Group profile
payload
Payload is a ransomware group that emerged in early 2026, using Babuk-derived source code targeting both Windows and ESXi systems with cross-platform double-extortion attacks against healthcare, energy, real estate, and agriculture sectors, claiming 12 victims across seven countries within hours of launching its leak site.
Sectors hit
- Manufacturing
- Business Services
- Hospitality and Tourism
- Public Sector
- Unspecified
- Healthcare
- Consumer Services
- Transportation/Logistics
Countries hit
MITRE ATT&CK · observed TTPs
Roofinox
The commune of Castries
The commune of Castries
ENB Versich
Vela Film S.r.l.
Vela Film S.r.l.
Tofutown
Tofutown
Villea Hotels in AttanaHo
Mosaic Partners
Clínica La Sabana
Software Arge
Clínica La Sabana
Software Arge
Mosaic Partners
A
N/A The identifier "A" is too ambiguous to correspond to a specific company. Please provide the full company name or additional context so I can give you accurate threat intelligence information.