Ransomware Group intelligence

PrinzEugen

Active

Track PrinzEugen with 2 published victims and 2 known leak locations in a single intelligence view.

Victims 2 Known published victims in this dataset

First discovered 2026-05-04 Earliest victim discovery date

Last discovered 2026-05-16 Latest victim discovery date

Inactive since 17 days Days since the latest known victim

Top country South Africa 1 victims

Known locations 2 Leak or negotiation infrastructure tracked

PrinzEugen is tracked by Breach House as a ransomware group with 2 published victims.

South Africa is currently the most targeted country in this dataset.

2 known leak locations are currently associated with this group.

Top Countries

Distribution

Label	Type	Availability	Links
Leak location 1	Onion service	Unknown	`6cudc5cqa2bjpwdhcwm2lj6dbqejjjqzeo6ipwvmbazr6cgu7vfk3dad.onion`
Leak location 2	Onion service	Unknown	`prinzfkbjiazbrur4mjje6mntjc4vydx3iatkkzycufoylqcoo4y7pqd.onion`

No sector intelligence available.

Ransom Notes (0)

▼

No ransom notes available for this group.

▼

No tools used available.

▼

No YARA rules available.

▼

No IoCs available for this group.

▼

No negotiation chats available.

No external research sources linked yet.

Search, filter and paginate the victim timeline for PrinzEugen.

Type	Target	Discovered	Country	Business Category
Ransomware	Transitions Pro Centre Val de Loire id29193 View details	2026-05-16	France	Other
The swift attack has resulted in both the exfiltration and encryption of hundreds of gigabytes. In the event of complete non-compliance; Files will be fully released for public download. ID 29193
Ransomware	Standard Bank Group id29194 View details	2026-05-04	South Africa	Finance / Legal / Insurance
Beginning on February 27th 2026, The 3 week long attack on both Standard Bank and Liberty has resulted in 1.2TB of data being exfiltrated from internal servers. ID 29194