DeadLock and Qilin Ransomware Groups Allegedly Add New Victims to Their Leak Operations — Dark Web recent claims + Video

Listen to this Post

Featured ImageIntroduction: New Ransomware Claims Highlight Continued Threat From Active Extortion Groups

The ransomware landscape continues to evolve as cybercriminal groups expand their targeting campaigns against organizations across different industries and regions. Recent dark web monitoring activity reported by threat intelligence researchers indicates that the DeadLock and Qilin ransomware groups have allegedly listed new victims on their platforms.

According to threat intelligence monitoring from the ThreatMon Threat Intelligence Team, the DeadLock ransomware group reportedly added Eko-Flor Plus d.o.o. as a new victim on July 10, 2026, while the Qilin ransomware operation allegedly listed Navana Real Estate shortly afterward.

At this stage, these incidents remain unverified claims published through ransomware monitoring channels. A listing on a ransomware leak site does not automatically confirm that attackers successfully breached an organization, stole data, or encrypted systems. However, such claims often represent an early warning signal that security teams should investigate.

DeadLock Ransomware Allegedly Targets Eko-Flor Plus d.o.o. — Dark Web recent claims

Threat intelligence researchers reported that the DeadLock ransomware group allegedly added Eko-Flor Plus d.o.o. to its victim list on July 10, 2026, at approximately 16:06:50 UTC+3.

The information was shared through dark web ransomware activity tracking channels operated by ThreatMon, which monitors cybercriminal activity, indicators of compromise, and ransomware-related operations.

Eko-Flor Plus d.o.o. appears to have become the latest organization claimed by the DeadLock operation, although no public confirmation has been provided regarding the nature of the alleged attack, possible stolen information, ransom demands, or operational impact.

Qilin Ransomware Allegedly Lists Navana Real Estate as Victim — Dark Web recent claims

Shortly after the DeadLock report, another ransomware-related claim emerged involving the Qilin ransomware group.

ThreatMon reported that Qilin allegedly added Navana Real Estate to its victim list on July 10, 2026, at approximately 16:25:54 UTC+3.

Qilin has become one of the more visible ransomware operations in recent years, frequently associated with double-extortion tactics. These attacks typically involve stealing sensitive information before encrypting systems, allowing attackers to threaten both operational disruption and public data exposure.

However, like the DeadLock claim, the Qilin listing involving Navana Real Estate has not yet been independently confirmed.

Understanding the Bigger Picture: Why These Claims Matter

Ransomware Groups Increasingly Depend on Public Pressure

Modern ransomware operations are no longer limited to encrypting files and demanding payment. Many groups now operate dedicated leak websites where they publish alleged victims, sample files, and stolen information to increase pressure on organizations.

The strategy creates reputational damage even before technical details of an attack are confirmed.

A simple victim listing can trigger internal investigations, regulatory concerns, customer questions, and increased media attention.

DeadLock and Qilin Represent the Continued Evolution of Ransomware

The appearance of multiple ransomware groups targeting organizations within the same timeframe demonstrates the persistent activity of the cyber extortion ecosystem.

Cybercriminal groups constantly adjust their methods, infrastructure, and victim selection strategies. Some focus on large enterprises, while others target smaller organizations with weaker security defenses.

The continued presence of groups such as DeadLock and Qilin shows that ransomware remains a profitable criminal business model.

Deep Analysis: Ransomware Intelligence Commands

Threat Hunting Commands for Security Teams

Search suspicious processes
ps aux | grep -Ei "encrypt|ransom|deadlock|qilin"

Check recently modified files

find / -type f -mtime -1 2>/dev/null

Review active network connections

netstat -antp

Check unusual login activity

last -a

Review Linux authentication logs

grep "Failed password" /var/log/auth.log

Search Windows event logs using PowerShell

Get-WinEvent -LogName Security | Select-Object -First 100

Indicators Security Teams Should Monitor

Monitor suspicious file extensions
find / -type f | grep -Ei ".(locked|encrypted|crypt|dead)"

Check scheduled tasks

schtasks /query

Review startup persistence locations

reg query HKCUSoftwareMicrosoftWindowsCurrentVersionRun

Search for unusual executables

dir C:Users\AppDataRoaming

Incident Response Investigation Steps

1. Isolate affected systems from the network.

2. Preserve forensic evidence before cleanup.

3. Review authentication logs for unauthorized access.

4. Search for unusual administrative accounts.

5. Identify possible data exfiltration activity.

6. Reset compromised credentials.

  1. Restore systems only after confirming the attacker is removed.

What Undercode Say:

The latest DeadLock and Qilin ransomware claims demonstrate that cyber extortion remains one of the most active threats facing organizations worldwide.

The first important point is that ransomware leak-site claims must always be treated carefully. Criminal groups sometimes publish exaggerated or misleading claims to create fear, attract attention, or pressure organizations into negotiations.

A victim appearing on a ransomware website does not automatically prove that attackers successfully compromised the company.

However, organizations should not ignore these reports. In many cases, ransomware groups publish victim names after gaining some level of unauthorized access.

The combination of DeadLock and Qilin activity highlights the importance of continuous threat monitoring.

Attackers increasingly use automated discovery tools to identify exposed systems, weak credentials, and vulnerable services.

Organizations that delay security updates or fail to monitor unusual activity often become easier targets.

The real danger is not only encryption. Modern ransomware attacks frequently involve data theft, internal reconnaissance, credential harvesting, and long-term persistence.

Even if an organization restores encrypted systems quickly, stolen data may still create future risks.

Companies should focus on reducing attack opportunities through stronger identity protection, multi-factor authentication, network segmentation, and regular security assessments.

Another important factor is employee awareness. Phishing emails and social engineering remain among the most common entry points for ransomware infections.

Security teams should also prepare incident response plans before an attack occurs.

Waiting until ransomware appears can significantly increase recovery time and financial damage.

Threat intelligence platforms can provide valuable early warnings by tracking criminal infrastructure and ransomware activity.

The DeadLock and Qilin reports show why organizations must monitor both traditional security systems and underground cybercrime activity.

Cybersecurity is no longer only about preventing malware execution. It is about detecting attackers early, limiting their movement, and protecting critical information.

The ransomware economy continues because successful attacks generate financial rewards.

As long as organizations remain vulnerable, ransomware groups will continue searching for new opportunities.

The best defense strategy combines technology, employee training, monitoring, and rapid incident response.

❌ DeadLock Attack Confirmation

The DeadLock ransomware listing involving Eko-Flor Plus d.o.o. is currently based on threat intelligence monitoring claims.

No independent confirmation of compromise, encryption activity, stolen data, or ransom demands has been publicly verified.

The claim should be considered a potential incident requiring investigation rather than a confirmed breach.

❌ Qilin Attack Confirmation

The Qilin ransomware claim involving Navana Real Estate is also currently unverified.

The appearance of an organization on a ransomware leak platform does not prove that the attackers successfully accessed internal systems.

Further evidence such as leaked files, company confirmation, or forensic analysis would be required.

✅ Threat Monitoring Report Exists

ThreatMon reported detecting ransomware-related activity involving DeadLock and Qilin.

The existence of the monitoring report can be verified as a threat intelligence observation, even though the underlying attacks remain unconfirmed.

Prediction

(+1) Increased Ransomware Monitoring Activity Expected

The continued appearance of ransomware groups such as DeadLock and Qilin suggests that cybersecurity researchers will likely continue tracking similar victim claims.

Organizations may increase investment in dark web monitoring, incident response preparation, and proactive threat detection.

(-1) More Organizations Could Face Extortion Attempts

Ransomware groups are expected to continue targeting organizations with weak security controls.

Without stronger authentication, patch management, and monitoring practices, more companies may become victims of data theft or ransomware-related extortion campaigns.

(+1) Better Intelligence Sharing May Reduce Impact

As threat intelligence platforms improve, organizations may receive earlier warnings about emerging ransomware activity.

Faster information sharing between security teams can help reduce damage and improve response times.

▶️ Related Video (72% Match):

🕵️‍📝Let’s dive deep and fact‑check.

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

References:

Reported By: x.com
Extra Source Hub (Possible Sources for article):
https://www.stackexchange.com
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon | 📺Youtube