Settra
Settra is a ransomware and data-extortion threat actor that emerged publicly in 2026 through a cluster of claimed compromises and leak-site style victim disclosures.
Profile source: Mallory opens in a new tabSettra
Family profile
Settra is a ransomware and data-extortion threat actor that emerged publicly in 2026 through a cluster of claimed compromises and leak-site style victim disclosures. The group has been associated with attacks against organizations in multiple countries, including the United States, Germany, the United Kingdom, Tunisia, and Taiwan, with observed victim sectors including construction, business services, industrial manufacturing, mining, and e-commerce-related services.
Settra’s operations are characterized by ransomware-linked intrusion claims combined with public assertions of data theft and exposure. Reported incidents indicate the group advertises stolen corporate documents and, in some cases, claims access to user information, consistent with double-extortion tradecraft in which data theft is used to pressure victims in addition to encryption or disruption. Public reporting has also associated Settra activity with the use of valid accounts and access to cloud-hosted data, aligning with ATT&CK techniques such as Valid Accounts (T1078) and Data from Cloud Storage (T1530).
Victimology observed in 2026 suggests opportunistic targeting across diverse industries rather than a narrowly specialized vertical focus. Claimed victims include construction firms, registrar or business-services entities, industrial manufacturers supporting chemical and defense-related production, and consumer-facing technology subsidiaries. Settra has also appeared in ransomware claim-volume tracking, where it rapidly entered weekly rankings with a notable number of public claims, indicating an active leak-and-name operation during that period.
Attribution to a specific nation state or government sponsor is not currently available. Available information supports describing Settra as an eCrime ransomware actor engaged in financially motivated extortion. No well-established sub-groups or widely used alternate aliases are currently available beyond the Settra name itself.
Ransomware.live
Operational record
Ransomware.live
Recent claims
MITRE ATT&CK
Settra in ATT&CK
4 distinct techniquesReporting
Research mentioning Settra
Taiwan : le ministère du Numérique enquête sur une violation de données chez Pi Mobile (PChome) | CyberVeille
Le groupe de hackers Settra a affirmé avoir compromis les systèmes de PChome et obtenu des documents internes ainsi que des données utilisateurs.
Ransomware Group settra Hits: petradiamonds.com
petradiamonds.com — an organization based in GB — has fallen victim to a ransomware attack conducted by the group settra.
Ransomware Group settra Hits: orion4value.com
orion4value.com — an organization based in DE — has fallen victim to a ransomware attack conducted by the group settra.
Ransomware Group settra Hits: clc-tn.com
clc-tn.com — an organization based in TN — has fallen victim to a ransomware attack conducted by the group settra.
Ransomware Group settra Hits: wilfley.com
wilfley.com — an organization based in US — has fallen victim to a ransomware attack conducted by the group settra.
Ransomware Group settra Hits: joyconstructionnyc.com
joyconstructionnyc.com — an organization based in US — has fallen victim to a ransomware attack conducted by the group settra.
Tendances ransomware - Semaine 26/2026 | CyberVeille
DeadLock et SETTRA affichent chacun 11 revendications. SETTRA, absent du classement la semaine précédente, fait une entrée directe à ce niveau d’activité.