PayoutsKing is an active ransomware group observed through at least 2026 that has claimed attacks against a wide range of industries internationally — including Del Monte Foods and V. FRAAS — across the US, UK, Germany, and Ireland using standard double-extortion tactics.
Genera un perfil del actor con IA (defensivo) cuando lo pidas.
Este grupo no tiene TTPs curadas. Puedes generar un mapeo MITRE ESTIMADO por IA (no confirmado) a partir de su descripción/notas, solo cuando lo pidas.
Para detección/bloqueo en tu EDR/SIEM. Fuente: ransomware.live.
Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.
/*
payoutsking ransomware
*/
rule payoutsking_Ransomnote
{
meta:
author = "ransomware.live"
family = "ransomware.payoutsking"
description = "Detects payoutsking ransomware ransom note or artifact"
date = "2026-05-04"
severity = 7
score = 70
strings:
$name1 = "payoutsking" ascii nocase
$name2 = "PAYOUTSKING" ascii
$onion = "payoutsking.onion" ascii nocase
condition:
any of them
}
The files on the company's network have been encrypted, and significant amount of confidential data has been downloaded from it. To recover your files to the initial state and prevent disclosure of your sensitive information contact us as soon as possible via the [redactado] chat platform. - Download a [redactado] messaging client([redactado] - Create an account; - Add the following contact ID for futher negotiations: [redactado] In case you don't get in touch within 7 days, the exfiltrated data will be disclosed on our website: [redactado]
[AI generated] N/A
| Organización | País | Sector | Grupo | Descubierta |
|---|---|---|---|---|
| ESENTIA Energy Systems | MX | Energy | — | 30 abr 2026 |
Las direcciones de los sitios de filtración (.onion) se conocen pero no se publican ni se enlazan. Solo se muestran metadatos públicos. ética