Ransomware Group intelligence
PrinzEugen
ActiveTrack PrinzEugen with 9 published victims and 3 known leak locations in a single intelligence view.
Overview
PrinzEugen is tracked by Breach House as a ransomware group with 9 published victims.
United States is currently the most targeted country in this dataset.
3 known leak locations are currently associated with this group.
Top Countries
Interactive distribution based on the currently visible victims list.
Known Leak Locations (3)
| Label | Type | Availability | Links |
|---|---|---|---|
| Leak location 1 | Onion service | Unknown | 6cudc5cqa2bjpwdhcwm2lj6dbqejjjqzeo6ipwvmbazr6cgu7vfk3dad.onion |
| Leak location 2 | Onion service | Unknown | prinzfkbjiazbrur4mjje6mntjc4vydx3iatkkzycufoylqcoo4y7pqd.onion |
| Leak location 3 | Onion service | Unknown | prinzkpn6d3itrgcytmsmlcpt5mgwn3ihpck2hsed5cezlbtbi3wklid.onion |
Top Activity Sectors
No sector intelligence available.
Ransom Notes (0)
▼No ransom notes available for this group.
Tools Used
▼No tools used available.
YARA Rules (0)
▼No YARA rules available.
Indicators of Compromise (0)
▼No IoCs available for this group.
Negotiation Chats (0)
▼No negotiation chats available.
Research Sources
No external research sources linked yet.
Victims (9)
Search, filter and paginate the victim timeline for PrinzEugen. Showing 1–9 of 9.
| Type | Target | Discovered | Country | Business Category | Intel Link |
|---|---|---|---|---|---|
| Ransomware | Driving School Software id30080 View details | United States | Education | ||
|
Driving School Software is an education sector company based in the US, providing software solutions to driving schools. The company operates in the education sector, offering various software tools to manage driving school operations. Driving School Software was listed as a ransomware victim associated with PrinzEugen. |
|||||
| Ransomware | Driving School Software id30080 View details | United States | Education | ||
|
Hundreds of driving schools impacted. 16 Million rows of SQL, 8000 FULL credit cards, and more. Full leak post + data available on the new PRINZ EUGEN site. prinzkpn6d3itrgcytmsmlcpt5mgwn3ihpck2hsed5cezlbtbi3wklid.onion |
|||||
| Ransomware | prinzkpn6d3itrgcytmsmlcpt5mgwn3ihpck2hsed5cezlbtbi3wklid.onion [NEW LEAK POSTED ON OUR NEW... id30031 View details | Other | |||
|
Prinzkpn6d3itrgcytmsmlcpt5mgwn3ihpck2hsed5cezlbtbi3wklid onion appears to be a website operating on the dark web, likely used for publishing data related to ransomware attacks. The site is associated with the threat actor PrinzEugen. It is located on the onion network, which is a part of the dark web. Prinzkpn6d3itrgcytmsmlcpt5mgwn3ihpck2hsed5cezlbtbi3wklid onion was listed as a ransomware victim associated with PrinzEugen |
|||||
| Ransomware | prinzkpn6d3itrgcytmsmlcpt5mgwn3ihpck2hsed5cezlbtbi3wklid.onion [NEW LEAK POSTED ON OUR NEW... id30031 View details | Other | |||
|
VISIT THE NEW SITE! prinzkpn6d3itrgcytmsmlcpt5mgwn3ihpck2hsed5cezlbtbi3wklid.onion prinzkpn6d3itrgcytmsmlcpt5mgwn3ihpck2hsed5cezlbtbi3wklid.onion prinzkpn6d3itrgcytmsmlcpt5mgwn3ihpck2hsed5cezlbtbi3wklid.onion prinzkpn6d3itrgcytmsmlcpt5mgwn3ihpck2hsed5cezlbtbi3wklid.onion |
|||||
| Ransomware | NEW PRINZ EUGEN SITE [NOT A CASE FILE] id30089 View details | Other | |||
|
prinzkpn6d3itrgcytmsmlcpt5mgwn3ihpck2hsed5cezlbtbi3wklid.onion OLD SITE (this site) WILL BE TAKEN OFFLINE SHORTLY |
|||||
| Ransomware | Spratley's of Mortimer id29707 View details | Retail / E-commerce | |||
|
spratleys.co.uk Hundreds of GBs of data encrypted across company file shares, If you would like the decryption key you just need to ask. |
|||||
| Ransomware | Spratley's id29709 View details | Other | |||
|
Hundreds of GBs of data encrypted across company file shares. If you would like the decryption key you just need to ask. |
|||||
| Ransomware | Transitions Pro Centre Val de Loire id29193 View details | France | Other | ||
|
The swift attack has resulted in both the exfiltration and encryption of hundreds of gigabytes. In the event of complete non-compliance; Files will be fully released for public download. |
|||||
| Ransomware | Standard Bank Group id29194 View details | South Africa | Finance / Legal / Insurance | ||
|
Beginning on February 27th 2026, The 3 week long attack on both Standard Bank and Liberty has resulted in 1.2TB of data being exfiltrated from internal servers. |
|||||