30197e0d44
  23. c6e23ace4229bf2122950f0a6dfbf739fac3d991f731b738e43b91634ce5c47f
  24. abc0064210d2fd9b3d2bcd93eb84413ebbe627e12cccd2cc97729fa8521983e2
  25. e000a185be1a4c0d10ffb97e67a7cbbd773d3caac4cdf88148d320e0f4c49fe2
  26. 17223bcdb2350a55b8a0622db66ed878c765304478ac6cdb4e325792dc23fc01
  27. cff259b48013645c87275ae59fdea0085585c84edc1d0ef771181d2fb1bdebea
  28. 92623dc9229ff54afadebd92e7391818624edd42c769595ef3e8631c80371c39
  29. da207db111111bd0c937fb784c29a81d5306a251adef5d1db094bdf01653835b
  30. dff486df8523787d170d75081cf5feeda5468cbde44b3a74b34f6cfc2bd1afef
  31. 9d36051959089a2735affb1e88388285f6e6d709a4646de092e2b356ebdacf6a
  32. e84862d15c5af1cbd077d9e102ece39089de0b074536b7ad6a51791c709e17f7
  33. 8aecd82f1657ec863032e6b326d0c91a7599200a0ef9ba4bfe88a9da5256de8c
  34. c060719a3c3396dd56bf96418110513abd36346e6ccb0c53b441b002178d909a
  35. 50ffe8bb33bb031cbb8dfde9e58e97e1464e99b87ee3ef73baef19c3c770b734
  36. a8c770f72be83b598d58c430e4ab5490298f0a79
  37. 9024874d28bb97920f3ec5edad7e5e3f1fb9184fb38176abfa167fa7a2cb42f9
  38. 7642c6fe86cd9289576abd09793f3a5fd5eb3ccfa58a4eadc6e65779a2a8148d
  39. b085cc049a738294b0dc180b9e3f2d86c8292d00acd07c906db5eb5e96577551
  40. 57b03814df4fe7a7030687c1a7b594694ea32b317374e865c4eaa764b04ccbed
  41. 6ed8daa63d60be66200e0b78b7432d31c41bb6a850bc027ec86375b75cc06d53
  42. 9efb1d0e9598bef6543c32ffe4ce82868b2c296990f11c45f6aa30fdb38ab45e
  43. e29a3db17025e34336b10d36e5dd59ff5d1ac07ada8df0cddba0d3f3db689f65
  44. 769e4651c0509c7055eb77949afefbdf8bcd4732c9df482a13d5cfba977be8b4
  45. e6c000b065675e7a39fc024de040ee0980d99f6fca3f535602e6eeef31189604
  46. 6f9c5e9e058d88f7dd768e5a3aa53fcab23bcbd29bd960ea57059e81613c230d
  47. 51ca28eccee077873e85b48b0d1464a23f747cd2293be4a29c5817f9fe5183ca
  48. 9d4076c2967a17d46c62ac05a75b2d365a2e55d73f04496d908feea931b589f9
  49. 196c7d7f562c48eee37df1d58c8a73d57554e0b61d1ebe16aa9a08cbbe39b7fc
  50. bd3e70f438b754412e84f8ccbb5ed46178809300af6808c03bc03ed7ffa654f1
  51. f50f1d53fd9543d6631eea4121fc3b6551cc2c4e212256d9314c974d6fa3621d
  52. d64e9fa0413e7c5c528a80b5f1c6e59959c69637a16d44f5fc9e359c7400c8c2
  53. d4837832f9980728419379717643ead06052538effa3e581d5114671ff65fc4f
  54. 0742732897c751326aac7d74488b1727
  55. ca51ced33b27e131a1c8cf55138dbbf6254d007a406e9f0e22d0b754e46fb37d
  56. a0a834c4b62ffa6546de44486074da5a5fe548eedce2a396730e1eafa9497f41
  57. 4b25e03ff9a76fe9f6598496d0ddb075b6c6325831c8c9cce3181490226ec16d
  58. 8ba29f62981499b25cce4bdff3abc4eeccdd9fff71eabc8748e906afa5a2e871
  59. c2d11815102aba9e3ba9f11d69d69827b5926631b7d6285acfd386fa11271d43
  60. 2e5aac76bc53980d874aa543f85c131f740a11400d59f7538f4c60d46180509e
  61. 2702c3f39205f8e028982af538ad76b88a86c6d090d437db5cfd0b58fc61ff44
View full IOC feed64 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for linkc

Other

T1486

T1486

T1490

T1490

T1021

T1021

T1562

T1562

T1080

T1080

T1078

T1078

T1547

T1547

T1059

T1059

T1021.001

T1021.001

T1041

T1041

Victims(6)

CompanyDomainCountryIndustryStatusDiscovered
Sajet ProductsUS United StatesGovernment & Defense
Claimed
about 2 months ago
StrongLinkUS United StatesTechnology
Claimed
about 2 months ago
Network Technology Services of New JerseyUS United StatesTechnology
Claimed
about 2 months ago
Sajet Products [SAMPLE PUBLUSHED]Government & Defense
Claimed
3 months ago
StrongLink [SAMPLE PUBLISHED]
Claimed
3 months ago
Sajet Products (Senior Aerospace)Manufacturing
Data Leaked
4 months ago

Affected countries(3)

Countries where this group has been reported to target or leak victims.

🇬🇧United Kingdom🇲🇽Mexico🇺🇸United States