ZeroFox Intelligence Flash Report - DeadLock’s Ransomware Leak Site Lists over 80 Victims
|by Alpha Team
ZeroFox Intelligence Flash Report - DeadLock’s Ransomware Leak
Site Lists over 80 Victims
Product Serial: F-2026-06-26a
TLP:CLEAR
In this Flash Report, ZeroFox researchers report on threat actor DeadLock and the recent posting of 80 likely legacy victims on their leak site.
Standing Intelligence Requirements
For the most up-to-date list of ZeroFox’s Intelligence Requirements, please visit:
https://cloud.zerofox.com/intelligence/advisories/14956
Link to Download
View the full report here
Key Findings
- On June 16, 2026, ZeroFox observed a ransomware leak site titled “DeadLock” that listed roughly 80 victims.
- About 57 percent of the total observed claimed victims are located in the Europe-Russia region, while Asia-Pacific (APAC), North America, South America, and the Middle East and Africa collectively account for the remainder of the listings.
- ZeroFox assesses that the group is very likely primarily focused on extracting ransom amounts from the listed entities rather than establishing its presence in the cybercrime ecosystem.
- ZeroFox assesses that the group’s widespread regional and industry targeting, availability of data download links, and reported campaign techniques indicate a roughly even chance that many listed victims were legitimately impacted.
Tags: tlp:clear, threat actor, MAL Ransomware