Ransomware Group intelligence
Cephalus-api
InactiveTrack Cephalus-api with 16 published victims in a single intelligence view.
Overview
Cephalus-api is tracked by Breach House as a ransomware group with 16 published victims.
United States is currently the most targeted country in this dataset.
No leak location metadata is currently available for this group.
Top Countries
Interactive distribution based on the currently visible victims list.
Known Leak Locations (0)
No known leak locations available for this group.
Top Activity Sectors
No sector intelligence available.
Ransom Notes (0)
▼No ransom notes available for this group.
Tools Used
▼No tools used available.
YARA Rules (0)
▼No YARA rules available.
Indicators of Compromise (0)
▼No IoCs available for this group.
Negotiation Chats (0)
▼No negotiation chats available.
Research Sources
No external research sources linked yet.
Victims (16)
Search, filter and paginate the victim timeline for Cephalus-api. Showing 1–16 of 16.
| Type | Target | Discovered | Country | Business Category | Intel Link |
|---|---|---|---|---|---|
| Ransomware | One-LUX id22020 View details | United Kingdom | Other | — | |
|
One-LUX Ltd is a UK-based lighting manufacturer and supplier that develops emergency lighting solutions, controls, and related electronic components for the lighting industry. Company records place it in Aldridge, Walsall, England, and describe its registered activity as manufacture of loaded electronic boards, indicating an electronics and lighting-sector business. Public business listings also note that it serves the international lighting market and provides lighting and energy-saving solutions. It was listed as a ransomware victim associated with cephalus-api. |
|||||
| Ransomware | Shropdoc id22019 View details | United Kingdom | Other | — | |
|
Shropdoc is a not-for-profit healthcare provider in Great Britain that delivers urgent primary care and out-of-hours medical services. It provides 24/7 care across Powys, and its service includes NHS 111 support, weekend and bank holiday cover, and appointments or home visits depending on clinical need. Shropdoc was established in 1996 and operates as a cooperative of GPs serving patients when their regular surgery is closed. The domain was listed as a ransomware victim associated with cephalus-api. |
|||||
| Ransomware | Shelbourne Accountants id22018 View details | Ireland | Other | — | |
|
shelbourneaccountants.ie is the website of Shelbourne Accountants, an Irish accountancy firm based in Dublin that provides financial and taxation services. Its site states that it serves companies of all sizes and personal clients, with offerings including bookkeeping, payroll, company formation, registered office support, and contractor services. The firm presents itself as a provider of accounting and tax support for businesses and individuals in Ireland. The domain was listed as a ransomware victim associated with cephalus-api. |
|||||
| Ransomware | Delta Information Systems id22017 View details | United States | IT | — | |
|
Acroamatics.com is the digital presence of Acroamatics, Inc., a United States-based company headquartered in Goleta, California, that specializes in advanced real-time telemetry data processing equipment and software solutions. The firm serves defense, aerospace, and satellite ground terminal sectors by designing and manufacturing high-performance, low-latency telemetry data processing and display systems for use at telemetry ranges and testing facilities worldwide. As a leading supplier of integrated range control center processing solutions, Acroamatics has provided reliable telemetry and flight test community support for over 50 years since its establishment in 1971. The company was listed as a ransomware victim associated with the cephalus-api threat actor. |
|||||
| Ransomware | Colorado Health Network Inc id22011 View details | United States | Healthcare / Pharma | — | |
|
Colorado Health Network is a statewide healthcare organization in the United States, specifically operating across Colorado with multiple clinics in Denver, Fort Collins, Greeley, Colorado Springs, Pueblo, and Grand Junction. The entity provides integrative medical care, oral health services, and behavioral health support through in-person visits and telehealth, with a notable focus on HIV prevention, treatment, and harm reduction for over 5,250 individuals. It delivers holistic care including case management, substance abuse counseling referrals, and access to healthcare, equitably meeting the needs of people affected by HIV and other health conditions. Colorado Health Network was listed as a ransomware victim associated with cephalus-api. |
|||||
| Ransomware | Texas Pregnancy Care Network id22010 View details | United States | Communication / Marketing | — | |
|
texaspregnancy.org is the website for Texas Pregnancy Care Network (TPCN), a Texas-based nonprofit that supports pregnancy care providers and other organizations serving women facing unplanned or crisis pregnancies. The site describes free counseling, assistance, and resources for pregnant women of all ages, with referral support and local provider information in Texas. Public listings place the organization in the United States and associate it with reproductive health and family planning services. It was listed as a ransomware victim associated with cephalus-api. |
|||||
| Ransomware | wilderlawfirm id22009 View details | Finance / Legal / Insurance | — | ||
|
wilderlawfirm.com is associated with a law firm serving the Finance, Legal, and Insurance space in the United States, reflecting a practice tied to legal representation and related client services. Available public references for Wilder-branded law firms indicate work in personal injury and other client-facing legal matters, with U.S.-based operations and contact details. In threat-intelligence catalogs, the domain is indexed for monitoring because it appears in ransomware victim datasets. It was listed as a ransomware victim associated with cephalus-api. |
|||||
| Ransomware | CoCo Yachts id22008 View details | Netherlands | Communication / Marketing | — | |
|
CoCo Yachts B.V. is a Dutch designer of innovative aluminium vessels based in the Netherlands, with a focus on high-speed craft and ferry concepts. Its public materials describe work on vessels such as fast ferries, coastal cruisers, and other passenger applications, reflecting a specialist role in marine design and engineering. The company presents itself as a leading innovator in high-speed vessel design and notes partnerships in shipbuilding delivery. CoCo Yachts was listed as a ransomware victim associated with cephalus-api. |
|||||
| Ransomware | Lee & Associates id22007 View details | United States | Other | ||
|
lee-irvine.com belongs to Lee & Associates Irvine Inc., a commercial real estate firm in Irvine, California, United States. The company specializes in the representation of acquisition, disposition, and leasing of industrial, office, retail, medical, investment, and other commercial properties. Its site presents brokerage and related real estate services for clients seeking commercial property transactions. The domain was listed as a ransomware victim associated with cephalus-api. |
|||||
| Ransomware | Sherman, Silverstein, Kohl, Rose & Podolsky, P.A. id22006 View details | United States | Finance / Legal / Insurance | ||
|
sskrplaw.com is the website of Sherman, Silverstein, Kohl, Rose & Podolsky, P.A., a national full-service law firm based in Moorestown, New Jersey, United States. The firm provides legal representation to businesses and individuals, with practice areas that include corporate and business matters, financial strategies, health law, tax, insurance coverage, and litigation. Its published materials also emphasize business-law support such as compliance, contracts, transactions, and risk management. The domain was listed as a ransomware victim associated with cephalus-api. |
|||||
| Ransomware | Guerrero Mears LLP id22005 View details | United States | Other | ||
|
gmllp.com is the website of Guerrero Mears LLP, a Bakersfield, California law firm serving clients in the United States. The firm describes itself as a boutique transactional practice focused on business, real estate, tax, and estate planning matters, including legal support for business transactions, capital structures, and related advisory work. Its published office details place it in Bakersfield, California, and indicate services for business, financial, institutional, and individual clients. In threat-intelligence listings, gmllp.com was listed as a ransomware victim associated with cephalus-api. |
|||||
| Ransomware | LPL Financial id22004 View details | United States | Finance / Legal / Insurance | ||
|
balancedsolutions4me.com is associated with Money Matters, a Tampa, Florida financial-services brand linked to LPL Financial and an advisor-led practice in the finance sector. Public profiles connect the site to financial guidance and related client services, with references to insurance and legal-planning topics common to wealth-management offerings. The entity was listed as a ransomware victim associated with cephalus-api. |
|||||
| Ransomware | K Strategies Marketing and Public Relations id22003 View details | United States | Communication / Marketing | ||
|
kstrategies.com represents K Strategies, a Dallas, Texas-based marketing and public relations agency in the Communication / Marketing sector. The company says it delivers strategic marketing, communications, public engagement, graphic design, and digital and print campaign support for clients. Public profile sources also describe K Strategies as an award-winning firm founded in 2002, with work spanning branding, video production, and community-focused programs. It was listed as a ransomware victim associated with cephalus-api. |
|||||
| Ransomware | BAR Architects & Interiors id22002 View details | India | Hospitality / Food & Beverage / Tourism | ||
|
bararch.com is the website of BAR Architects & Interiors, a full-service architecture, interior design, and planning firm with offices in San Francisco and Los Angeles. The firm presents work across California and beyond, with project pages covering hotels, resorts, residential housing, student housing, and multifamily developments. Its portfolio and practice materials position it within the hospitality, food and beverage, and tourism-related design ecosystem, serving commercial and mixed-use clients. The domain was listed as a ransomware victim associated with cephalus-api. |
|||||
| Ransomware | SystemExec Co., Ltd. id22001 View details | Japan | Services | ||
|
system-exe.co.jp is the corporate site for SystemEXE, Inc., a Japan-based IT services company headquartered in Chuo-ku, Tokyo. The company was established in 1998 and offers system integration, product and service development, software development, business/technical solutions, and BPO-related services. Its official site also highlights strengths in database, cloud, and custom development work across sectors such as insurance, retail, manufacturing, healthcare, and accounting. In threat-intelligence listings, system-exe.co.jp was listed as a ransomware victim associated with cephalus-api. |
|||||
| Ransomware | CareSTL Health id22000 View details | United States | Healthcare / Pharma | ||
|
CareSTL Health is a Federally Qualified Health Center in St. Louis, Missouri, serving St. Louis City residents with medical, dental, behavioral health, and specialty care. It focuses on comprehensive, community-based healthcare for underserved, underinsured, and uninsured populations. The organization says it aims to improve health outcomes and provide care regardless of income or socioeconomic status. In threat-intelligence indexing, carestlhealth.org was listed as a ransomware victim associated with cephalus-api. |
|||||