Skip to main content

Ransomwhere.org

Dashboard Live Map About Feed Groups

Payments TTPs Identify News API

LIVE

Ransomwhere.org

Real-time ransomware intelligence platform. Tracking threat actors, victims, and payments to raise awareness and help defend against ransomware attacks worldwide.

Platform

Live Map
Latest Victims
Groups
Payments
Identify
News

Resources

Data & Methodology
API Docs
RSS Feed
About
Privacy Policy
Terms of Service
NoMoreRansom
Ransomware.live
CISA Advisories

For informational purposes only.

© 2026 Ransomwhere.org

Groups/xinglocker

// group profile

xinglocker

Inactive

XingLocker is a ransomware group that emerged in May 2021 as part of a franchise-style RaaS model built on a customized MountLocker payload, using IcedID for initial access and Windows Active Directory APIs for worm-style lateral movement across networks.

21

Victims

1

Sites

Victims (21)

Live

Wayne Automatic Fire Sprinklers, Inc.

Tilia GmbH. TILIA GROUP

J.Irwin Company

DiaSorin

Greenwood Fabricating & Plating

Positive Promotions, Inc.

AQUALUNG

Sharafi Group Investments

Coastal Family Health Center

T.I.S. Group

OSF Healthcare System

Solen A.S

CBN Logistic

LineStar

Desert Plastering LLC

Gulfeagle Supply

GlobeMed Saudi

Washoe Tribe

Bridgelux, Inc.

Pezzuto Group

NAVNIT GROUP

Known Leak Sites

xingnewj6m4qytljhfwemngm7r7rogrindbq7wrfeepejgxc3bwci7qd.onionDLS

Activity

Total victims21

Countries affected0

Last seenNo recent activity

Explore

Ransomware NewsRelated articles

Check DecryptorsFree tools

Payment DataRansom tracking

MITRE ATT&CKTechniques

Live MapGlobal view

Source: ransomware.live|Refreshes every 5 min