A new ransomware group called Payouts King has emerged in the cybercriminal landscape, claiming responsibility for attacks against 13 organizations across multiple countries and allegedly stealing over 21 terabytes of sensitive data.
The group’s activities have escalated rapidly, with victims spanning from healthcare facilities to manufacturing companies across the United States, Europe, and Canada.
The Payouts King hacking group first appeared on cybersecurity monitoring radars on June 27, 2025, when their onion blog listed 12 initial victims.
The group has demonstrated an aggressive operational tempo, adding a thirteenth victim—a Germany-based entity whose name remains censored—on July 7, 2025.
For this latest victim, the cybercriminals claim to have exfiltrated approximately 2.5 terabytes of data.
The initial 12 organizations targeted represent a diverse range of industries and geographical locations.
United States-based companies comprise the majority of victims with six organizations affected, including Crenshaw Community Hospital, Belmont Engineered Plastics, Institute of Culinary Education, CR Architecture + Design, Arch-Con Corporation, and Gateway Community Services.
European victims include Italy’s Rhea Vendors Group S.p.A and Silent Gliss International Ltd, Spain’s Laboratorios Tecnológicos De Levante, France’s EvoluPharm, and Germany’s Kolbus. Canada’s Bariatrix Nutrition Inc. rounds out the international victim list.
Massive Data Breach Claims
According to the group’s claims, the total volume of data allegedly stolen from all 13 victims amounts to 21.185 terabytes.
The cybercriminals report that 18.685 terabytes of this data has already been leaked publicly after ransom payment deadlines expired for the initial 12 victims.
This represents approximately 88% of the total claimed stolen data now potentially exposed.
The leaked data varies significantly in volume across victims, ranging from 80 gigabytes stolen from Gateway Community Services to 6.6 terabytes allegedly taken from the German company Kolbus.
Other significant data thefts include 2.5 terabytes from Laboratorios Tecnológicos De Levante, 2.1 terabytes from Arch-Con Corporation, and 2 terabytes from CR Architecture + Design.
Healthcare and Critical Infrastructure
According to Report, the emergence of Payouts King adds to the growing landscape of ransomware-as-a-service operations that have proliferated in recent years.
The victim profile reveals concerning targeting of critical infrastructure and healthcare organizations.
Crenshaw Community Hospital, a healthcare provider, represents a particularly sensitive target given the critical nature of medical data and services.
The inclusion of educational institutions like the Institute of Culinary Education and diverse manufacturing companies suggests the group employs an opportunistic targeting approach rather than focusing on specific industries.
Their rapid victim acquisition rate and substantial data theft claims indicate sophisticated operational capabilities and potentially automated attack tools.
The group’s use of onion domains and public leak sites follows established patterns among modern ransomware operators who combine encryption attacks with data exfiltration threats.
Cybersecurity experts continue monitoring the group’s activities as organizations worldwide enhance their defensive postures against evolving ransomware threats.
The international scope of victims underscores the global nature of modern cybercrime operations and the need for coordinated international cybersecurity responses.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
