Bitdefender
Romanian cybersecurity vendor; its June 2026 threat debrief tracked 714 May ransomware victims and a structural shift in affiliate cross-claiming.
Last refreshed: 14 June 2026 · Appears in 1 active topic
Why are ransomware affiliates cross-claiming victims, and what does it mean for victim negotiators?
Timeline for Bitdefender
Published June 2026 threat debrief identifying affiliate cross-claiming and new sector targeting patterns
Cybersecurity: Threats and Defences: Crews now cross-claim each rival victim- What did Bitdefender's June 2026 threat debrief find about ransomware?
- The June 2026 debrief tracked 714 May victims and found ransomware affiliates are now routinely cross-claiming each other's victims, construction overtook manufacturing as the most-targeted sector, and MedusaLocker rebranded as Bavacai to enter the top ten.Source: Bitdefender Threat Debrief June 2026
- What is ransomware affiliate cross-claiming and why does it matter?
- Cross-claiming occurs when one ransomware crew posts a victim already listed by a rival. Bitdefender found this is now structural, driven by free movement between RaaS programmes and a commoditised initial-access broker market, complicating victim attribution and negotiation.Source: Bitdefender Threat Debrief June 2026
- Is Bitdefender a reliable source for ransomware statistics?
- Bitdefender's threat intelligence division is widely cited alongside Coveware and Group-IB. Its monthly debriefs aggregate data from major ransomware leak sites and are used by Incident Response teams for sector benchmarking.
Background
Bitdefender is a Romanian cybersecurity company founded in 2001, producing endpoint protection, threat intelligence, and Incident Response products. Its threat intelligence division publishes monthly and quarterly threat debriefs that are widely cited by security operations teams. The June 2026 Threat Debrief documented 714 ransomware victims in May across claims on major leak sites, identifying a structural market shift: affiliates are now cross-claiming victims posted by rival crews, driven by the commoditisation of initial-access broker markets and free movement between ransomware-as-a-service programmes.
Bitdefender's June debrief also identified two notable tactical evolutions: the Silent Ransomware Group's addition of physical on-site infiltration against legal and financial firms, and MedusaLocker's rebrand as Bavacai to enter a fresh ransomware top ten. Construction overtook manufacturing as the most-targeted sector. KryBit and ShinyHunters dropped out of the top ten following increased law-enforcement visibility.
Founded in Bucharest, Bitdefender is one of the largest security vendors to emerge from Central and Eastern Europe, with operations across Europe and North America. Its threat intelligence is considered a primary source for ransomware sector analysis alongside publications from Coveware and Group-IB. The firm's independence from US-headquartered vendors positions its reporting as a distinct perspective on the threat landscape.