Nightspire Ransomware
ActiveThreat actor group tracked in the global ransomware database ยท Last disclosure: Apr 4, 2026
Threat Actor Analysis
Nightspire is a ransomware threat group that has disclosed 243 victims in publicly accessible leak site data, representing 1.5% of all ransomware attacks tracked in this database. The earliest victim disclosure attributed to Nightspire in our dataset dates to March 2026.
Geographically, Nightspire has targeted organisations in 49 countries. The most frequently targeted nation is United States with 57 victim organisations. Other heavily targeted nations include France, India, Taiwan.
Industry-wise, Nightspire shows a concentration in the Construction, Manufacturing, Financial Services sectors. These industries are frequently targeted because they manage sensitive data, critical operations, or have lower tolerance for operational downtime โ conditions that increase ransom payment likelihood.
Like most modern ransomware operations, Nightspire likely employs a double extortion model: encrypting victim files while simultaneously exfiltrating data, creating dual pressure to pay the ransom. Victim organisations that refuse payment face having their data published on the group's dark web leak site.
Note: This profile is generated from public leak site disclosures aggregated via the ransomware.live API. Data is updated automatically. The victim table below shows the 50 most recent cached victims; the total victim count (243) reflects the complete database.
Recent Victim Disclosures (50 cached of 243 total)
| # | Organization | Country | Sector | Date |
|---|---|---|---|---|
| 1 |
Advanced Vehicle Assemblies
www.avabuilt.com
|
๐บ๐ธ United States | Manufacturing | Apr 4, 2026 |
| 2 |
Southeastern Conference of Seventh-day Adventists
www.secsda.org
|
๐บ๐ธ United States | Education | Apr 3, 2026 |
| 3 |
Dubosson Frรจres SA
www.menuiseries-dubosson.ch
|
๐จ๐ญ Switzerland | โ | Apr 3, 2026 |
| 4 |
Siena Construction
|
๐บ๐ธ United States | Construction | Apr 3, 2026 |
| 5 |
PARS AR-GE
www.parsarge.com
|
๐น๐ท Turkey | โ | Apr 3, 2026 |
| 6 |
Neptune Mechanical, Inc.
callneptune.com
|
๐บ๐ธ United States | Manufacturing | Apr 3, 2026 |
| 7 |
TTAF Defense
ttafsavunma.com.tr
|
๐น๐ท Turkey | Public Sector | Apr 3, 2026 |
| 8 |
Association OCACIA
www.ocacia.org/en
|
๐ซ๐ท France | โ | Apr 3, 2026 |
| 9 |
S***a V**a***s
|
โ | โ | Apr 3, 2026 |
| 10 |
The GMP Group ( Premier Singapore Recruitment Firm with Global Reach )
gmprecruit.com
|
๐ธ๐ฌ Singapore | Business Services | Apr 2, 2026 |
| 11 |
Notre-Dame du Grandchamp
www.nd-grandchamp.fr
|
๐ซ๐ท France | Education | Apr 1, 2026 |
| 12 |
Ghazi Brothers
ghazibrothers.com
|
๐ต๐ฐ Pakistan | โ | Apr 1, 2026 |
| 13 |
The GMP Group
gmprecruit.com
|
๐ธ๐ฌ Singapore | โ | Apr 1, 2026 |
| 14 |
S**n* *o**tr***io*
|
โ | Construction | Apr 1, 2026 |
| 15 |
P**S****E
|
โ | โ | Apr 1, 2026 |
| 16 |
*ep***e M***a*i***, Inc.
|
โ | โ | Apr 1, 2026 |
| 17 |
T*** Defense
|
โ | Manufacturing | Apr 1, 2026 |
| 18 |
A****ia**on O*A**A
|
โ | โ | Apr 1, 2026 |
| 19 |
CERUMO Co., Ltd
|
๐ฏ๐ต Japan | โ | Mar 31, 2026 |
| 20 |
Beltran & Garcia Financial Investment SLU
|
๐ช๐ธ Spain | Financial Services | Mar 31, 2026 |
| 21 |
JT-ATFP, LLC
|
๐บ๐ธ United States | โ | Mar 31, 2026 |
| 22 |
*d**n*** V**i*l* **s**b***s
|
โ | โ | Mar 31, 2026 |
| 23 |
D**o*s** Fr**e* *A
|
โ | โ | Mar 29, 2026 |
| 24 |
S***h***t*** **n**r***e of **v***h-**y A***n***ts
|
โ | Financial Services | Mar 28, 2026 |
| 25 |
OTNet
www.otnet.co.jp
|
๐ฏ๐ต Japan | โ | Mar 28, 2026 |
| 26 |
Florida Therapy Services
flatherapy.com
|
๐บ๐ธ United States | Healthcare | Mar 28, 2026 |
| 27 |
*h**i **o**e**
|
โ | โ | Mar 28, 2026 |
| 28 |
*H* G** **O**
|
โ | โ | Mar 28, 2026 |
| 29 |
A*v**c** *e**c** ***em**i**
|
โ | โ | Mar 27, 2026 |
| 30 |
Anbogen Therapeutics Inc.
anbogen.com
|
๐น๐ผ Taiwan | Healthcare | Mar 25, 2026 |
| 31 |
Eastex Environmental Laboratory
www.eastexlabs.com
|
๐บ๐ธ United States | Business Services | Mar 25, 2026 |
| 32 |
J***T*P, **C
|
โ | โ | Mar 25, 2026 |
| 33 |
*n**g** T***a**ut*** **c
anbogen.com
|
๐น๐ผ Taiwan | โ | Mar 25, 2026 |
| 34 |
HLF Heizung-Sanitรคr GmbH
www.hlf-goslar.de
|
๐ฉ๐ช Germany | Construction | Mar 25, 2026 |
| 35 |
*o**e-*a** du ***n*c****
|
โ | โ | Mar 23, 2026 |
| 36 |
*L* **i**n*-**n**** GmbH
|
โ | โ | Mar 23, 2026 |
| 37 |
**l**a* & ***c** **n*n**** I**e*t**** *L*
|
โ | Financial Services | Mar 23, 2026 |
| 38 |
Cannavative Group
www.cannavativegroup.com
|
๐บ๐ธ United States | โ | Mar 22, 2026 |
| 39 |
SAS CAP ESTEL HOTEL
www.capestel.com/en
|
๐ซ๐ท France | Hospitality and Tourism | Mar 22, 2026 |
| 40 |
Semenya Furumele Consulting Engineers
www.sfce.co.za
|
๐ฟ๐ฆ South Africa | Construction | Mar 22, 2026 |
| 41 |
**o**d* *h**a*y ***v***s
|
โ | Healthcare | Mar 22, 2026 |
| 42 |
O**e*
|
โ | โ | Mar 22, 2026 |
| 43 |
IASMOS
|
๐ฌ๐ท Greece | โ | Mar 21, 2026 |
| 44 |
Fidanque Hermanos e Hijos, S.A
www.fidanque.com
|
PA | Transportation/Logistics | Mar 21, 2026 |
| 45 |
**V**C** *E**C** ***EM**I**
|
โ | Technology | Mar 21, 2026 |
| 46 |
GD France
www.gdfrance.com/en
|
๐ซ๐ท France | โ | Mar 20, 2026 |
| 47 |
G* *r**c*
|
โ | โ | Mar 19, 2026 |
| 48 |
**ste* **vi**n***t** **b**a****
|
โ | โ | Mar 17, 2026 |
| 49 |
G* *r**n*e
|
โ | โ | Mar 17, 2026 |
| 50 |
S*m**y* **ru**l* ***s**t**g **gi****r*
|
โ | โ | Mar 17, 2026 |
Frequently Asked Questions
What is Nightspire ransomware?
Nightspire is a ransomware threat group that has claimed 243 victims since its first known activity in March 2026. The group operates by infiltrating target networks, exfiltrating data, encrypting files, and threatening to publish stolen data on a dark web leak site if the ransom is not paid.
How many victims has Nightspire attacked?
Nightspire has claimed 243 victims in our database, representing 1.5% of all tracked ransomware attacks. The most targeted countries are United States, France, India, Taiwan.
Which countries does Nightspire target?
Nightspire has attacked organizations in 49 countries. The top targeted countries are: United States, France, India, Taiwan.
Which industries does Nightspire target?
Nightspire most frequently targets the Construction, Manufacturing, Financial Services sectors based on victim disclosures in our database.
Is Nightspire still active?
Nightspire's most recent victim disclosure in our database was on April 4, 2026. Ransomware groups frequently rebrand or go dormant; monitor this page and our ransomware map for the latest activity.