Skip to content
Ransomware group

titan

Titan is a ransomware threat actor known from victim-leak reporting in 2026.

Profile source: Mallory opens in a new tab

titan

Family profile

Titan is a ransomware threat actor known from victim-leak reporting in 2026. Publicly attributed activity indicates the group conducts ransomware and associated data-breach operations against organizations in multiple countries, including the Czech Republic, the United States, South Korea, and Sri Lanka. Observed victims span several sectors, including business services, technology, transportation and logistics, construction, and food production, indicating opportunistic multi-sector targeting rather than a narrowly specialized victim profile.

Available reporting supports classifying Titan as a financially motivated ransomware actor. Its known operations involve compromising victim organizations, exfiltrating data, and publicizing breaches as part of extortion activity. The actor has been linked to attacks against small and mid-sized enterprises as well as internationally connected commercial organizations. No high-confidence public information in the available material establishes Titan as a nation-state actor, identifies a sponsoring government, or confirms formal sub-groups beyond the Titan name itself.

Corroborated details on Titan's tooling, initial access methods, malware lineage, or distinctive tradecraft remain limited in the available information. As such, only the actor's role in ransomware incidents and its cross-sector victimization pattern can be stated with confidence. Known aliases are limited to the name Titan.

Ransomware.live

Operational record

View group record β†—

Ransomware.live

Recent claims

All published claims β†—

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.