payoutsking
Ransomware group profile
105Victims
UnknownSource country
72Impact score
Also Known As
PK Crew
Payout$King
Payouts_KING
payoutsking
PayoutsMafia
Description
PayoutsKING is a newly-identified ransomware group that surfaced in July 2025, primarily targeting hospitals, manufacturers, and educational institutions. The group's operations appear to follow a ransomware-as-a-service model, rapidly listing victims on data leak sites and employing aggressive financial extortion tactics.
Key insights
- •Targets diverse sectors, including healthcare, manufacturing, and education.
- •Utilizes remote desktop protocol (RDP) access, phishing templates, and cracked panel kits for initial access.
- •Employs various malware families like Azorult and RedLine for data theft and credential harvesting.
- •Adopts a victim-centric approach, quickly disclosing compromised data on leak sites.
- •Active in both North America and Europe, with a broad geographic reach.
- •Indicates a strong financial motivation, evident in aggressive ransom demands.
Threat Level & Status Breakdown
For payoutsking · Based on incidents in selected period
2.2threat level
Aggressiveness6/ 10
Lethality0/ 10
Criticality0.3/ 10
Status Breakdown
Claimed41.0%43
First seenJun 2025
Last seenMay 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 2, 2026
Recent activity
Monthly attack count for payoutsking in the selected period
105Total attacks
43peak in Apr
9.5avg / month
Intelligence
IOCs, YARA/Sigma rules, and related families for payoutsking
- 78d75669390e4177597faf9271ce3ad3a16a3652e145913dbfa9a5951972fcb0
- 6f55743091410dad6cdb0b7e474f03e7
- 8c8e75dc4b4e1f201b56133a00fa9d1d711ccb50
- 3a33b5bceb1eba4cc749534b03dd245f965d8f200aa02392baad78f5021a20ff
- b752ebfc1004f2c717609145e28243f3
- d520d06d78afcad2e03842cb8db4622d18b92739e89dfb8dadf5743f30dcd903
- e75e5778e71e062ce4a7af673f0b2513854d2367fee0f01a26c0c998863bdf6e
- eae09889399fe4fb8e78b114dba0527de913d12fb1802944a88ed136e3e90577
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for payoutsking
Other
T1486
T1486
T1490
T1490
T1078
T1078
T1021
T1021
T1562
T1562
T1059
T1059
T1547
T1547
T1021.001
T1021.001
T1005
T1005
T1041
T1041
T1080
T1080
Victims(105)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| T****C | — | — | — | Unknown | 6 days ago | |
| Caunton Engineering | caunton.co.uk | GB United Kingdom | Manufacturing | Claimed | about 1 month ago | |
| V. FRAAS | vfraas.com | DE Germany | Manufacturing | Claimed | about 1 month ago | |
| Bespoke Home Interior Design Group | bhid.co.uk | GB United Kingdom | Manufacturing | Claimed | about 1 month ago | |
| Vortex Companies | vortexcompanies.com | US United States | Other | Claimed | about 1 month ago | |
| Telia Norge AS | telia.no | NO Norway | Technology | Claimed | about 1 month ago | |
| Prater Engineering Associates | praterengineering.com | US United States | Professional Services | Claimed | about 1 month ago | |
| ESENTIA Energy Systems | esentiaenergy.com | MX Mexico | Energy & Utilities | Claimed | about 1 month ago | |
| Del Monte Foods | delmontefoods.com | US United States | Manufacturing | Claimed | about 1 month ago | |
| I****G | im****.com | US United States | Transportation | Unknown | about 1 month ago | |
| O****C | o****.com | US United States | Technology | Unknown | about 1 month ago | |
| UFP Technologies | ufpt.com | US United States | Manufacturing | Claimed | about 1 month ago | |
| G****s | g****.com | US United States | Manufacturing | Unknown | about 1 month ago | |
| E****b | e****.com | US United States | Technology | Unknown | about 1 month ago | |
| Aero-Coating | aero-coating.de | DE Germany | Manufacturing | Claimed | about 1 month ago | |
| Peachtree Group | peachtreegroup.com | US United States | Hospitality | Claimed | about 1 month ago | |
| Ash & Lacy Holdings | ashandlacy.com | GB United Kingdom | Manufacturing | Claimed | about 1 month ago | |
| Maderas del Alto Urgel | mausa.es | ES Spain | Manufacturing | Claimed | about 1 month ago | |
| Eyemart Express | eyemartexpress.com | US United States | Retail & E-Commerce | Claimed | about 1 month ago | |
| Sofinter S.p.a | sofinter.it | IT Italy | Energy & Utilities | Claimed | about 1 month ago |
Page 1 of 6
Affected countries(42)
Countries where this group has been reported to target or leak victims.
🇦🇺Australia🇧🇪Belgium🇧🇬Bulgaria🇧🇷Brazil🇨🇦Canada🇨🇭SwitzerlandCôte d'Ivoire🇨🇱Chile🇨🇳China🇨🇾Cyprus🇨🇿Czech Republic🇩🇪Germany🇩🇰Denmark🇪🇬Egypt🇪🇸Spain🇫🇮Finland🇫🇷France🇬🇧United Kingdom🇮🇩Indonesia🇮🇪Ireland🇮🇱Israel🇮🇳IndiaIran, Islamic Republic of🇮🇹Italy🇯🇴Jordan🇲🇽Mexico🇳🇱Netherlands🇳🇴Norway🇴🇲Oman🇵🇱Poland🇵🇹Portugal🇷🇸SerbiaRussian Federation🇸🇦Saudi Arabia🇸🇪Sweden🇸🇬Singapore🇸🇮Slovenia🇸🇰Slovakia🇹🇷TurkeyTaiwan, Province of China🇺🇸United States🇿🇦South Africa