Skip to content
Ransomware group

Settra

Settra is a ransomware and data-extortion threat actor that emerged publicly in 2026 through a cluster of claimed compromises and leak-site style victim disclosures.

Profile source: Mallory opens in a new tab

Settra

Family profile

Settra is a ransomware and data-extortion threat actor that emerged publicly in 2026 through a cluster of claimed compromises and leak-site style victim disclosures. The group has been associated with attacks against organizations in multiple countries, including the United States, Germany, the United Kingdom, Tunisia, and Taiwan, with observed victim sectors including construction, business services, industrial manufacturing, mining, and e-commerce-related services.

Settra’s operations are characterized by ransomware-linked intrusion claims combined with public assertions of data theft and exposure. Reported incidents indicate the group advertises stolen corporate documents and, in some cases, claims access to user information, consistent with double-extortion tradecraft in which data theft is used to pressure victims in addition to encryption or disruption. Public reporting has also associated Settra activity with the use of valid accounts and access to cloud-hosted data, aligning with ATT&CK techniques such as Valid Accounts (T1078) and Data from Cloud Storage (T1530).

Victimology observed in 2026 suggests opportunistic targeting across diverse industries rather than a narrowly specialized vertical focus. Claimed victims include construction firms, registrar or business-services entities, industrial manufacturers supporting chemical and defense-related production, and consumer-facing technology subsidiaries. Settra has also appeared in ransomware claim-volume tracking, where it rapidly entered weekly rankings with a notable number of public claims, indicating an active leak-and-name operation during that period.

Attribution to a specific nation state or government sponsor is not currently available. Available information supports describing Settra as an eCrime ransomware actor engaged in financially motivated extortion. No well-established sub-groups or widely used alternate aliases are currently available beyond the Settra name itself.

Ransomware.live

Operational record

View group record ↗

Ransomware.live

Recent claims

All published claims ↗

MITRE ATT&CK

Settra in ATT&CK

4 distinct techniques

Reporting

Research mentioning Settra

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.