When the 0APT ransomware group first appeared on the Dark Web on January 28, 2026, it immediately attracted notice by claiming to have 200 victims. Researchers studying cybersecurity, however, have found that these claims are a hoax: the purported "data leaks" are not real, and there are no files that can be downloaded. Because of the group's actions, experts have called the campaign a scam that aims to spread throughout the ransomware ecosystem rather than provide any real data.

The Data Leak Site (DLS) and the False Victims The 0APT ransomware group imitated the actions of other well-known ransomware groups by creating a TOR domain that looked professional in order to host its data leak site (DLS). The website, which is reachable through the Onion network, is protected by Cloudflare and serves content via CDNJS.

Organizations and security experts should make sure that systems are safeguarded with the most recent security measures and stay alert to the group's changing tactics.