PUBLISHED on 2 February 2026, Krebs on Security reports that the data ransom gang calling itself Scattered Lapsus Shiny Hunters (SLSH) extorts victims through harassment, threats and even swatting, while notifying journalists and regulators about intrusions. According to Allison Nixon, director of research at Unit 221, SLSH is an unruly, English-language group that differs from traditional Russian ransomware crews by prioritising intimidation over a reputational pledge to delete stolen data.
Nixon notes that victims are sometimes paying not just to stop data leakage but to quell personal attacks, while SLSH members increasingly use Telegram channels to coordinate threats and media outreach. The group is known for phishing employees and abusing compromised access to exfiltrate internal data, with threats of violence, DDoS, and flooding campaigns during extortion negotiations.
Nixon warns against negotiating with SLSH, arguing that the faction’s unresolved internal conflicts and lack of a credible commitment reduce the likelihood of a genuine ransom payout, and that the broad aim is to keep victims worried and in the media spotlight.