Threat Group Profile
payload
โ Active โ last 30 days
Victim claims
44
First seen
Apr 2026
Last activity
10 Jul 2026
Tracked since
Feb 2026
Group overview
Payload is a ransomware group that emerged in early 2026, using Babuk-derived source code targeting both Windows and ESXi systems with cross-platform double-extortion attacks against healthcare, energy, real estate, and agriculture sectors, claiming 12 victims across seven countries within hours of launching its leak site.
Preferred targets
Manufacturing ยท 8
Consumer Services ยท 5
Business Services ยท 4
Education ยท 4
Financial Services ยท 4
Hospitality and Tourism ยท 4
Most targeted countries
DE ยท 4
CH ยท 3
SG ยท 3
MY ยท 3
EG ยท 2
AT ยท 2
Tactics & techniques (MITRE ATT&CK)
Execution
Native API
Stealth
Obfuscated Files or Information
File Deletion
Execution Guardrails
Discovery
Process Discovery
System Information Discovery
File and Directory Discovery
Impact
Data Encrypted for Impact
Service Stop
Inhibit System Recovery
Defense Impairment
Disable or Modify Tools