← Back to Ransomware Chk

Cephalus

Inactive
Cephalus is a ransomware group active from mid-2025 that leverages stolen RDP credentials to deploy a Go-based ransomware payload via DLL sideloading, targeting law firms, healthcare, financial services, and IT firms across the US and Japan with 19 known victims.
19 Victims
Aug 26, 2025 First Discovered
Aug 28, 2025 Last Discovered
248 Days Inactive
15.8% Infostealer
0/2 Sites Online
Top Countries
US 13
GB 2
IE 1
NL 1
JP 1
Top Sectors
Business Services 5
Healthcare 4
Financial Services 2
Technology 2
Manufacturing 1
Public Sector 1
Construction 1
Known Locations (2)
Cephalus
46.17.42.64.
Cephalus
cephalus6oiypuwumqlwurvbmwsfglg424zjdmywfgqm4iehkqivsjyd.onion
Victims (19)
One-LUX
GB Discovered: Aug 28, 2025 · Attack est.: Aug 28, 2025
coming soon
Shropdoc
GB Healthcare Discovered: Aug 28, 2025 · Attack est.: Aug 28, 2025
coming soon
Shelbourne Accountants
IE Financial Services Discovered: Aug 28, 2025 · Attack est.: Aug 28, 2025
coming soon...
Delta Information Systems
US Technology Discovered: Aug 28, 2025 · Attack est.: Aug 28, 2025
We have got all the software and hardware code,and got 800G+ of internal data. The link will coming soon... Of if anyone is intersted in purchasing the code,pls contact me
Colorado Health Network Inc
US Healthcare Discovered: Aug 28, 2025 · Attack est.: Aug 28, 2025
900G+ data coming soon
Texas Pregnancy Care Network
US Healthcare Discovered: Aug 27, 2025 · Attack est.: Aug 27, 2025
coming soon
wilderlawfirm
US Discovered: Aug 27, 2025 · Attack est.: Aug 27, 2025
coming soon
CoCo Yachts
NL Manufacturing Discovered: Aug 27, 2025 · Attack est.: Aug 27, 2025
We got a total of 1.8TB+ of data,including project,clients,employee information,and a certain country's naval ship design..... The data link will coming soon
txpregnancy.org - Fake Abortion Clinics Exposed
US Discovered: Aug 26, 2025 · Attack est.: Aug 26, 2025
coming soon
Town of Vienna, VA
US Public Sector Discovered: Aug 26, 2025 · Attack est.: Aug 26, 2025
coming soon
Lewis Baach Kaufmann Middlemiss PLLC
US Business Services Discovered: Aug 26, 2025 · Attack est.: Aug 26, 2025
coming soon
Sherman, Silverstein, Kohl, Rose & Podolsky, P.A.
US Business Services Discovered: Aug 26, 2025 · Attack est.: Aug 26, 2025
SSKRPLAW DATA LEAK | (5GB+ ZIP)
Guerrero Mears LLP
US Business Services Discovered: Aug 26, 2025 · Attack est.: Aug 26, 2025
Guerrero Mears LLP DATALEAK | (FORGOT THE SIZE)
K Strategies Marketing and Public Relations
US Business Services Discovered: Aug 26, 2025 · Attack est.: Aug 26, 2025
K Strategies Marketing and Public Relations LEAK | 900+GB
BAR Architects & Interiors
Construction Discovered: Aug 26, 2025 · Attack est.: Aug 26, 2025
BAR Architects & Interiors DATA LEAK | 1.5T+
SystemExec Co., Ltd.
JP Technology Discovered: Aug 26, 2025 · Attack est.: Aug 26, 2025
SystemExec Co., Ltd. (システムエグゼ) GitLab naked repo leak | 30G+
Lee & Associates
US Business Services Discovered: Aug 26, 2025 · Attack est.: Aug 19, 2025
Lee & Associates DATA LEAK | (TB)
LPL Financial
US Financial Services Discovered: Aug 26, 2025 · Attack est.: Jul 4, 2025
LPL Financial DATA LEAK | (I FORGOT THE SIZE,BUT ITS HUGE)
CareSTL Health
US Healthcare Discovered: Aug 26, 2025 · Attack est.: Jun 28, 2025
CareSTL Health DATA Leak | 500+GB | KAWA4096 STEALED our data
Source: Ransomware.live | Data cached and served by Digital Checkmark IT Services | Ransomware Chk