Live · Trinetra Threat Intel

Global ransomware signal.
Live, on one map.

Every pulse is a publicly-disclosed ransomware victim we're tracking. Purple marks India. Use it to pressure-test your own defences — then let us scope where the gaps really are.

Recent incidents arrow_downward Book a scope call
public Global ransomware signal map
Ransom Phish Malware DDoS Exploit
Scanning the wire…
Connecting to feed…

Deep dives

Go further on the Trinetra board

From the same telemetry, we publish long-form dossiers, an Indian breach timeline, a live patch radar, and a free domain exposure check. All free.

Dossiersarrow_forward

Ransomware group profiles

LockBit, Akira, Qilin, Cl0p, RansomHub, Medusa and more — tactics, victim counts, defense checklists.
Timelinearrow_forward

India breach timeline 2025–2026

Every named Indian incident we can confirm, in chronological order with sector & group attribution.
Live feedarrow_forward

Actively exploited CVEs

The CVEs CISA confirms are being exploited right now, with ransomware flags and patch windows.
Free toolarrow_forward

Domain exposure check

15-second audit of DNS, SPF/DMARC, security headers and subdomain footprint for any domain.

Control room extras

Cross-reference other live threat maps

Triangulate what you see on the Trinetra board with other public telemetry feeds. Opens in a new tab.

Check Point open_in_new

ThreatCloud Live Map

Real-time attack telemetry across Check Point's sensor network — attacks per second, by sector and region.
Radware open_in_new

Live Threat Map

DDoS, intrusion and anomaly traffic from Radware's global cloud — good for volumetric trends.
Kaspersky open_in_new

Cybermap

Detections from Kaspersky's endpoint network — malware, phishing, network attacks broken down by country.
Cisco Talos open_in_new

Ransomware Incidents

Cisco Talos tracker for named ransomware incidents and crew activity — a useful independent cross-check.

External feeds · each vendor has its own coverage bias — read together, not in isolation

Named victims tracked

Global · rolling

Active adversary crews

Monitored operations

India named victims

Public leak-site disclosures

Public disclosures

Breach notices & filings

Where the heat is

Countries & sectors under fire

Top countries by recent victims

Top sectors hit (global sample)

Adversary landscape

Most active ransomware crews

Cumulative named victims across our index. Alias and successor operations grouped where attribution is confident.

India focus

What's actually being hit in India

A closer look at Indian organisations ransomware crews have publicly named. Lower bound — unreported extortion never surfaces here.

India service overview arrow_forward

India victims indexed

Unique Indian organisations publicly named on leak sites. Cross-verified against filings and media reports where available.

Public sources only Cross-verified

Sectors taking the hits (India)

Explore by country

Ransomware victims by country (—)

Darker shade = more named victims this year. Click any country to pull its disclosed victims on demand.

public Victim density — click to drill in
Low High
category Jump by sector
search

Sourced from open leak-site monitoring · Trinetra telemetry · For defensive use only

Your sector on this board?

If crews are actively naming companies like yours, find out exactly where you're exposed before they get to you. We run focused VAPT, website security audits, and ransomware-readiness reviews for India teams.

Book a scope call Read case studies