Operator dossier

Pryx is a ransomware operator currently active on public leak sites. Darkfield has indexed 3 public victims claimed by this operator between May 15, 2026 and May 20, 2026. Auto-discovered from ransomware tracking sources

Recent disclosures by Pryx

All 3 indexed disclosures. Click any row for the full per-victim dossier.

吉林省药品监督管理局 (Jilin Provincial Drug Administration)Government / Healthcare Regulation · CN · May 20, 2026
AG真人 (Jilin Drug Administration / Medical Device Registration)Government/Healthcare Regulation · CN · May 16, 2026
AG真人Government/Healthcare Regulation · China · May 15, 2026

See every disclosure indexed for Pryx →

How we know this. Operator profiles on Darkfield are built from continuous monitoring of every leak site the group is known to operate, cross-correlated with community-curated feeds (RansomLook, ransomware.live, RansomWatch, MISP-galaxy). Status flips from active to inactive when no new disclosure appears for 60 days. MITRE ATT&CK mappings shown in the interactive section below are sourced from CISA, vendor analysis, and the MITRE community catalog — we attribute each technique back to its source. Aliases reflect operator re-brands and affiliate splits.

Active ransomware operator

← All groups

Pryx

3 victims indexed · first seen 6 days ago · last activity 23 hours ago

Victims indexed

#272 of 348 tracked operators

<1m

Active period

May 2026 → May 2026

—

Countries hit

At a glance

Status: active
First seen: 6 days ago
Last activity: 23 hours ago
Onion sites: 3 known endpoints

About

Auto-discovered from ransomware tracking sources

Recent victims

Loading…

Onion infrastructure

3 known

http://c2mdhim6btaiyae3xqthnxsz64brvdxsnbty4tvos65zb565y4v55iid.onion
http://c2mdhim6btaiyae3xqthnxsz64brvdxsnbty4tvos65zb565y4v55iid.onion/b/
http://pryx.cc

Source

Updated 23 hours ago

Data on this page is sourced from the group's own leak posts, cross-checked with public ransomware trackers (RansomLook, ransomware.live, RansomWatch), MITRE ATT&CK, and our own Tor and Telegram crawlers. This is a public observatory page — share freely.