payoutsking
Ransomware group profile
105Victims
UnknownSource country
75Impact score
Also Known As
PK Crew
Payout$King
Payouts_KING
payoutsking
PayoutsMafia
Description
PayoutsKING is a newly-identified ransomware group that surfaced in July 2025, primarily targeting hospitals, manufacturers, and educational institutions. The group's operations appear to follow a ransomware-as-a-service model, rapidly listing victims on data leak sites and employing aggressive financial extortion tactics.
Key insights
- •Targets diverse sectors, including healthcare, manufacturing, and education.
- •Utilizes remote desktop protocol (RDP) access, phishing templates, and cracked panel kits for initial access.
- •Employs various malware families like Azorult and RedLine for data theft and credential harvesting.
- •Adopts a victim-centric approach, quickly disclosing compromised data on leak sites.
- •Active in both North America and Europe, with a broad geographic reach.
- •Indicates a strong financial motivation, evident in aggressive ransom demands.
Threat Level & Status Breakdown
For payoutsking · Based on incidents in selected period
2.2threat level
Aggressiveness6/ 10
Lethality0/ 10
Criticality0.3/ 10
Status Breakdown
Claimed40.0%42
First seenJul 2025
Last seenJun 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 18, 2026
Recent activity
Monthly attack count for payoutsking in the selected period
105Total attacks
43peak in Apr
9.5avg / month
↓ 7 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for payoutsking
- 78d75669390e4177597faf9271ce3ad3a16a3652e145913dbfa9a5951972fcb0
- 6f55743091410dad6cdb0b7e474f03e7
- 8c8e75dc4b4e1f201b56133a00fa9d1d711ccb50
- 3a33b5bceb1eba4cc749534b03dd245f965d8f200aa02392baad78f5021a20ff
- b752ebfc1004f2c717609145e28243f3
- 94f73b5dc06ba6705fcef3e759413a747049c2949a0c2e44afc03b2f9989cf73
- 61c14c01460810f6f5f760daf8edbda82eea908b1a95052f8e0f9c4162c2900c
- 25e4d0eacff44f67a0a9d13970656cf76e5fd78c
- c3804d1329b55a37bfa2f835e1e9bbc7bdb2b260f8e3627c06e02c9f52685d44
- b186baf2653c6c874e7b946647b048cc
- 903edad58d54f056bd94c8165cc20e105b054fa8
- f7a11aeaa4f0c748961bbebb2f9e12b6
- 2a728d98ae8280efeaa674783181f3fa
- 6c09b0d102361888daa7fa4f191f603a19af47cb
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for payoutsking
Other
T1486
T1486
T1490
T1490
T1078
T1078
T1021
T1021
T1562
T1562
T1059
T1059
T1547
T1547
T1021.001
T1021.001
T1005
T1005
T1041
T1041
T1080
T1080
Victims(105)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| W****e | — | — | — | Unknown | 4 days ago | |
| T****C | — | — | — | Unknown | 22 days ago | |
| Caunton Engineering | caunton.co.uk | GB United Kingdom | Manufacturing | Claimed | about 2 months ago | |
| V. FRAAS | vfraas.com | DE Germany | Manufacturing | Claimed | about 2 months ago | |
| Bespoke Home Interior Design Group | bhid.co.uk | GB United Kingdom | Manufacturing | Claimed | about 2 months ago | |
| Vortex Companies | vortexcompanies.com | US United States | Other | Claimed | about 2 months ago | |
| Telia Norge AS | telia.no | NO Norway | Technology | Claimed | about 2 months ago | |
| Prater Engineering Associates | praterengineering.com | US United States | Professional Services | Claimed | about 2 months ago | |
| ESENTIA Energy Systems | esentiaenergy.com | MX Mexico | Energy & Utilities | Claimed | about 2 months ago | |
| Del Monte Foods | delmontefoods.com | US United States | Manufacturing | Claimed | about 2 months ago | |
| I****G | im****.com | US United States | Transportation | Unknown | about 2 months ago | |
| O****C | o****.com | US United States | Technology | Unknown | about 2 months ago | |
| UFP Technologies | ufpt.com | US United States | Manufacturing | Claimed | about 2 months ago | |
| G****s | g****.com | US United States | Manufacturing | Unknown | about 2 months ago | |
| E****b | e****.com | US United States | Technology | Unknown | about 2 months ago | |
| Aero-Coating | aero-coating.de | DE Germany | Manufacturing | Claimed | about 2 months ago | |
| Peachtree Group | peachtreegroup.com | US United States | Hospitality | Claimed | about 2 months ago | |
| Ash & Lacy Holdings | ashandlacy.com | GB United Kingdom | Manufacturing | Claimed | about 2 months ago | |
| Maderas del Alto Urgel | mausa.es | ES Spain | Manufacturing | Claimed | about 2 months ago | |
| Eyemart Express | eyemartexpress.com | US United States | Retail & E-Commerce | Claimed | about 2 months ago |
Page 1 of 6
Affected countries(46)
Countries where this group has been reported to target or leak victims.
🇦🇹Austria🇦🇺Australia🇧🇩Bangladesh🇧🇪Belgium🇧🇬Bulgaria🇧🇷Brazil🇨🇦Canada🇨🇭SwitzerlandCôte d'Ivoire🇨🇱Chile🇨🇳China🇨🇾Cyprus🇨🇿Czech Republic🇩🇪Germany🇩🇰Denmark🇪🇬Egypt🇪🇸Spain🇫🇮Finland🇫🇷France🇬🇧United Kingdom🇮🇩Indonesia🇮🇪Ireland🇮🇱Israel🇮🇳IndiaIran, Islamic Republic of🇮🇹Italy🇯🇴Jordan🇯🇵Japan🇲🇽Mexico🇳🇱Netherlands🇳🇴Norway🇴🇲Oman🇵🇪Peru🇵🇱Poland🇵🇹Portugal🇷🇸SerbiaRussian Federation🇸🇦Saudi Arabia🇸🇪Sweden🇸🇬Singapore🇸🇮Slovenia🇸🇰Slovakia🇹🇷TurkeyTaiwan, Province of China🇺🇸United States🇿🇦South Africa