The State of Ransomware 2025

We kicked off 2025 with a record-breaking 92 disclosed ransomware attacks in January, a 21% increase over last year and the highest we’ve recorded since we began tracking ransomware back in 2020. We counted 32 different ransomware groups behind the attacks, with RansomHub leading the way. Some of the bigger news stories included the Codefinger ransomware attack on AWS, the disruption caused to the education sector following a hack on Power Schools, and RansomHub’s claims involving MetLife.

Discover who else made ransomware headlines in January:

  1. The threat actor Omid16B claimed responsibility for a breach at UK-based photo company DEphoto, alleging the theft of a large volume of confidential data. The attack which occurred on Christmas day reportedly exfiltrated personal details of 555,952 customers, 429,597 orders with personal and credit card information, as well as customer photographs. A ransom demand of £50,000 was made, but the threat actor did not receive a response. DEphoto began notifying affected customers in late December.
  2. Lian Beng Group Ltd, a prominent investment holding company in Singapore, was targeted in a RansomHub attack at the beginning of the year. The notorious ransomware group claimed to have stolen 2TB of data from the company but did not release a ransom demand. The allegedly exfiltrated data included 1,500 employee NRICs, passports, insurance details, bank statements, corporate emails, contracts, and other sensitive business documents.
  3. The State Child Protection Society (SCPS) of Madhya Pradesh fell victim to the Funksec ransomware group, which emerged in December of the previous year. Funksec took responsibility for the attack, claiming to have exfiltrated 2GB of sensitive data from SCPS’s systems. While the exact details of the stolen data remain unclear, experts and stakeholders are particularly concerned about the potential exposure of sensitive child welfare information.
  4. Westend Dental in Indianapolis agreed to pay $350,000 to enhance its data protection and patient privacy measures following a state investigation into a ransomware attack that led to the unauthorized disclosure of patient information. The company failed to report the October 2020 breach within the HIPAA-mandated timeframe, waiting two years before officially notifying authorities. During the attack, health information was encrypted and then exfiltrated, affecting approximately 17,000 patients.
  5. RansomHub claimed responsibility for breaching the Latin American division of insurance giant MetLife on December 31st, though the company denies the incident. The ransomware group asserts it exfiltrated 1TB of data, adding documents written in Spanish as proof of claims to its leak site. A MetLife spokesperson stated that “there is no incident that we’re aware of,” and suggested the breach may be related to an incident involving Fondo Genesis, a MetLife subsidiary.
  6. Peikko Group Corporation, based in Finland, experienced a disruptive cyberattack at the end of December 2024. Several tools and systems became unavailable to employees, prompting the company to report the incident to police and other relevant authorities. While the company acknowledged the possibility that some customer-related data may have been accessed and stolen, an investigation is still underway. The Akira group claimed responsibility for the attack, alleging the theft of 30GB of data. On its dark web site, the group suggested the stolen information included internal finance documents, disclosure agreements, employee contact details, and HR records.
  7. Modern Automotive Network, a North Carolina car dealership chain, recently confirmed it notified individuals about a data breach that took place in July 2024. The company did not disclose what personal information was compromised in its breach notification. BlackByte ransomware gang claimed responsibility for the attack shortly after it occurred, sharing images of what they claimed were stolen files and directories as evidence.
  8. It has been confirmed that a ransomware attack, which the Richmond University Medical Center has been investigating since May 2023, resulted in a data breach affecting over 670,000 individuals . The attack led to major disruptions, with the organization taking several weeks to restore affected services. Investigators found that at least one of the exposed files contained personal information, including PII and PHI. The identity of those responsible for the attack remains unknown.
  9. In January, the Hunters International ransomware group added Nikki-Universal Co. Ltd, a major chemical manufacturer, to its list of victims. The organization confirmed the attack, stating that an investigation is ongoing. The ransomware group claimed to have exfiltrated 476,342 files during the incident, totalling 761.8GB. Although a ransom demand was not posted the organization was given until January 10th to meet the hacker’s demands.
  10. The Fraunhofer Institute for Industrial Engineering (IAO) in Stuttgart confirmed that it was the target of a cyberattack on December 27th. The attack compromised certain systems and data, but the full extent of the damage is still unclear. The institute is collaborating with IT security experts and relevant authorities to investigate the incident. It is currently unknown whether personal data was exposed to the attackers.
  11. Hunter, Taubman Fischer & Li LLC has reportedly fallen victim to a ransomware attack orchestrated by Lynx. The group allegedly successfully infiltrated the firm’s systems and exfiltrated confidential data. Specific details about the nature and volume of stolen information have not yet been disclosed. The organization has not yet made a public statement addressing these claims.
  12. South Portland Public Schools took its network offline to safeguard student data and other sensitive information amid an ongoing cyberattack. While suspicious activity was detected and a firewall was breached, the school district believes that no student or staff data was compromised. It is not yet known who is responsible for the attack.
  13. Teton Orthopaedics, a Wyoming clinic, recently confirmed that it notified 13,409 individuals about a data breach that exposed names, addresses, dates of birth, health insurance details, and medical information. In March last year the hacking group DragonForce claimed responsibility for the breach, stating they had stolen 5.5GB of data from the healthcare provider. DragonForce reportedly gave Teton Orthopaedics one week to pay an undisclosed ransom, though it remains unclear whether the organization met these demands.
  14. Rhysida listed Canada’s Montréal-Nord borough on its dark web blog, posting several samples of documents it claims were stolen from the borough’s government network. The gang set a four-day deadline for a ransom of 10 BTC (around $1 million), warning that after the deadline they would sell the data to the highest bidder. The proof of claims included illegible files containing an email, administrative contract, and one Canadian passport.
  15. Austin’s Financial Solutions became a victim of Kairos ransomware gang, with the gang publishing 147GB of data stolen during the cyberattack. The initial post on the dark web, published in mid-December, included several files as proof of claims including scans of passports, payroll data, and an employee contract. The Australian wealth management firm has not yet publicly addressed these claims.
  16. Notorious ransomware gang Clop claimed to have breached US-based mobile and wireless software company Velocitor Solutions. The ransomware group published sensitive data stolen from the organization but at this time there is no further information available.
  17. Qilin ransomware group claimed to have exfiltrated 29,843 files, totalling 22GB of data, from Australian freight forwarding firm Globelink International. The dark web posting stated that all company data would be published on 03/01/2025, though no proof of claims was provided. However, the data was uploaded to Qilin’s FTP server as threatened. The data includes details of company’s debtors and creditors, bank statements, and other internal documents.
  18. The Indian division of global travel booking agency Thomas Cook experienced a serious cybersecurity incident that disrupted its IT systems. Upon detection, the company promptly launched an investigation to assess the nature and extent of the attack while taking impacted systems offline. At this time, no hacker group has claimed responsibility for the incident.
  19. PowerSchool, an education software provider, informed individuals in the U.S. and Canada that their personal information was exposed in a ransomware attack that occurred in late December 2024. During the breach, attackers gained unauthorized access to one of the company’s customer support portals and stole sensitive data from 6,505 school districts. The stolen information included a variety of data including full names, physical addresses, contact details, Social Security numbers (SSNs), medical records, and grades. A threat actor involved in the attack claimed in their extortion demand to have stolen data on 62,488,628 students and 9,506,624 teachers, suggesting the breach affected a significant number of individuals.
  20. New York clinic Excelsior Orthopaedics confirmed it notified 357,000 people about a June 2024 data breach that compromised employee and patient information. Initial results of a forensic investigation indicated that the incident had resulted in the compromise of data. Monti took credit for the attack, giving the healthcare provider until July 16th to pay an undisclosed ransom demand. Excelsior has not verified Monti’s claim.
  21. Over 3TB of data was reportedly stolen from Kansas-based healthcare provider Sunflower Medical Group. The Rhysida group posted the organization on its darknet leak site, claiming to have over 400,000 driver’s licenses, insurance cards, Social Security numbers, and an SQL database in its possession. A sample of the allegedly stolen data was shared alongside a ransom demand of 10 BTC, equivalent to just under $10 million.
  22. New ransomware group Morpheus claimed to have compromised PUS GmbH on December 20th. The group who posts victims on its dedicated leak site, claimed that data including technical and personal documents, customer database and backups of customer databases has been stolen during the attack. The organization has not responded to these claims.
  23. Termite launched an attack on U.S. hospitality management company, The Huntington Group, in January. The ransomware group alleges that it successfully infiltrated the company’s systems and extracted nearly 39GB of sensitive data. While specific details about the stolen data was not disclosed, various screenshots were added to the dark web post as proof of claims.
  24. In Slovakia, the Land Registry Office was crippled by a large-scale ransomware attack. The UGKK experienced disruption, with its services remaining unavailable for a number of days. The UGKK chairman stated that there were no alternations made to the database and that multi-layered backups gave the option to restore data for providing critical systems. It is not yet known who is behind the incident, which is being reported as one of the worst cyberattacks in the country’s history.
  25. Addison Northwest School District in Vermont issued a clear public notice on its website, addressing a recent cyberattack. The incident locked district officials, teachers, and other employees out of servers and shut down internet services. One of the compromised servers including old payroll information for employees spanning 2008 to 2022. ThreeAM ransomware group claimed the attack.
  26. In Wyoming, the Lamarie County Library System was targeted by a ransomware attack that shut down library servers and immobilized most digital services. The library’s IT team reverted the system to a previous state and was able to resume full services. Patrons’ records were not compromised or accessed by hackers.
  27. In October of last year, Australian health and wellness company DBG Health announced a cybersecurity incident on its website, revealing that data had been exfiltrated from its server. The server contained clinical consent forms collected through its clinical services. The Morpheus ransomware group recently claimed responsibility for the attack, naming Arrotex Pharmaceuticals – one of DBG Health’s business units – as a victim. The group stated that the stolen data, totalling 2.5TB, is either ready to be sold or published.
  28. A threat actor has claimed responsibility for breaching Gravy Analytics and leaking around 1.4GB of data. The claim was made on a Russian-language forum where screenshots of what is allegedly stolen data from the U.S.-based location tracking company were shared. While the claims have not been verified, the company’s website was offline for an extended period.
  29. Rent-2-Own was added to Medusa’s leak site this month, with claims that sensitive data was stolen from the organization. Although no specific details were published on the dark web listing, the group did set a ransom of $200,000 for either the deletion or download of exfiltrated information. A timer counting down a nine day deadline was also added to the post.
  30. It was recently disclosed that 360,934 individuals were impacted by a December 2023 ransomware attack on Florida-based medical billing firm Medusind. Upon discovering suspicious activity in its internal server, the company launched an investigation, took all systems offline and notified relevant law enforcement authorities. The investigation concluded that certain files containing PII, PHI and financial information were compromised as a result of the incident.
  31. Ransomware group RansomHouse was behind a cyberattack on Cell C that compromised the data of some of its clients. Cell C provided little information about the attack, saying that initial findings suggest that data relating to a limited number of individuals may have been accessed by an unauthorized party. RansomHouse claims to have stolen 2TB of data belonging to the company.
  32. BayMark Health Services revealed that a significant data security incident late last year compromised the sensitive personal information of its patients and staff. When suspicious activity caused service disruptions, the healthcare provider immediately launched an investigation to determine the nature and scope of the incident. Compromised data is said to include names, SSNs, insurance documentation and treatment information. In October, RansomHub claimed responsibility for the attack, claiming to be in possession of 1.5TB of confidential data and giving BayMark a deadline of 36 days to fulfil it ransom demand.
  33. A new ransomware campaign targeting Amazon Web Services users by a threat actor known as Codefinger dominated the news this month. The attack leveraged AWS’s server-side encryption in order to encrypt data and then demand payment for decryption keys. The attack campaign relies upon obtaining an AWS customer’s account credentials. Amazon stated that it is aware of exposed keys and that customers would be notified.
  34. The government of Turks and Caicos reported progress in its recovery following a pre-Christmas ransomware attack. The impact of the incident caused widespread issues and outages on the islands, with the government confirming that several segments of its network had been compromised. Attackers gained access to the government’s revenue collection and payment systems, impacting numerous business operations. No ransomware group has taken credit for the attack.
  35. Funksec ransomware group preyed on Indian edtech platform Wissenhive, accessing and exfiltrating data from the company. The attackers claim to have leaked over 32,000 records containing sensitive data from 2021 to 2022. The leak involves data such as emails, contact names and other identifying information.
  36. According to claims made by Everest ransomware group. 50GB of data was exfiltrated from applied behaviour science firm Evidn. The gang posted its claim on its darknet leak site on January 9th, adding that a company representative should follow the instructions before the two week countdown runs out. A ransom was not disclosed on the post, nor was any evidence of the hack provided. Evidn is yet to publicly address these claims.
  37. Popular US-based cannabis company, Stiizy, suffered a third-party breach that exposed its customers’ ID information and transaction history. Personal information, passport numbers and signatures were also among the data types stolen. It was confirmed that Everest was behind the leak after the dispensary disregarded its ransom demands.
  38. It was confirmed that the City of West Haven in Connecticut experienced a cyberattack that forced the IT department to shut down all of its systems. Impacted systems were backed up and disruption was limited to a few days, but it was suggested that data might have been compromised. Qilin took credit for the attack and gave the city until January 19th to pay an undisclosed ransom amount. Officials from West Haven have not verified the gang’s claims.
  39. Bangladeshi private commercial bank, City Bank PLC, confirmed that sensitive client financial statements were exposed during a significant cybersecurity breach. The breach was traced back to a vulnerability in the bank’s session management system, allowing threat actors to gain access to client account statements. Funksec claimed the attack on January 21st but did not disclose the nature or volume of data stolen.
  40. RansomHub claim to have launched a cyberattack on Community Health Northwest Florida on Christmas Eve, exfiltrating information during the attack. The ransomware gang claimed to have stolen 68GB of data, giving CHNWF one week to pay an undisclosed ransom amount. The healthcare provider acknowledged that it had been hit by a cyberattack which disrupted phones, internet and servers, preventing patients from making appointments and filling prescriptions.
  41. Although Spectrum Medical Imaging were unaware that it had been targeted by a cyberattack, INC ransomware gang claims to have infiltrated the radiology practice’s systems and exfiltrated data. The data reportedly includes financial and customer information, with the claims backed up by screenshots of documents with names and medical information. The Australian company stated that it had not been contacted by threat actors and that in the event of a ransomware incident, its policy is not to pay.
  42. Following a summer cyberattack, students and parents at Natomas Unified School District were informed that they would temporarily lose access to their school accounts due to annual IT maintenance. Following the discovery of suspicious activity, the school district was forced to shut down its network system, WiFi network. VPN services and phone lines. These services stayed down for a number of weeks over the summer while the IT department attempted to resolve the issues. Investigations recently revealed that there was no evidence that data was accessed or taken during the incident.
  43. EuroCert released an official statement on its website addressing a cyberattack that took place overnight on 12th The confirmed ransomware attack resulted in a breach of personal data protection due to the malicious software encrypting files stored in the company’s servers. Upon discovery of the incident, necessary measures were taken, relevant authorities notified, and an investigation was launched. The company also stated that there was a possibility that PII, government issued ID information and photographs were exfiltrated, but that this could not be confirmed initially. RansomHub claimed the attack two days later, allegedly stealing 65GB of data from the Polish technology company.
  44. In Australia, construction company Novati was claimed by Lynx, with the ransomware gang adding the company to its leak site on January 15th. The group claimed to have exfiltrated data including contracts, financial information and incidents. The organization was given a four day deadline to pay an undisclosed ransom amount. Alongside the claims, the leak site posting contained several documents as evidence of the hack, including planning emails and correspondence, tender results and a death certificate.
  45. RansomHub claimed to have exfiltrated 1TB of data from the Musicians Institute, a prestigious music school in Hollywood, California. The group added the school to its leak site as a victim on 13th January, giving a four day deadline to meet an undisclosed ransom demand. A sample of the data shared by the group contained alleged documents and images, some of which are invoices which could include personal information.
  46. Gateshead Council in the UK confirmed that police were investigating a cybersecurity incident which took place on January 8th. This statement was made a few short hours after Medusa ransomware gang added stolen documents belonging to the council to the dark web. A spokesperson confirmed that personal data had been “infringed.” Medusa added a 31-page slide show of various documents to its dark web site, all of which included some form of PII. Job applications, department budgets and reports about individuals’ eligibility for public housing were among the data types on display. The council’s investigation is still ongoing.
  47. Major Spanish multinational telecommunications company Telefónica had its internal ticketing system compromised by Hellcat through information-stealing malware and social engineering tactics. The infiltration of the Jira platform was achieved through infostealer theft of credentials belonging to over a dozen of the firm’s employees was followed by the targeting of employees with admin privileges. This resulted in the eventual exfiltration of 24,000 employee names and emails, 5000 internal files and half a million internal Jira issue summaries.
  48. Tennessee- based Mortgage Investors Group had customers’ data exposed following a network cyberattack claimed by Black Basta. A breach notice on the lender’s website stated that information such as full names and financial data were compromised during the incident. The breach notice did not specify the nature of the intrusion, or the number of customers affected.
  49. Fog ransomware group allegedly hacked the University of Oklahoma, claiming to have exfiltrated 91GB of sensitive data belonging to employees and senators. The stolen data is said to include employee contact information, financial records (such as audits, payment details, and reports) and contact details of state senators. The university has not publicly disclosed a ransomware attack or verified claims made by the threat actors.
  50. Law firm Wolf Haldenstein confirmed that it notified 3,445,537 people of a December 2023 data breach. The attack compromised SSNs, employee ID numbers, medical diagnoses, and medical claim information. Black Basta claimed the attack shortly after it occurred, giving the law firm just over two weeks to pay an undisclosed ransom before the data was sold to a third party. Most of those individuals impacted have been notified, but in December a small subset of potentially affected people unable to receive direct notice, was identified.
  51. On the 11th January, American cycling clothing company Primal Wear discovered a ransomware attack which was carried out by RansomHub in late December. The ransomware attack resulted in the unauthorized access to and exfiltration of 10,513 files, amounting to more than 17GB of data. This data allegedly included financial records, employee information, sales data and invoice documentation. The company claims that there is currently no indication that customer data was affected by the breach.
  52. Safepay added New Zealand law firm Bell & Graham to its victim list, claiming to have exfiltrated 15GB of data. The published dataset appeared to include legal correspondence and a large amount of identification documents. Bell & Graham confirmed that it identified the issue and its IT provider and a specialist cyber incident response team worked together to respond. Actions taken included restricted access to elements of its IT system while remediation and containment was completed.
  53. A threat actor named “Omid16B” reported to several news outlets that it had exfiltrated 561GB of databases from MedSave Health Insurance in India. Data including corporate, accounts, employee’s info, sales and personal health data relating to 10,617,943 people is among the files stolen. A screenshot was attached the claim as proof of hack. The TPA has not yet comment on or respond to the claims made.
  54. Taylor Regional Hospital in Georgia became a victim of INC ransomware attack in late December 2024. The incident forced hospital staff to resort to paper medical charts in order to maintain levels of patient care. The hospital stated that it had no indication that patient records were compromised but that investigations are still ongoing. INC posted screenshots of hospital documents on its leak site as proof of claims.
  55. Italian management solutions company Divimast was claimed as a victim of an Akira ransomware attack on January 17th. The group claimed to be in possession of 8GB of data including private corporate documents, confidential agreements, internal finances and HR documents. Personal information belonging to employees and customers is also at risk of being exposed. Divimast has not yet publicly acknowledged Akira’s claims.
  56. Blacon High School in the UK had to temporarily close following a ransomware attack in mid-January. The school informed parents and students that it would remain closed for at least two days while a cybersecurity firm investigates the data breach. No additional details about the attack have been released at this time.
  57. 3TB of sensitive information belonging to Zuk Group was stolen by Handala, as the group targeted the company’s owner Moshe Zuk, a senior officer in the Israeli Mossad. The group reported that the data included financial and intelligence data such as secret transactions and covert operations. The group also claimed to have wiped and destroyed over one thousand employee systems.
  58. Morrison Community Hospital recently agreed to a $675,000 settlement to resolve a lawsuit filed in response to a 2023 ransomware attack and data breach. In September 2023 BlackCat encrypted files on the healthcare provider’s network after exfiltrating sensitive data. It was reported that 122,488 current and former patients were impacted by the breach. A lawsuit was then brought forward by affected patients, with Morrison Community hospital agreeing to pay claims of up to $5,000 for class members.
  59. Non-profit opioid treatment provider CODAC Behavioral Health began issuing data breach notifications following a cyberattack in July 2024. The notification states that suspicious activity was detected in the network environment and certain information was accessed and copied without authorization. The data compromised included personal information of patients along with some medical data. Qilin claimed the attack, suggesting it had stolen 9GB of data and adding documentation as proof of claims. CODAC has not confirmed the ransomware gang’s claims or how many people were impacted in total.
  60. The Levy Group of Companies announced that on November 1st,2023, Levy was the target of a ransomware attack. In response, Levy reported the incident to law enforcement and launched an investigation though which it learned that certain files containing confidential information has been accessed. Compromised files have since been reviewed and this month personalized data breach letters were sent out to those affected by the data security incident.
  61. Some Pick n Pay clients have had their personal information leaked on the dark web following a cyberattack on one of its service providers. Claim Expert recently announced that an incident occurred in July when a document containing personally identifiable information was exposed online. Bashe ransomware gang threatened Pick n Pay with releasing the data unless the company pay an undisclosed ransom. With the company failing to pay, personal information of 100,000 customers was published on the dark web.
  62. Marina Family Medical, located in Queensland, became the target of a successful Money Message ransomware attack. Although Money Message claimed responsibility for the hack, their dark web post offered minimal details, only showing the phrase “wait for data” and a brief company description. The healthcare provider has not yet publicly acknowledged the possibility of a ransomware attack.
  63. Australian auto parts manufacturer, Clutch Industries, confirmed it was the victim of a cyberattack days after Lynx listed the company on its darknet leak site. The organization released a statement acknowledging the claims made by Lynx, stating that it believes the potentially compromised data is limited to company and operational information. The ransomware group responsible has claimed to have stolen 350GB of data, which allegedly includes user and business data, employee details, and financial information. The group also leaked shared folders, purchasing and stock data, engineering files, and sales and marketing information.
  64. More than 60,000 individuals were impacted by a ransomware attack on Avery Products Corporation in December last year. The company stated that it became aware of an attack on its network on December 9th which prompted them to launch an investigation to determine the nature and scope of the incident. The investigation determined that credit card information was stolen alongside customers personal information.
  65. Canadian foam manufacturer Jacobs & Thompson Inc became a victim of notorious Lynx ransomware group. The attack was confirmed via social media, highlighting that the company’s systems were compromised, potentially exposing sensitive corporate data. The full extent of the breach remains unknown.
  66. One of the first high-profile victims of 2025 was American Standard, one of North America’s leading kitchen and bathroom manufacturers. RansomHub added the organization to its leak site on 22nd Jan, with a countdown clock displaying just over five days left on it. The gang claims to have stolen 400GB of data from American Standard network services, but this has not yet been confirmed by the organization.
  67. US-based missile system and aerial weapons manufacturer Stark Aerospace was added to INC ransomware group’s dark leak blog. The threat actors claimed to have 4TB of data including source code, design plans, employee passports, and firmware for all the UAV’s produced. INC also posted a proof pack containing close to 40 files samples allegedly exfiltrated from the aerospace company.
  68. Bashe ransomware gang added ICICI Bank, a major financial institution in India, to its victim site on the dark web. Bashe threatened to release customer data unless its demands were met before January 31st. A sample of data appears to include names, phone numbers, addresses, ages, genders, types of credit cards and timestamps from March 2024. ICICI Bank has not confirmed the attack.
  69. RansomHub claimed responsibility for a December 2024 data breach at Mission Bank in California. The bank notified an undisclosed number of people that information including PII, passport numbers and financial account numbers was compromised. The bank also confirmed that an unauthorized third party gained access to certain systems within its network. RansomHub claims to have stolen 2.7TB of data relating to both employees and customers from the bank.
  70. A ransomware attack on Topackt IT Solutions impacted 45 schools in various cities and districts in Germany. The external IT service provider appeared on LockBit’s darknet leak site, with claims that the gang exfiltrated 3TB of data. A deadline of January 30 was given to the organization to pay undisclosed ransom demands. At this time Topackt has not publicly acknowledged the claims made by LockBit.
  71. BWFG Business and Forensics GmbH, an Austrian association of forensic experts was hit by a Cloak ransomware attack. In late November, Cloak initially hinted at its breach, posting about an unidentified victim, using a partially masked domain name. This month, the group confirmed that BWFG was the victim, claiming to have exfiltrated 102GB of data. Leaked data reportedly contains highly sensitive information such as confidential forensic reports and client details.
  72. Healthcare facility management company HCF Management reportedly fell victim to a RansomHub ransomware attack, with the organization’s data now leaked on the dark web. In October RansomHub added HCF Inc to its leak site, claiming to have exfiltrated 250GB of files. Since January 9th 23 HCF facilities have filed reports for the HHS, indicating that at least 70,089 patients have been impacted by the breach.
  73. Argentina’s public healthcare system was dealt a severe blow when the Medusa ransomware gang announced Hospital El Cruce as a victim. The attack resulted in the compromise and loss of over 760GB of data. The ransom demanded by Medusa for the deletion of stolen files is $200,000 in BTC, with a deadline of February 6th . The ransomware gang provided a sample of very sensitive medical information but stated that although it locked some files, it did not lock anything that would affect the hospital’s operations.
  74. Matagorda County’s Emergency Operation Center published a statement warning that a cybersecurity breach had been discovered involving a virus that had affected several systems. Several services throughout the Texas county remained offline for a number of days. The county is still investigating the cause of the disruption, and no hacking group has publicly taken credit for the attack.
  75. Kill ransomware gang claimed to have gained unauthorized access to Let’s Secure Insurance Broker’s data. There is limited information available about this attack, and Let’s Secure has yet to acknowledge the incident.
  76. Leading Chinese data management company AISHU Technology Corp has reportedly fallen victim to a RansomHouse ransomware attack. The threat actors breached the company’s security defenses and gained access to and exfiltrated around 500GB of data. The sensitive data reportedly includes valuable proprietary information, customer data and confidential business documents.
  77. Weeks, Brucker & Coleman Ltd was added to the leak site of notorious ransomware gang Everest this month. Everest claim to have infiltrated the firm’s systems, exfiltrating approximately 150GB of sensitive data. The group have threatened to publish the stolen information within the next ten days if undisclosed ransom demands are not met.
  78. Ransomware gang INC claimed responsibility for a December 2024 attack on the International AIDS Vaccine Initiative (IAVI). IAVI started issuing breach notices in January, though the organization is yet to disclose the total number of people impacted and what data was compromised. Initial findings suggest that certain HR resources may have been involved in the attack. INC provided a number of screenshots of confidential documents as proof of claims.
  79. Space Bears claim to have compromised NSW-based Christian Community Aid, threatening to release data if demands were not met before the 10 day deadline expired. Although the dark web post did not contain a lot of information about the attack, it did state that the group is in possession of “valuable information” in various file types including documents, images and PDFs.
  80. This month, Florida real estate developer Stock Development confirmed that a data breach in 2023 and 2024 had compromised names, SSNs and bank account information. Stock stated that it discovered the breach in 2024 but believes that attackers first infiltrated its systems in April 2023. LockBit claimed the attack in March 2024, reportedly stealing 1TB of data and demanding $155,000 in ransom. Images of what seemed to be files and directories were posted as proof of claims.
  81. Smiths Group, a global engineering firm, reported a cybersecurity incident involving unauthorized access to its systems. The London-listed company stated that it was managing the incident by isolating affected systems and activating its business continuity plans. The organization is working with cybersecurity experts to recover affected systems and determine any wider impact the incident may have on the business. No ransomware group has yet stepped forward to claim the attack.
  82. Frederick Health Hospital’s systems were taken offline and ambulances diverted to other emergency departments due to a ransomware attack. The healthcare provider is working closely with third-party cybersecurity experts to get its systems back online as quickly as possible. A hospital spokesperson would not comment on if any data was compromised during the attack and no ransomware group has yet claimed the incident.
  83. On January 26, New York Blood Center Enterprises identified suspicious activity impacting its IT systems. The organization immediately engaged third-party cybersecurity experts to investigate the activity, and it was confirmed that it was a result of a ransomware attack. Immediate steps were taken to contain the threat, and experts are working to restore systems as quickly and safely as possible.
  84. A ransomware attack was responsible for the data breach that crippled Starkville-Oktibbeha Consolidated School District’s network in late December. The incident left students, faculty and staff without internet access on district campuses. The school district did not comment on whether student and employee data was accessed during the breach. The attack has been credited to Safepay.
  85. Kansas law firm Berman & Rabin recently confirmed it notified 151,944 people about a July ransomware attack that compromised SSNs and financial account information. Although attackers first breached the firm in July, the breach was not discovered until October. No cybercriminal group has publicly claimed responsibility for the attack.
  86. In late January, Omid16B tweeted that a US healthcare provider had been hacked, all the data within the server deleted and that all data would be published in 48 hours. Although posting information about Cardinal Health, the real victim of the attack was Apex Custom Software. The threat actor claims to have been in Apex’s network for four days, with the organization oblivious to its presence and the exfiltration of data. The amount of data stolen was not disclosed, but the group did post a number of documents as proof of hack including medication listings. According to the Omid16B, the organization responded but only offered $1,000, which was deemed unacceptable by the hackers.
  87. RansomHub targeted the South African Weather Service’s IT systems in a recent attack. SAWS systems went down as a result of the attack, with the organization reporting that it was the second cyberattack that it had been targeted with within a two day period, after the first attempt failed. According to the SAWS, RansomHub has not demanded a specific amount for a file decryptor and protection against a further leak. Critical services were not impacted by the attack.
  88. 20,997 people were notified of an August 2024 data breach involving Mississippi electric utility Yazoo Valley Electric Power Association. An investigation concluded that a limited amount of personal information was accessed by an unauthorized third party in connection with the incident. The process of obtaining information on those impacted ended in December 2024. Akira took credit for the attack, claiming to have stolen SSNs, internal corporate information, and financial records.
  89. A recent attack on Health Centre, a network of cardiology clinics in Australia was claimed by DragonForce. The group claims to have breached the healthcare provider’s IT systems, successfully encrypting the data on the servers and exfiltrating approximately 5GB of documents. The documents allegedly included sensitive information such as patient data, diagnoses and other protected health data. The group specified that it had also stolen database backups, suggesting a significant compromise of the hospital’s IT infrastructure.
  90. Community Health Center, which runs dozens of facilities across the state of Connecticut, announced that 1,060,936 current and former patients had data stolen during a cyberattack in early January. The cybercriminals did not delete or lock any of the data meaning that daily operations were not disrupted. The hacker accessed health records that included PII , treatment details, health insurance information and SSNs.
  91. ARDEX Australia was listed as a victim on Medusa’s dark web leak site in late January, with the group claiming to have stolen a trove of business documents. The group posted a comprehensive sample of exfiltrated data including spreadsheets, product lists, prices, renumeration documents, employment information, policy documents and other information some of which was marked confidential. Medusa set a countdown for the release of data in roughly 22 days. The price to purchase or delete the information was set at $300,000.
  92. A ransomware attack affected some IT assets at Tata Technologies Limited. According to a company statement, the ransomware incident led to the temporary suspension of some IT services, but client delivery services were not affected. Suspended services have since been restored. A detailed investigation is underway in consultation with experts to assess the root cause of the attack. It is not yet known who is responsible for the attack.

In February, we recorded the highest number of attacks ever for the month, reaching a total of 77, marking a 35% increase compared to last year. Government was the hardest hit sector, closely followed by the healthcare and services. Twenty-five different gangs claimed responsibility for attacks this month, with RansomHub taking the top spot for most active variant, accounting for nearly 10% of the victims.

Find out who made ransomware headlines in February:

  1. It was announced that Douglasville-Douglas County Water and Sewer Authority was hit by a malware attack in late 2024. Upon discovery of the incident immediate action was taken and the Emergency Response Plan was activated, ensuring minimal customer impact. The framework has since been rebuilt with minimal data loss. Lynx ransomware gang claimed the attack.
  2. CESI announced that it had been notified of a cybersecurity incident on February 1. A crisis unit was immediately activated, and internet access was cut off as a precautionary measure to contain the incident. Cybersecurity experts are working with CESI to analyse the impact and gradually restore services under optimal security conditions. Classes were not impacted by the attack. Termite ransomware group claimed responsibility for the attack.
  3. Details of a May 2024 cyberattack on Delta Health Memorial Hospital District finally came to light following a breach notification to the HHS. The healthcare provider stated that detection of the event occurred on May 30th and that those impacted had been notified before the end of July. It was reported that 148,363 individuals were impacted by the event. External counsel for the healthcare provider also filed a breach notification, but some of the details between the two notices were contradictory.
  4. Two years after the incident took place, individuals have begun to be notified about personal information exposed during a ransomware attack on the City of Hayward. On December 30th, 2024, officials learned that individual’s personal information including names, DOBs, SSNs, financial information, government IDs and healthcare information had been impacted. The attack disrupted aspects and components of computer systems and networks. As a response, impacted systems were taken offline for more than two weeks.
  5. Cicada3301 took responsibility for a ransomware attack on Rivers Casino Philadelphia, claiming to have stolen 2.56TB of confidential information. The casino acknowledged that it had fallen victim to unauthorized access to its computer services and later learned that some information may have been exfiltrated. Individuals whose SSNs and bank account information may have been compromised have been notified.
  6. Japanese sportswear company Mizuno confirmed that it had fallen victim to a ransomware attack orchestrated by BianLian. Malicious activity was first detected by Mizuno in November with a further investigation revealing that systems had been infiltrated since August, resulting in the exfiltration of individual’s PII. The number of individuals impacted has not yet been publicly released by Mizuno.
  7. In Texas, the city of McKinney informed thousands of residents that a cyberattack in October exposed sensitive information. The city stated that its government systems were breached on October 31st, but security systems didn’t discover the attack until November 14. The city’s IT team “severed” unauthorized activity and contacted appropriate law enforcement. The city said that 17.751 of its 213,00 residents have been impacted by the breach. No ransomware gang has yet claimed responsibility for the incident.
  8. Prominent Indian technology design and systems engineering company Mistral Solutions Pvt. Ltd fell victim to a ransomware attack at the hands of Bashe. There is very little information available about this attack, but it has been reported that the ransomware gang gave Mistral Solutions around 7 days to pay an undisclosed ransom amount.
  9. Ransomware gang BianLian claimed responsibility for a November 2024 data breach at Clair Orthopaedics and Sports Medicine. The Michigan-based healthcare provider notified an undisclosed number of patients that data including PII, PHI, and financial information had been compromised as a result of the attack. BianLian claimed to have stolen 1.2TB of data from St. Clair.
  10. Birmingham-based engineering firm IMI revealed that it was stuck by a cyberattack involving unauthorized access to its systems. IMI declined to disclose what data had been accessed in the attack, but it is understood that systems in several of its locations worldwide were impacted. This incident was announced just one week after IMI’s rival Smith’s Group admitted to being victimized by a ransomware attack.
  11. 14,207 people have been notified about a October 2024 data breach involving Crystal Lake Elementary District 47. The district stated that it experienced network disruption in mid-October, with an investigation revealing that certain information was accessed by unauthorized individuals. The school has not publicly disclosed what personal information was compromised, nor if it belonged to students or staff. RansomHub claimed the attack, allegedly exfiltrating 600GB of data.
  12. Community High School District 117 notified 18,830 people about a June 2024 data breach, claimed by BlackSuit ransomware gang. The notice issued by the district acknowledged that unauthorized access to its network occurred between June 2 and June 12, 2024, but did not confirm the claims made by the ransomware group.
  13. A ransomware attack shut down the internet and telephone systems at the University of The Bahamas, forcing changes on administrators, professors and students. The attacks began on February 2nd and impacted all online applications including email platforms and systems used for classwork, forcing all online classes to be cancelled. The university worked to contain the spread of the attack and launched an investigation into the full scope of the incident. No ransomware group has yet taken credit for the attack.
  14. Sanrio Entertainment, owners of Puroland, announced that it was investigating a cyberattack which led to a site outage. IT personnel discovered that the site had been hacked and infected with ransomware. It has been reported that records of up to two million customers, as well as information of employees and clients, may have been leaked. Currently the attack remains unclaimed by a ransomware gang.
  15. Safepay added West Virginia’s Harrison County Board of Education to its leak site, claiming to have allegedly stolen 26GB of data. A statement from the Board of Education announced that it suffered a “cybersecurity incident” that involved unauthorized access to some of its computer systems. The incident caused disruption to schools for several days. Harrison County Board of Education has not confirmed Safepay’s claims, and it is not known what types of data may have been compromised.
  16. Australian accounting firm Hall Chadwick was targeted by BianLian ransomware group, with the threat actors claiming to have exfiltrated 700GB of information. The stolen information is said to include personal data, accounting, budget and financial information, emails, contract data, files from the CFO’s PC and operational and business files. Although no ransom demand or deadline was given, a BianLian spokesperson stated that data will be “published block by block.”
  17. A December 2024 attack on Wayne-Westland Community Schools was claimed by RansomHub this month. Although the attack took place in late 2024, recovery remained ongoing throughout January, with key systems being brought back online on January 9th. Public information about this attack is limited.
  18. In Alabama, the City of Tarrant had to shut down all of its government services following a cyberattack. Systems breached during the incident included the city’s police department. Upon discovering the incident, city officials immediately followed cybersecurity protocols and notified relevant federal authorities. IT contractors were able to take down the servers, make repairs and restore services. No cybercrime group has claimed the attack to date.
  19. The IT systems of the Secretariat of the German Bishops’ Conference fell victim to a cyberattack on 10th Upon discovering the attack, emergency plans were immediately activated, IT systems were disconnected, and relevant authorities were informed. A forensic investigation is currently underway. Qilin claimed responsibility for the attack, allegedly stealing 500GB of information including client and staff data.
  20. Qilin took responsibility for a cyberattack on Lee Enterprises which caused widespread network outages, disrupting many of the company’s 70-plus newspapers and other publications. A SEC filing stated that threat actors had unlawfully accessed the organization’s network, encrypted critical applications and exfiltrated certain files. The organization also commented that many operations including distribution, billing, collection and vendor payments had been impacted by the incident. Qilin claimed to have stolen 350GB of data including investor records and financial arrangements that would allegedly raise some questions.
  21. 1TB of data has allegedly been stolen from the Israeli Police following a ransomware attack by Handala. Compromised files reportedly include personnel records, weapons inventory, medical and psychological profiles, legal case files, weapons permits and identity documents. Handala stated that it has publicly disseminated 350,000 of the stolen files. The Israeli Police have denied any direct penetration of their systems, but an investigation is currently underway.
  22. Mewborn & DeSelms recently began to notify 12,941 individuals of an April 2024 cyberattack which compromised their personal data. According to the notification, the law firm discovered network disruption and promptly initiated an investigation. The investigation has since revealed that certain files containing names and SSNs were access during the attack. BlackSuit claimed responsibility for the incident in May last year, reportedly stealing business data, employee data, financial data, and other data taken from shares and personal folders. The law firm has not confirmed BlackSuit’s claims.
  23. RansomHub took credit for a ransomware attack on the Sault Ste. Marie Tribe of Chippewa in Michigan. The attack forced multiple computer and phone systems out of operation for an indefinite period in a number of organizations including casinos, health centers and various other businesses. The threat actors claimed to have exfiltrated 119GB of confidential information from the tribe, with some news outlets reporting that the ransom demand stood at $5million.
  24. Prominent architectural, engineering and planning firm, O&S Engineers & Architects, was hit by a ransomware attack orchestrated by DragonForce. The ransomware gang added the organization to its leak site, claiming to have stolen 388.24GB of data. The group also added an eight-day deadline to the posting. It is not clear what type of data has been impacted by this incident or if a ransom was demanded by the group.
  25. Wong Fleming confirmed that personal data belonging to KeyBank clients, which was stored within its systems, may have been viewed or obtained by a third party. In response to the law firm’s notification, KeyBank began an investigation into the allegedly accessed data, determining the types of information accessed varied with each individual. RansomHub added Wong Fleming to its leak site this month, claiming to have stolen 500GB of information from the firm.
  26. Fog ransomware gang claimed responsibility for a cyberattack impacting the University of Notre Dame Australia. The university confirmed that it had experienced a cybersecurity incident but due to an ongoing investigation it could not comment any further. Fog claimed to have exfiltrated 62.2GB of data including contact information of students and employees, student medical documents, and other confidential information. The hackers did not list a ransom demand or ransom deadline.
  27. Cisco repudiated the reported compromise of its internal network by the Kraken ransomware operation, which proceeded to post sensitive information allegedly stolen from its systems. The ransomware gang claimed to have stolen Cisco’s Windows Active Directory environment credentials, usernames, related domains and accounts’ unique relative identifiers. Cisco reported that the stolen credentials had been leaked during a cyber incident in May 2022.
  28. Nature Organics confirmed that it was aware of a cybersecurity incident claimed by Medusa and was taking appropriate actions in its aftermath. Medusa listed the Australian manufacturer on its leak site alongside claims that it has stolen 142.85GB of data. A proof of hack was also added to the leak site including passport and driver’s licenses belonging to employees, bank account transaction histories, confidentiality agreements, internal communications and employee payslips. The group demanded a $150,000 ransom in exchange for the deletion of the data.
  29. Data breach notifications were issued by Muscogee County School District following a cyberattack in December 2024. MCSD stated that suspicious activity was detected on its networks during the holiday period and that some data belonging to employees may have been obtained. Safepay took credit for the attack in late January, claiming to have stolen 382GB of data from the school district. The ransomware group’s claims have not been confirmed by MCSD.
  30. Sarcoma claimed responsibility for an attack against the Unimicron printed circuit boards (PCB) maker in Taiwan. On its leak site, Sarcoma claimed to be in possession of 377GB of SQL files and documents exfiltrated from Unimicron. The cybercriminals also published samples of files allegedly stolen during the attack. On February 1st, Unimicron confirmed it had suffered disruption due to a ransomware attack, but did not confirm a data breach.
  31. In Australia, the Albright Institute was added to Kill’s dark web blog in mid-February. The ransomware gang did not set a ransom demand but did state that it would publish the data in less than six days from the time the listing was posted. A sample of data containing passport scans, study offer letters, payment plan documents and other personal data was added as a proof of claims. The Albright Institute is yet to publicly address claims made by Kill.
  32. Obex Medical, based in New Zealand was also added to Kill’s dark web leak site, alongside claims that data had been exfiltrated from the company’s networks. Like other listings, Kill did not set a ransom demand but did set a timer for less than 8 days. A sample of data including tax invoices was added to the listing. At this time, it does not appear that any personal data has been exposed.
  33. BianLian claimed to have infiltrated Aspire Rural Health System’s networks, exfiltrating a variety of data. In early January, the organization stated that it was experiencing a “technical outage” impacting its network and phone systems but has not confirmed a cyberattack. BianLian claims to have stolen data including patient records, financial information, and email correspondence.
  34. Tokyo-headquartered steel-making company Nippon Steel allegedly suffered a ransomware attack at the hands of BianLian. The ransomware group claims to have stolen 500GB of data, with exfiltrated sensitive information including accounting data, client financial and personal data, network users’ personal folders and fileserver data.
  35. Lynx ransomware gang announced that it had stolen 170GB of data from Australian truck dealership Brown and Hurley. The data allegedly includes sensitive documents relating to HR, business contracts, customer information, and financial records. Lynx published a pair of documents as evidence of the hack; one was correspondence from an insurance company and the other was a service agreement with a third party.
  36. Qilin claimed to have breach the Bethany Lutheran Church in Wisconsin, listing the church on its victim leak site in mid-February. The dark web post provided no specifics about the attack or any proof to support the claim. Bethany Lutheran Church are yet to issue a public statement addressing the group’s claims.
  37. A ransomware attack forced a number of systems offline at SimonMed Imaging in Arizona. A company representative stated that SimonMed “interrupted” hackers, and that no data was encrypted. Ransomware gang Medusa claimed the incident, saying that it was in possession of 212GB of data belonging to the healthcare providers. The ransomware gang was seeking $1 million in BTC in exchange for the data.
  38. Australian National University investigated claims of an alleged ransomware attack after it was added to FSociety’s darknet leak site. The group claimed to have exfiltrated all data from the institutions servers before encrypting it. A seven-day deadline to meet undisclosed demands was set. The university has provided no further update on the attack.
  39. Embargo claimed Anne Grady Services, a non-profit organization in Ohio, as a victim in February. This is not the first attack this organization has faced, with RansomHub claiming to have stolen 107GB of data. Anne Grady Services has not made any public statement addressing these attacks.
  40. Now-defunct Australian media company Regency Media was added to Akira’s dark web leak site, with the threat actors claiming to have stolen 16GB of information. The “essential data” reportedly contains NDAs, driver’s licences, passports, contact information belonging to employees and clients, financial data and more.
  41. North Carolina law firm Allen & Pinnix P.A. was targeted by a cyberattack, which has since been claimed by Akira ransomware group. The threat actors claim to have obtained 29GB of information from the firm’s network. The compromised data allegedly includes NDAs, medical records, contact information of employees and clients, as well as personal identification documents such as passports and birth certificates.
  42. Switzerland’s top industry association for mechanical and electrical engineering companies, Swissmem, has fallen victim to a major ransomware attack by Hunters International. The attackers claim to have stolen 456GB of data including proprietary technical specifications, financial records, and details of member organizations. The group gave a five-day deadline to meet undisclosed demands.
  43. INC ransomware group reportedly targeted Kibbutz Lavi Hotel in Israel, though no evidence has been presented to substantiate this claim. The group is said to have exfiltrated 174GB of sensitive data, consisting of 119,128 files. No additional details about the attack have been disclosed publicly.
  44. German manufacturer Südkabel issued a press release confirming that it had fallen victim to a cyberattack which resulted in IT disruption. The communication channels were among the impacted services, with the production processes facing very minor disruption. The organization stated that it is currently assessing if any data had been affected by the incident. Akira took credit for the attack, claiming to have stolen 27GB of information including NDAs, financial data, and employee and customer contact information.
  45. In San Antonio, Consultants in Pain Medicine recently confirmed it notified 2,062 Texans of a June 2024 ransomware attack which led to patient information being breached. The compromised information includes PII, financial account information, medical info and health insurance policy documentation. INC ransomware gang claimed responsibility for the attack in August, posting several images as evidence.
  46. The Pulmonary Physicians of South Florida was named as a victim on Brian Cipher’s dark web leak site. The group claims to have exfiltrated sensitive patient information including personal details and medical history. The healthcare provider was given until March 2 to meet undisclosed demands.
  47. RansomHub claimed responsibility for an attack on Riverdale Country School, alleging that it had stolen 42GB of data. The dark web posting included a five-day deadline to meet ransom demands before data was leaked. Riverdale has not yet publicly addressed these claims.
  48. It was reported that RansomHouse claimed responsibility for stealing data from the Supreme Administrative Court of Bulgaria. The group published documents, including lists of employee names, personal data, and leave applications, as evidence of the breach. Acting Chairman of the Supreme Administrative Court confirmed that the system had been infected with ransomware and that human error may have led to the attack. He acknowledged that a ransom had been demanded but firmly denied that data had been lost from the Unified Case Management Information System.
  49. Paratus Namibia’s MD confirmed that the company detected unusual activity on its network in mid-February and immediately isolated affected systems. The organization enlisted international cybersecurity experts to assist with recovery efforts and have since invested in advanced security solutions to prevent future incidents. An investigation into the full extent of potential data compromise is ongoing.
  50. Great Plains Bank in South Dakota confirmed it notified 7,767 people about a November 2024 cyberattack which led to names and SSNs being compromised. The bank stated that an investigation is ongoing but has confirmed that some personal information was accessed by an unauthorized party. Akira claimed the incident stating it had stolen 18GB of data. The group went on to say that it had exfiltrated internal corporate documents including NDAs, driver’s licenses and contact information belonging to employees and customers.
  51. London-based entertainment management company, The Agency, disclosed that they had been impacted by a cyberattack following claims made by Rhysida ransomware group. Rhysida allegedly exfiltrated files including internal information, spreadsheets, and other client data. The group’s leak site also noted a $678,035 bitcoin ransom demand issued to The Agency.
  52. Almost 2.3TB of data belonging to HCRG Care Group was held to ransom by Medusa ransomware gang. HCRG, which runs child and family health and social services in the UK, was added to the ransomware gang’s leak site alongside a demand of $2 million in exchange for the stolen data. Samples of the data, totalling 35 pages, has already been released and contains passports, driving license scans, staff rotas, birth certificates, and data from background checks. HCRG is currently investigating these claims.
  53. Safepay claimed responsibility for a January 2025 ransomware attack on IT giant Conduent. The organization confirmed it suffered an outage on January 22nd which disrupted electronic money transfers and EBT payments for two days. The ransomware group claimed to have stolen 8.5TB of data, but these claims have not yet been verified by Conduent.
  54. Qilin claimed to have successfully hacked the Palau Ministry of Health and Human Services in a leak post on February 20. On the dark web posting, Qilin stated that all data will be available to download on 27.02.2025, before sharing details of the victim. MHHS confirmed that it had been targeted by a cyberattack and that an investigation to determine the extent of the attack is ongoing. No further details on the hack have been made public.
  55. Persante Health Care, a leading provider of sleep management services, was targeted in a cyberattack that led to the leak of several patient sample videos from its facility. The INC ransomware group added the healthcare provider to its leak site, posting the videos as proof of their claims. Persante Health Care has not yet issued a public statement regarding the leak.
  56. Anne Arundel County government systems were disrupted by a cyberattack. Although some services were down, all emergency services remained fully operational. The county released a statement confirming that an ongoing cyber incident of external origin was impacting public services. There is no further information on this attack currently available.
  57. The Hong Kong government’s investment promotion arm, InvestHK, stated that it was checking whether any personal information had been compromised following a ransomware attack on its computer systems. Preliminary findings revealed that the attack had impacted internal customer relationship management systems, the intranet and sections of its website. It was also revealed that basic information on clients could have been exposed as part of the attack. No ransomware group has yet claimed responsibility for the incident.
  58. Major Australian IVF firm Genea Fertility revealed that it discovered suspicious activity on its network in mid-February, with the clinic disabling some systems to contain a breach. According to an update given by the organization, it is believed that personal information within its patient management system was accessed and stolen by threat actors. Both PII and PHI could be involved in the breach, but the organization is yet to confirm the types of data stolen. Termite ransomware group claimed responsibility for an attack on the IVF clinic in early February.
  59. Hunters International issued an ultimatum to Comisiones Obreras (CCOO), giving them a one-week deadline to meet financial demands and avoid the leak of sensitive information. The group claims to have extracted 570GB of information from the union’s servers. Although there is no information about how the information was accessed or when the event occurred, the threat actors set a deadline of March 2. to meet undisclosed demands.
  60. Lynx ransomware group claimed to have compromised Xepa-Soul Pattinson Sdn Bhd, a leading pharmaceutical manufacturing enterprise in Southeast Asia. The attack allegedly resulted in the exfiltration of 500GB of sensitive data including internal operation documents, financial records, contractual agreements, patent filings, and HR information. There is not further information currently available about this attack.
  61. Medusa claimed responsibility for a cyberattack on Laurens County School District 56 in South Carolina. The gang gave the school district two weeks to pay a $320,000 ransom or it will release 2.4TB of the school’s private information. A sample of documents was provided by the group on its leak site. District 56 has not verified the claims made by Medusa but did confirm that there had been a security breach impacting its systems.
  62. Siberia’s largest dairy plant was reportedly disrupted by a LockBit ransomware attack. The attack on the Semyonishna plant, which took place in December, involved an unidentified hacker group encrypting the company’s systems using a LockBit ransomware strain. The hackers used remote access software AnyDesk to spread the ransomware across the company’s network. It was confirmed that the targeted system lacked antivirus protection.
  63. Detroit PBS disclosed that a cyberattack on the local TV station resulted in the exfiltration of sensitive information. The data breach was detected back in September, with an investigation revealing that certain Detroit PBS systems had been infected with malware, which prevented access to certain files. The stolen files included the personal information of at least 1,694 individuals. Qilin ransomware group claimed the attack, a post on the gang’s dark web site stated that it was in possession of 345GB of data.
  64. Akira listed Thornton Engineering on its dark web leak site in late February, claiming to have exfiltrated personal and business files from the organization. The group stated that it was ready to upload 11GB of corporate documents including contact information and financial data. Thornton Engineering is yet to respond to these claims.
  65. Chicago-based law firm Dinizulu Law Group Ltd became the victim of a Morpheus ransomware attack in late February. The breach exposed confidential legal documents, financial records, employee and client personal data, business plans, and videoconference recordings tied to active court cases. The law firm is yet to publicly acknowledge the incident.
  66. Cleveland Municipal Court was closed for at least three days following a cybersecurity incident. The court stated that it has not confirmed the nature and scope of the incident but that all internal systems and software platforms would be shut down until further notice. No further information on this incident is available.
  67. Australian adult website, Adult XXX Reviews, confirmed that a limited amount of user data was leaked, with a hacker offering a 94,000-strong dataset for sale on a hacking forum. The hackers posted that they were selling the data for $300 in BTC. A sample of dozens of sets of user data, including names, addresses, passwords and membership details were added to the post on the hacking site. The matter has been referred to relevant cybersecurity authorities.
  68. Orange Group has confirmed that one of its non-critical apps was breached in an attack on its Romanian operations. This admission was given after a member of HellCat ransomware gang allegedly exfiltrated thousands of internal files with user records and employee details. The theft of almost 6.5GB of corporate data, including 12,000 files, was the result of the infiltration of Orange’s systems for more than a month via the exploitation of Jira software and other vulnerabilities.
  69. The Anubis ransomware gang claimed Australia based Pound Road Medical Centre (PRMC) as a victim, claiming to have exfiltrated extensive medical data. In an article published on its leak site, Anubis names specific patients, medical histories, and incidents within the medical centre to highlight just how detailed the exfiltrated data was. The ransomware group also claimed it had access to reports that highlight cases of malpractice within PRMC. PRMC posted a data breach notification on November 13th stating that investigations had identified that patient data had been accessed and stolen from its systems.
  70. VectraRx Mail Pharmacy Services disclosed a significant data breach that compromised the sensitive personal and protected health information of 109,383 individuals. The breach, which was discovered in mid-December, involved unauthorized access to the company’s systems, exposing names, SSNs and other personal information. It has not been confirmed which cybercrime group is responsible for the incident.
  71. Heartland Community Health Center in New York reported a data breach that exposed sensitive personal and protected health information of individuals. The breach, discovered in October 2024, prompted an investigation that concluded on January 10th, confirming that an unauthorized third party had accessed the data. Medusa claimed responsibility for the attack this month and issued a ransom demand of $180,000 for the stolen information.
  72. Leading Chinese semiconductor manufacturer National Technology Co, confirmed it suffered a devastating ransomware attack carried out by the RansomHouse group. Over a span of 72 hours, the threat actors exfiltrated 3TB of sensitive data including proprietary R&D blueprints, customer financial records and industrial IoT firmware.
  73. A DragonForce ransomware attack targeted Al Bawani, a prominent Riyadh-based real estate and construction firm, resulting in the exfiltration of 6TB of sensitive information. Threat actors announced the breach on February 14, demanding a ransom before publishing the stolen information through a dedicated leak site.
  74. Ligentia issued a statement on its website confirming that it had been subject to a cybersecurity incident caused by an unauthorized third-party which impacted some of the company’s systems. Immediate steps were taken to address the incident and business continuity procedures were implemented to minimize disruption to customers. Relevant authorities were informed. Termite has claimed responsibility for the attack.
  75. RansomHub claimed responsibility for a January 2025 cyberattack on the Town of Bourne in Massachusetts. RansomHub gave town officials one week to pay an undisclosed ransom amount before it will auction off 100GB of allegedly stolen data. Although Bourne officials have not confirmed RansomHub’s claim, the town and local police did announce that it had been hit by a cyberattack on January 11.
  76. Auckland-based law firm Hudson Gavin Martin confirmed that it had fallen victim to a RansomHub ransomware attack. RansomHub posted details of the attack in late February, claiming to have stolen 30GB of data. A spokesperson from the law firm stated that they were aware of the cyber incident that resulted in an unauthorized third party accessing a limited part of the company’s IT system. It was revealed that personal information belonging to a handful of employees and a small number of clients had been affected.
  77. DragonForce listed Auckland-based car dealership Tristram European as a victim on its darknet leak site. The hackers reported that 33.73GB of data was stolen, publishing the full amount at the time of posting. The data included employee pay details, financial data, maintenance information and a database containing details of the dealership’s gold-level customers. Tristram European is yet to publicly address these claims.

Related Posts

Post Comment

You May Have Missed

NewsBlogger - Magazine & Blog WordPress Theme 2025 | Powered By SpiceThemes