Disclosure context

About sekhmet

Sekhmet is a relatively obscure ransomware group that emerged in May 2020, primarily motivated by financial gain through targeted attacks against critical infrastructure sectors. The group's origin and affiliations remain largely undocumented in public threat intelligence reports, with limited information available about whether they operate independently or as part of a ransomware-as-a-service model. Based on available data, Sekhmet has demonstrated a preference for targeting organizations in the United States, with documented attacks against entities in the information technology and energy sectors, though their specific attack methodologies, initial access vectors, and encryption techniques have not been extensively detailed in public security research. The group's limited public profile is reflected in their small number of documented victims, with only two confirmed cases reported in open-source intelligence. Sekhmet's current operational status remains unclear due to the scarcity of recent public reporting on their activities, making it difficult to determine whether the group remains active, has ceased operations, or potentially rebranded under a different name. The group has been linked to 2 public disclosures across our corpus. First observed on a leak site on May 30, 2020; most recent post June 20, 2020. The operation is currently inactive.

Timeline of this disclosure

June 20, 2020SilPac listed by sekhmeton the group's public leak site

Other recent disclosures by sekhmet

sekhmet has been linked to 2 public victims on Darkfield. A sample of the most recent:

ExcisInformation Technology · May 30, 2020

See the full sekhmet dossier →

Sector and geography

This disclosure adds to ransomware activity in the Energy sector, which has 374 disclosures indexed across all operators we track. Geographically, SilPac is reported in United States, a country with 7,392 ransomware disclosures in our corpus.

How we know this. Darkfield monitors public ransomware leak sites continuously, archiving every new disclosure and the data later released against the victim. Each entry on this page is sourced from the operator's own publication and cross-checked against complementary OSINT feeds (RansomLook, ransomware.live, RansomWatch). We do not collect or host stolen data — only the metadata, timestamps and screenshots needed to make the public disclosure searchable and accountable. Records here are corrected when the original post is edited, retracted, or merged with another disclosure.

Ransomware victim disclosure

← All victims

SilPac

Claimed by sekhmet · listed 6 years ago

72m

Age

since listed · data leaked

Status timeline

Listed
Jun 20, 2020
Data leaked

At a glance

Group: sekhmet
Status: Data leaked
Country: United States
Sector: Energy
Listed on leak site: Jun 20, 2020

Source

Indexed 6 years ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.