Ransomware Intelligence

ms13089

Ransomware group profile

7Victims
25Impact score

Description

ms13089 is a ransomware group that emerged in December 2025, primarily focused on financial gain through data encryption and exfiltration. They utilize a double extortion model, threatening to publish sensitive stolen data if ransom demands are not met. There is limited information regarding their origin or tools used beyond their ransomware payload.

Key insights

  • Uses a double extortion model for ransomware attacks.
  • Threatens to publish stolen data on a Tor-based leak site if ransom is not paid.
  • Targets a wide variety of sectors, including finance and healthcare.
  • No specific initial access methods or proprietary malware publicly detailed.
  • Employs direct extortion tactics to pressure organizations into compliance.

Industries

EducationEnergy & UtilitiesFinancial ServicesHealthcareHospitalityManufacturingOtherProfessional ServicesRetail & E-CommerceTechnologyTransportation

Threat Level & Status Breakdown

For ms13089 · Based on incidents in selected period

2threat level
Aggressiveness1.8/ 10
Lethality0/ 10
Criticality4.8/ 10

Status Breakdown

Claimed100.0%7
First seenDec 2025
Last seenMay 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJun 2, 2026

Recent activity

Monthly attack count for ms13089 in the selected period

7Total attacks
4peak in Dec
2.3avg / month
↓ 2 vs first month
DecJanMay01234

No intelligence data for this group.

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for ms13089

Other

T1486

T1486

T1490

T1490

T1021

T1021

T1562

T1562

T1080

T1080

T1078

T1078

T1547

T1547

T1059

T1059

T1021.001

T1021.001

T1041

T1041

T1203

T1203

Victims(7)

CompanyDomainCountryIndustryStatusDiscovered
brittanyresidential.combrittanyresidential.comFR FranceRetail & E-Commerce
Claimed
29 days ago
brittanyresidential.com (USA, Ohio)
Claimed
29 days ago
sjl-legal.comsjl-legal.comLU LuxembourgProfessional Services
Claimed
5 months ago
dgpcommercialisti.itdgpcommercialisti.itIT ItalyProfessional Services
Claimed
6 months ago
uro.comuro.comDE GermanyHealthcare
Claimed
6 months ago
dgpcommercialisti.it (Italy, Reggio Emilia)IT ItalyOther
Claimed
about 2 months ago
uro.com (USA, Virginia)US United StatesHealthcare
Claimed
about 2 months ago

Affected countries(6)

Countries where this group has been reported to target or leak victims.

🇩🇪Germany🇫🇷France🇬🇧United Kingdom🇮🇹Italy🇱🇺Luxembourg🇺🇸United States