TiMc
Ransomware group profile
3Victims
30Impact score
Description
TiMc is a ransomware group that surfaced in April 2026, focusing on financial gain through double extortion tactics. They are known for exfiltrating large amounts of sensitive data and threatening public exposure to coerce victims into paying ransoms.
Key insights
- •Utilizes a double extortion model involving data exfiltration and ransom demands.
- •Targets a diverse range of organizations across multiple countries.
- •Specializes in stealing high-value data such as Personally Identifiable Information and proprietary source code.
- •Compromises critical infrastructure including Domain Controllers and File Servers for extensive data access.
- •Threatens to publish extensive data on leak sites to increase pressure on victims.
Threat Level & Status Breakdown
For TiMc · Based on incidents in selected period
2threat level
Aggressiveness1.5/ 10
Lethality0/ 10
Criticality5/ 10
Status Breakdown
Claimed100.0%3
First seenApr 2026
Last seenApr 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 2, 2026
Recent activity
Monthly attack count for TiMc in the selected period
3Total attacks
3peak in Apr
3avg / month
No intelligence data for this group.
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for TiMc
Other
T1486
T1486
T1490
T1490
T1041
T1041
T1021
T1021
T1071.001
T1071.001
T1080
T1080
T1562
T1562
T1005
T1005
T1048
T1048
T1078
T1078
T1565
T1565
T1030
T1030
Victims(6)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| oncologica | oncologica.com | GB United Kingdom | Healthcare | Claimed | about 2 months ago | |
| Seidor | seidor.com | ES Spain | Technology | Claimed | about 2 months ago | |
| Debene S.A. | Página Principal | debene.com | AR Argentina | Healthcare | Claimed | about 2 months ago | |
| www.oncologica.com/ | — | US United States | Healthcare | Unknown | about 2 months ago | |
| www.seidor.com | — | US United States | Technology | Unknown | about 2 months ago | |
| debene.com/ | — | AR Argentina | — | Unknown | about 2 months ago |
Affected countries(4)
Countries where this group has been reported to target or leak victims.