Radiant
Radiant is a newly emergent ransomware/extortion group. The content links it to the compromise of the global nursery chain Kido, where it claimed to have stolen sensitive data on approximately 8,000 children and their families. Reported stolen data included names, home addresses, photographs, contact details, medical records, and safeguarding notes. Radiant used the data for extortion, demanding about £600,000 in Bitcoin in one report and $800,000 in another, contacting parents directly, and posting or leaking some children’s images to pressure payment. The intrusion into Kido was reported as occurring via Famly, a third-party software service used by Kido. After backlash from the cybersecurity community and criticism on the RAMP forum, Radiant said a partner had violated its rules by targeting a childcare company, claimed it removed Kido-related data, provided a security report and deletion log, and stated it would disable intrusions against organizations holding children’s information.
The group also claimed to have targeted an unnamed hospital in Minnesota, reportedly setting an Oct. 13 deadline and threatening to identify the victim if its demands were not met. Separately, Radiant was listed on a leak site as an active threat in connection with Magna Foodservice in Germany on October 12, 2025. The content explicitly describes Radiant as a ransomware gang/group and an active leak-site extortion actor. No confirmed technical malware family details, encryption behavior, or specific indicators of compromise are provided in the source content.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Recent activity
6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Radiant is a ransomware group responsible for attacks on organizations such as Magna Foodservice, with data breach exposure and extortion via leak sites.
Radiant is a group engaged in extortion by leaking sensitive data (in this case, images of children) and demanding ransom to prevent further leaks. They have targeted the Kido nursery chain.
Radiant is a group engaged in extortion by leaking stolen sensitive data and demanding ransom to prevent further leaks. In this case, they targeted a nursery chain and threatened to leak images of children unless paid.
Radiant is a ransomware group that conducted a high-profile extortion campaign against the Kido nursery chain, stealing sensitive data and demanding a ransom. They used aggressive tactics including direct contact with victims' families and public posting of stolen data.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.