0APT ransomware crew makes embarrassing splash
February 18, 2026 – Published on ComputerWeekly
A newly operational ransomware-as-a-service (RaaS) gang that emerged during January 2026 has made waves after publishing the names – and partial data – of almost 200 victims in quick succession, but ransomware experts say the criminal operation may not be all it’s cracked up to be.
There is credibly evidence that many of the victims themselves may not exist. Indeed, screenshots shared by Jason Baker of GuidePoint Security’s Research and Intelligence (GRIT) team reference one victim, Metropolis City Municipal, from which 0APT claimed to have stolen city planning documents, supplier payments and internal memos.
While there is a real Metropolis, in southern Illinois, it is a small town of barely 7,000 people and there is no indication it has been hit by a ransomware attack. 0APT’s use of the name is almost certainly a reference to the DC Comics Superman franchise – and it has since been removed from the leak site.
According to GRIT, there are some real entities claimed by the gang, including Germany’s BASF, Taiwan’s Foxconn, the UK’s GlaxoSmithKline, Japan’s Hitachi, South Korea’s Hyundai Heavy Industries and France’s TotalEnergies. But Baker said that in at least two instances he was aware of, alleged victims had said they experienced no intrusion, found no ransom note, and had no direct communication with the cyber criminals.
“The victims claimed by 0APT are a blend of wholly fabricated generic company names and recognizable organizations which threat actors have not breached,” he said. “GRIT has observed no evidence that these victims were impacted by a threat actor associated with 0APT,” including through first-hand reporting.
Read More HERE.