Live Latest activity →
LA

lamashtu

Known ransomware group ACTIVE
Currently active

Lamashtu is an extortion group that first appeared in April 2026, claiming attacks against organizations in France, Romania, and Thailand across energy, pharmaceutical, and film sectors; it has not yet been confirmed as operating actual file-encrypting ransomware rather than pure data-theft extortion.

6

Total Claims

1

Critical

Records Claimed

6

Industries Hit

Active span: Apr 14, 2026 – May 18, 2026 · 6 organizations targeted

Currently active
Activity 5.3 Severity 3.8 Sectors 6.5 Tooling 0.0

Actor Threat Profile

Activity Timeline

Peak: Apr 2026 (3)
Apr 2026
LessMore
May 2026

Share this profile

Shareable intel card for lamashtu

Top Targeted Industries

Transportation/Logistics 1
Healthcare 1
Hospitality and Tourism 1
Consumer Services 1
Manufacturing 1
Business Services 1

Tradecraft & Infrastructure

0

Documented tools

0 / 0

MITRE tactics / techniques

2

Known leak sites

Full intelligence profile on ransomware.live →

Targeted Organizations

MSC GroupDepósito Dental UniversitarioWOHAApple Film GroupLACROIXGRUPO RONDA

Claims by lamashtu

Low

Ransomware Claim: MSC Group

MSC Group
lamashtu
Ransomware Transportation/Logistics
May 18, 2026
Critical

Ransomware Claim: Depósito Dental Universitario

Depósito Dental Universitario
lamashtu
Ransomware Healthcare
May 12, 2026
Low

Ransomware Claim: WOHA

WOHA
lamashtu
Ransomware Hospitality and Tourism
May 6, 2026
Low

Ransomware Claim: Apple Film Group

Apple Film Group
lamashtu
Ransomware Consumer Services
Apr 26, 2026
Low

Ransomware Claim: LACROIX

LACROIX
lamashtu
Ransomware Manufacturing
Apr 15, 2026
Low

Ransomware Claim: GRUPO RONDA

GRUPO RONDA
lamashtu
Ransomware Business Services
Apr 14, 2026

Never Miss a Critical Alert

CVE advisories, breach reports, and threat intel — delivered daily to your inbox.