Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Shadowbyt3$

| Active | RaaS

ShadowByt3$ is a ransomware-as-a-service group first observed in October 2025, using multi-method extortion and communicating via Telegram and Tox, with a very small confirmed victim list suggesting it remains in early-stage operation.

Victims
10
 
First Discovered
2026-02-25
victim
Last Discovered
2026-06-03
victim
Inactive Since
0
days
Avg Delay
29
days
Infostealer
57.1%
victims with domain
Countries
5
hit
View Victims on World Map View Group Statistics
Attack Velocity — Last 12 months
-67% vs last month
Exclusive interview with the ransomware group ShadowByt3$ from the CyberSecurityIL Telegram Channel — ransomware-interviews.base44.app
Known Locations (4)
Favicon Title Type Available Last Visit Server Info FQDN
favicon Leaks No 2026-05-24T06:07:15 mfbbt65kir2drc7tuoukwibikgvxquauscnzgbeltkmidjtgqlzm2qad.onion
favicon ShadowByt3$ No 2026-04-28T07:28:57 shadowbyt3s.8bit.ca
favicon SB HOME Yes 2026-06-03T06:35:50 NGINX nginx 52rtvdymcqvebbamd3la3wtu3ofrcuzuzja3vrsu6wiyrq223osptzqd.onion
favicon SB Data Leak Site Yes 2026-06-03T06:36:32 NGINX nginx shdwbt3ja2ptjt6poluegas44i35727lgmoqqquoww642x3zyocyhuqd.onion
Target
Top 5 Activity Sectors
  • Hospitality and Tourism 3
  • Education 3
  • Business Services 1
  • Agriculture and Food Production 1
  • Technology 1
Top 5 Countries
  • US flag United States 3
  • IN flag India 2
  • CH flag Switzerland 1
  • GB flag United Kingdom 1
  • SG flag Singapore 1
Heatmap
YARA Rules (1)
Victims (10)
Logo
Lead Company (Leadership Boulevard)
Shadowbyt3$
Discovered: 2026-06-03 (6h ago)
Company Site: leadschool.in size: 765.9MB This is will be quick. The following schools are affected:…
Logo
Cropwise (Syngenta Group) CH
Shadowbyt3$
Discovered: 2026-06-02 (Yesterday)
We have breached you and gained access to the following portals: https://operations.cropwise.com/d/u…
Logo
Hotelogix Company (Hotelogix.com) IN
Shadowbyt3$
Discovered: 2026-05-21 (13d ago)
Should've not messed with us Hotelogix. We gave you guys numerous times to reach back and proceed wi…
Logo
StarBucks Company (StarBucks.com US
Shadowbyt3$
Discovered: 2026-05-21 (13d ago)  ·  Attack est.: 2026-04-01
StarBucks Failed to reach out to us and didn't pay even $500,000 when we know they can afford it. It…
Logo
PowerCampus IN
Shadowbyt3$
Discovered: 2026-05-14 (19d ago)
Cloud-based school management and collaboration platform targeting educational institutes in India, …
Logo
Stride Learning US
Shadowbyt3$
Discovered: 2026-05-14 (19d ago)
Stride Learning Should've Paid the ransom. We were only asking $500,000 in bitcoin or monero it's no…
Logo
Amplify Technology GB
Shadowbyt3$
Discovered: 2026-05-14 (19d ago)
Amplify technology has been a victim of an attack. There project they were working on with the pakis…
Logo
University Of Georgia US
Shadowbyt3$
Discovered: 2026-05-14 (19d ago)
ShadowByt3$ has breached University of Georgia. The full data is on are leak site. We stole approxim…
Logo
Hotelogix SG
Shadowbyt3$
Discovered: 2026-05-14 (19d ago)
We are ShadowByt3$. We have claimed responsibility for hacking Hotelogix. They have been breached th…
Logo
UMSA
Shadowbyt3$
Discovered: 2026-02-25 (3mo ago)  ·  Attack est.: 2026-02-17
File: UMSA_LEAK.7z…