Home Incidents Ransomware
The fast-growing extortion group TheGentlemen added German naval-defense electronics manufacturer Atlas Elektronik to its dark-web leak site on 28 June 2026, claiming a double-extortion attack dated to around 25 June, though the TKMS subsidiary had not publicly confirmed any breach.
Victim Atlas Elektronik (TKMS)
Indian automaker Bajaj Auto disclosed that a ransomware attack detected on the morning of 23 June 2026 affected systems at the company and its technology subsidiary, prompting containment measures and regulatory filings with CERT-In and SEBI.
Victim Bajaj Auto
The Qilin ransomware group publicly claimed a June cyberattack on the Central Bank of Libya, threatening to leak stolen data after the bank said the intrusion touched a limited number of systems.
Victim Central Bank of Libya
Japanese motor and electronics giant Nidec confirmed a ransomware attack on its Taiwanese subsidiary Nidec Chaun Choung Technology, after which the Blackfield gang claimed the breach and demanded a $2 million ransom.
Victim Nidec Corporation
Michigan's largest federally qualified health center, Cherry Health, posted a preliminary breach notice on 18 June 2026 after suspicious network activity detected in April triggered a days-long outage and the copying of patient and staff data, including Social Security numbers.
Victim Cherry Health
On 22 May 2026, the town hall of Eyguiรจres (Bouches-du-Rhรดne, ~7,000 inhabitants) was hit by a Qilin ransomware attack that took down its municipal IT systems and put residents' administrative and personal data at risk of compromise.
Victim Eyguiรจres town hall
The Titan ransomware group claimed a double-extortion attack on Groupe CRIT's Tunisian subsidiary CRIT Tunisie, leaking payroll and administrative records, financial files and scanned identity documents and passports belonging to workers and employees.
Victim Groupe CRIT
Transitions Pro Centre-Val de Loire, the regional body that funds and supports employee career-retraining projects, was hit by the Prinz Eugen ransomware group, which claimed to have exfiltrated and encrypted hundreds of gigabytes of HR, financial and personal data and threatened to publish it.
Victim Transitions Pro Centre-Val de Loire
The Anubis ransomware group claims to have compromised the systems of A.R.Ge.Co, a French company specializing in accounting services and
Victim A.R.Ge.Co
The Nitrogen ransomware group claimed on its dark-web leak site that it had stolen over 11 million files from Foxconn's North American facilities, including confidential information belonging to customers Apple, Dell, Google, Intel, Nvidia, and Sony. Foxconn said affected factories were resuming normal production.
Victim Foxconn (Hon Hai Precision Industry)
The Qilin ransomware group claims to have compromised the systems of Le Domaine des Tournels, an establishment located in the Gulf of Saint-Tropez. At this
Victim Le Domaine des Tournels
In May 2026, the BravoX ransomware group claimed a double-extortion attack on Soprolux, a French food distributor serving restaurants and professional clients, publishing banking documents, SEPA mandates, IBAN/RIB details and customer and supplier records to pressure the company.
Victim Soprolux
In early May 2026, the MedusaLocker ransomware gang listed the Acadรฉmie de Montpellier / CSJM โ a French public-school network around Bรฉziers โ on its leak site, claiming to have exfiltrated administrative documents and credentials, with reported exposure of 309 staff and 6,915 user accounts.
Victim Montpellier education authority
On 5 May 2026, the SpaceBears ransomware group listed French industrial-equipment manufacturer Erla Technologies SAS on its leak site, claiming to have stolen employee and client personal data, financial documents and project files โ including documentation tied to a French army client.
Victim Erla Technologies
On 3 May 2026 the town of Quiberon (Morbihan, France) was hit by a Qilin ransomware attack that encrypted part of its IT systems and exfiltrated personal data; the city refused the ransom and began a gradual, secured rebuild of its infrastructure.
Victim Quiberon town hall
On 27 April 2026, the Qilin ransomware group listed Exclusive Networks โ the France-headquartered global cybersecurity and IT distributor โ on its leak site, threatening to publish stolen data unless the company entered negotiations; the scope remained unconfirmed.
Victim Exclusive Networks
In April 2026, the Coinbase Cartel extortion group listed French energy giant Engie on its dark web leak site, claiming to have stolen sensitive data and threatening to publish a full dump unless a ransom was paid; Engie did not publicly confirm the breach.
Victim Engie
On 21 April 2026, French medical-packaging manufacturer Sterimed was claimed by the Qilin ransomware group, which published internal files โ technical documents, project data, HR records, IT-security material and system backups โ on its dark-web leak site.
Victim Sterimed
On 20 April 2026, the City'Pro Marionneau vocational and driving-training network was hit by a cyberattack claimed by the Qilin ransomware group, which published stolen files โ trainee records, HR documents, and commercial data โ on its leak site.
Victim City'Pro Marionneau
On 20 April 2026, French law firm Gueguen Avocats was listed on the Qilin ransomware leak site, which claimed to have exfiltrated thousands of files including internal emails, financial reports, a password spreadsheet, employee data and client case files.
Victim Gueguen Avocats
Filair, a French industrial metal-fabrication company, was hit by the Lamashtu extortion group, which exfiltrated and published nearly 50 years of internal archives โ tens of thousands of files spanning CAD engineering data, financial records and HR documents.
Victim Filair
Gauthier Tissus, a French manufacturer of technical woven and finished fabrics, was listed on the Lamashtu extortion group's leak site, which published roughly 54 GB (about 8,500 files spanning 1996โ2026) of internal financial, HR, commercial and R&D data.
Victim Gauthier Tissus
On 14 April 2026, the threat actor Lamashtu claimed to have stolen roughly 52.6 GB of data and about 41,000 files from France's wine appellations confederation CNAOC, spanning 1994-2025 and including financial, HR and governance records.
Victim CNAOC
Records 41.0K
On 8 April 2026, the French metal-grating manufacturer Diamond was listed on the Gunra ransomware group's leak site, which claimed to have exfiltrated confidential OneDrive and SharePoint documents covering projects, clients and internal operations.
Victim Diamond
In early April 2026, Synergy, a French data-management and cloud-services provider, was reportedly hit by a ransomware attack involving unauthorised access to its systems and a probable threat to exfiltrated client data; the scale and attacker were not disclosed.
Victim Synergy
On 6 April 2026, the Akira ransomware group listed French aerospace connector manufacturer Gauthier Connectique (a Nicomatic company) on its leak site, threatening to publish 42 GB of exfiltrated data including employee ID documents, technical drawings, financial records and NDAs.
Victim Gauthier Connectique (nicomatic)
On 6 April 2026, Bordeaux-based healthcare software publisher YMED, which runs the SOONCAREยฎ appointment platform, was hit by an extortion attack claimed by the group XP95, which exfiltrated 132 GB of data covering 253,342 patients and over 431,000 medical files.
Victim YMED (SOONCARE)
Records 253.3K
French cosmetics manufacturer Aircos Pascual, a subsidiary of the Anjac group, is targeted by a ransomware attack claimed by the group
Victim Aircos Pascual (Anjac)
Fountain, a Belgian stock-listed provider of workplace coffee and refreshment services, disclosed in early April 2026 a ransomware attack involving unauthorized access to part of its IT systems and confirmed data exfiltration, with the DragonForce group claiming responsibility.
Victim Fountain
French manufacturer Serap, the world's leading maker of farm milk cooling tanks, was hit by an Akira ransomware double-extortion attack disclosed on 2 April 2026, with the group threatening to publish around 50 GB of stolen internal data.
Victim Serap
Under Armour confirmed a breach by the Everest ransomware group that exposed roughly 72.7 million unique customer email addresses along with names, dates of birth, genders, locations and purchase histories, leaked publicly after extortion failed and now reaching French customers.
Victim Under Armour
Records 72.7M
On 1 April 2026, the French Catholic school group Notre-Dame du Grandchamp was listed on NightSpire's leak site after a ransomware attack that exfiltrated roughly 330 GB of data, including students' medical records, academic files and HR data on thousands of pupils and staff.
Victim Notre-Dame du Grandchamp
On 30 March 2026, the extortion group ALP-001 listed French telecom group Iliad (parent of Free) on its leak site, publishing a 5.4 GB sample of mobile-network engineering data โ radio measurements, GPS drive tests, and network optimization records โ and threatening fuller disclosure.
Victim Iliad (Free)
On 2 March 2026, ticketing platform Vivaticket disclosed a RansomHouse ransomware attack that exfiltrated customer data โ names, emails, postal codes and purchase history โ affecting users of 3,500 partner venues including the Louvre and the BnF.
Victim Vivaticket
In early March 2026, French aerospace and automotive fastener manufacturer LISI Group was hit by the Qilin ransomware gang, which exfiltrated a limited set of corporate data โ bank account/IBAN details, supply contracts, confidentiality agreements and employee information โ from two ancillary sites.
Victim Lisi
In early 2026, French digital-infrastructure consultancy Tactis was hit by the Qilin ransomware gang, which listed the firm on its leak site and threatened to publish exfiltrated internal data covering its telecom and smart-city projects for public and private clients.
Victim Tactis
In February 2026 the LAPSUS$ extortion group claimed the theft of about 420 GB of data from France's Civil Aviation Safety Organisation (OSAC), including ID cards, passports, diplomas, proof-of-address documents and internal files; the data was later leaked in full.
Victim Civil Aviation Safety Organisation
On 19 February 2026, the Incransom ransomware group claimed to have stolen 279 GB of data (225,372 files) from French environmental-remediation firm Valgo SA, including contracts, NDAs, financial records and client data naming Renault Group and others.
Victim Valgo
Permanent and non-permanent staff who worked at CNRS before 31 December 2006 are affected by a data leak confirmed by CNRS. The exact volume of exposed information has notโฆ
Victim CNRS
In early February 2026, the Qilin ransomware group listed French coach-travel operator Voyages Robin on its dark-web leak site, claiming to have stolen customer booking details, travel itineraries and financial records.
Victim Voyages Robin
Delko, a French automotive repair and spare-parts franchise network, was hit by the Sinobi ransomware group around December 2025; the gang published the company on its leak site on 5 January 2026, with the claim relayed to affected customers and publicly on 20 January 2026.
Victim Delko
In January 2026, sportswear brand Under Armour was hit by a data leak after the Everest ransomware gang published roughly 72.9 million stolen customer records online, including about 6.7 million people in France, exposing names, emails, dates of birth and purchase history.
Victim Under Armour
Records 72.9M
The Akira ransomware group listed French roller-shutter component manufacturer Zurflรผh-Feller as a victim in early 2026, threatening to publish around 66 GB of stolen corporate data, including employee identity documents, financials, contracts and NDAs.
Victim Zurflรผh-Feller
In late December 2025, the town hall of Lens (Pas-de-Calais, France) disclosed an intrusion into its information system that paralysed municipal services for about a week, blocking staff software and telephone lines; the attack vector was undisclosed and data theft was not confirmed.
Victim Commune de Lens
In December 2025, the EHPAD Rรฉsidence du Parc nursing home in Champdeniers-Saint-Denis (Deux-Sรจvres, France), home to around 90 residents, was hit by a ransomware attack that encrypted files and dropped a $5 million ransom note; administrative data and possibly scanned ID documents were exposed.
Victim Rรฉsidence du Parc (Champdeniers-Saint-Denis)
A threat actor exfiltrated around 387 GB of data (some 411,000 files) from French mortgage and credit broker La Centrale de Financement, exposing highly sensitive customer KYC documents, financial records and internal files, then offered the dataset for sale after failed extortion negotiations.
Victim La Centrale du Financement
In November 2025, the Cl0p extortion gang listed French tyre maker Michelin on its leak site, claiming to have stolen internal manufacturing, engineering, supply-chain, financial and HR files via the Oracle E-Business Suite zero-day (CVE-2025-61882).
Victim Michelin
On 27 October 2025, Italian sofa and furniture retailer Poltronesofร suffered a ransomware attack that encrypted its servers and exposed personal data of thousands of customers, including names, postal addresses, emails, phone numbers and tax identification numbers; no banking data was affected.
Victim Poltronesofa
On 19 October 2025, the Centre Hospitalier Intercommunal de Haute-Comtรฉ in Pontarlier (France) was hit by a Cryptolocker ransomware attack that encrypted part of its data, forcing a full IT shutdown and a return to paper-based care; attackers demanded a 5 million euro ransom.
Victim Haute-Comtรฉ intercommunal hospital centre
Ransomware group Qilin attacked the IT systems of public high schools run by France's Hauts-de-France region in October 2025, paralysing some 80% of around 269 schools and claiming over 1 TB of stolen data including students' ID documents, CVs and academic transcripts.
Victim Hauts-de-France high schools
Qilin ransomware operators encrypted servers across Asahi's Japanese data centres, halting ordering, shipment, and production at 30 factories, leaking 27 GB of internal data, and exposing personal information of approximately 1.5 million customers, employees, and contacts.
Victim Asahi Group Holdings
Loss $31.4M
Records 1.5M
A cyberattack on Britain's biggest carmaker forced JLR to shut down its global IT network and halted vehicle production in the UK, China, Slovakia, India, and Brazil for five weeks โ now considered the most economically damaging cyber incident in UK history.
Victim Jaguar Land Rover
Loss $2.40B
On 28 July 2025, French web host FranceLink was hit by the Akira ransomware group, which encrypted about 93% of its servers and threatened to leak roughly 20GB of exfiltrated customer data.
Victim France Link Interactive
On 13 August 2025, Partner Immo, a French provider of online property- and condominium-management software, was reported as the target of a ransomware/data-leak incident; the exact scope and exposed data were not publicly confirmed.
Victim Partner Immo
On 25 July 2025, French telecom group Orange detected unauthorized access to one of its information systems; the Warlock ransomware group later claimed the attack and published about 4 GB of data, which Orange described as outdated or low-sensitivity.
Victim Orange
The DragonForce ransomware group claimed a July 2025 attack on French dry-cleaning chain 5ร Sec, exfiltrating roughly 290 GB of data โ SQL production and test databases spanning the group's France, Switzerland, Luxembourg, Spain and Portugal operations โ and published it after the company declined to pay.
Victim Groupe 5ร Sec
In June 2025, the Anubis ransomware gang claimed a 64GB leak of ~39,000 confidential files from Disneyland Paris โ engineering plans and behind-the-scenes photos/videos of park attractions โ said to be stolen via a compromised third-party contractor.
Victim Disneyland
CNPC USA was named on the Rhysida ransomware data-leak (extortion) site on 2025-06-16.
Victim CNPC USA
Jasper Products was named on the Play ransomware data-leak (extortion) site on 2025-06-16.
Victim Jasper Products
NF Stroth & Associates was named on the Play ransomware data-leak (extortion) site on 2025-06-16.
Victim NF Stroth & Associates
TBN Israel Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-06-16.
Victim TBN Israel Hacked
Israelโs fuel supply system Data was named on the Handala ransomware data-leak (extortion) site on 2025-06-15.
Victim Israelโs fuel supply system Data
S&H Express was named on the Play ransomware data-leak (extortion) site on 2025-06-15.
Victim S&H Express
099 ISP Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-06-14.
Victim 099 ISP Hacked
Aerodreams Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-06-14.
Victim Aerodreams Hacked
Israel’s fuel supply system Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-06-14.
Victim Israel’s fuel supply system Hacked
Israelโs fuel supply system Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-06-14.
Victim Israelโs fuel supply system Hacked
NPD Products was named on the Play ransomware data-leak (extortion) site on 2025-06-14.
Victim NPD Products
Project Partners was named on the Play ransomware data-leak (extortion) site on 2025-06-14.
Victim Project Partners
Rollex was named on the Play ransomware data-leak (extortion) site on 2025-06-14.
Victim Rollex
Y.G. New Idan Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-06-14.
Victim Y.G. New Idan Hacked
Ajmanre.gov.ae was named on the Flocker ransomware data-leak (extortion) site on 2025-06-12.
Victim Ajmanre.gov.ae
alleray-labrouste was named on the Incransom ransomware data-leak (extortion) site on 2025-06-12.
Victim alleray-labrouste
AP Lettering was named on the Spacebears ransomware data-leak (extortion) site on 2025-06-11.
Victim AP Lettering
Mount Rogers Community Services was named on the Incransom ransomware data-leak (extortion) site on 2025-06-10.
Victim Mount Rogers Community Services
Community Choice Credit Union was named on the Play ransomware data-leak (extortion) site on 2025-06-09.
Victim Community Choice Credit Union
EUC Sjlland was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-06-09.
Victim EUC Sjlland
Homestead Gardens was named on the Play ransomware data-leak (extortion) site on 2025-06-09.
Victim Homestead Gardens
Hudson River Housing was named on the Rhysida ransomware data-leak (extortion) site on 2025-06-07.
Victim Hudson River Housing
waiwhetu-medical-centre was named on the Incransom ransomware data-leak (extortion) site on 2025-06-07.
Victim waiwhetu-medical-centre
Kittery Police Department was named on the Incransom ransomware data-leak (extortion) site on 2025-06-06.
Victim Kittery Police Department
MTTEXPERTISES.COM was named on the Incransom ransomware data-leak (extortion) site on 2025-06-06.
Victim MTTEXPERTISES.COM
Nunez Dental was named on the Incransom ransomware data-leak (extortion) site on 2025-06-06.
Victim Nunez Dental
A*****e.gov.ae was named on the Flocker ransomware data-leak (extortion) site on 2025-06-05.
Victim A*****e.gov.ae
Ebac was named on the Play ransomware data-leak (extortion) site on 2025-06-05.
Victim Ebac
iscamen was named on the Incransom ransomware data-leak (extortion) site on 2025-06-05.
Victim iscamen
Lts.com.vn was named on the Flocker ransomware data-leak (extortion) site on 2025-06-05.
Victim Lts.com.vn
Triumph Construction was named on the Play ransomware data-leak (extortion) site on 2025-06-05.
Victim Triumph Construction
cemeteries.local was named on the Incransom ransomware data-leak (extortion) site on 2025-06-04.
Victim cemeteries.local
Funktel GmbH was named on the Incransom ransomware data-leak (extortion) site on 2025-06-04.
Victim Funktel GmbH
https://devimco.com/ was named on the Metaencryptor ransomware data-leak (extortion) site on 2025-06-04.
Victim https://devimco.com/
FLOE Internationa was named on the Play ransomware data-leak (extortion) site on 2025-06-03.
Victim FLOE Internationa
Jericho Fire Department was named on the Kairos ransomware data-leak (extortion) site on 2025-06-03.
Victim Jericho Fire Department
Rochon was named on the Play ransomware data-leak (extortion) site on 2025-06-03.
Victim Rochon
Sandhills Medical Foundation was named on the Incransom ransomware data-leak (extortion) site on 2025-06-03.
Victim Sandhills Medical Foundation
Sorter Construction was named on the Play ransomware data-leak (extortion) site on 2025-06-03.
Victim Sorter Construction
Capital Trade was named on the Play ransomware data-leak (extortion) site on 2025-06-02.
Victim Capital Trade
http://www.kcac.com was named on the BlackSuit ransomware data-leak (extortion) site on 2025-06-02.
Victim http://www.kcac.com
Universidad Tรฉcnica del Norte Ecuador was named on the Incransom ransomware data-leak (extortion) site on 2025-06-02.
Victim Universidad Tรฉcnica del Norte Ecuador
valuestoreit was named on the Incransom ransomware data-leak (extortion) site on 2025-06-02.
Victim valuestoreit
Vinda Group was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-06-02.
Victim Vinda Group
Dcsdev.org was named on the Flocker ransomware data-leak (extortion) site on 2025-06-01.
Victim Dcsdev.org
sitro.com.au was named on the Incransom ransomware data-leak (extortion) site on 2025-05-31.
Victim sitro.com.au
Trustgrp.ae was named on the Flocker ransomware data-leak (extortion) site on 2025-05-31.
Victim Trustgrp.ae
Acorn Sales was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-30.
Victim Acorn Sales
Anchor Industries was named on the Play ransomware data-leak (extortion) site on 2025-05-30.
Victim Anchor Industries
geruestba was named on the LockBit ransomware data-leak (extortion) site on 2025-05-30.
Victim geruestba
Jordan Drug was named on the Incransom ransomware data-leak (extortion) site on 2025-05-30.
Victim Jordan Drug
M&H Electric Fabricators was named on the Embargo ransomware data-leak (extortion) site on 2025-05-30.
Victim M&H Electric Fabricators
mysfa.org was named on the Incransom ransomware data-leak (extortion) site on 2025-05-30.
Victim mysfa.org
STANDBYTE was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-30.
Victim STANDBYTE
Tri-Point Solutions was named on the Play ransomware data-leak (extortion) site on 2025-05-30.
Victim Tri-Point Solutions
UnigazJordan was named on the Ransomblog_noname ransomware data-leak (extortion) site on 2025-05-30.
Victim UnigazJordan
W.E. Bowers was named on the Play ransomware data-leak (extortion) site on 2025-05-30.
Victim W.E. Bowers
http://metromont.com was named on the BlackSuit ransomware data-leak (extortion) site on 2025-05-29.
Victim http://metromont.com
http://www.innsofaurora.com was named on the BlackSuit ransomware data-leak (extortion) site on 2025-05-29.
Victim http://www.innsofaurora.com
Mulia Raya was named on the Ransomblog_noname ransomware data-leak (extortion) site on 2025-05-29.
Victim Mulia Raya
Cator Ruma & Associates was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-28.
Victim Cator Ruma & Associates
Eliel Cycling was named on the Play ransomware data-leak (extortion) site on 2025-05-28.
Victim Eliel Cycling
Fujipoly Ltd was named on the Spacebears ransomware data-leak (extortion) site on 2025-05-28.
Victim Fujipoly Ltd
KDV Label was named on the Play ransomware data-leak (extortion) site on 2025-05-28.
Victim KDV Label
l*s.com.vn was named on the Flocker ransomware data-leak (extortion) site on 2025-05-28.
Victim l*s.com.vn
Corantioquia was named on the Hunters International ransomware data-leak (extortion) site on 2025-05-27.
Victim Corantioquia
Eight8Ate Holdings, Inc was named on the Hunters International ransomware data-leak (extortion) site on 2025-05-27.
Victim Eight8Ate Holdings, Inc
http://www.iptelecom.at was named on the Ciphbit ransomware data-leak (extortion) site on 2025-05-27.
Victim http://www.iptelecom.at
WAT Supplies was named on the Play ransomware data-leak (extortion) site on 2025-05-27.
Victim WAT Supplies
Wrap & Send Services was named on the Hunters International ransomware data-leak (extortion) site on 2025-05-27.
Victim Wrap & Send Services
allstarflooring.com was named on the Embargo ransomware data-leak (extortion) site on 2025-05-26.
Victim allstarflooring.com
Antea Luce was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-26.
Victim Antea Luce
Carrera Chevrolet was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-26.
Victim Carrera Chevrolet
Frederick's Machine & Tool Shop was named on the Play ransomware data-leak (extortion) site on 2025-05-26.
Victim Frederick's Machine & Tool Shop
Media Links was named on the Play ransomware data-leak (extortion) site on 2025-05-26.
Victim Media Links
D****v.org was named on the Flocker ransomware data-leak (extortion) site on 2025-05-25.
Victim D****v.org
oxparkrec.org was named on the Incransom ransomware data-leak (extortion) site on 2025-05-25.
Victim oxparkrec.org
Seneca Gaming & Entertainment was named on the Nitrogen ransomware data-leak (extortion) site on 2025-05-25.
Victim Seneca Gaming & Entertainment
Coweta County School System was named on the Nitrogen ransomware data-leak (extortion) site on 2025-05-24.
Victim Coweta County School System
T******p.ae was named on the Flocker ransomware data-leak (extortion) site on 2025-05-24.
Victim T******p.ae
Vernon Milling was named on the Play ransomware data-leak (extortion) site on 2025-05-24.
Victim Vernon Milling
AKJ Energiteknik was named on the Play ransomware data-leak (extortion) site on 2025-05-23.
Victim AKJ Energiteknik
South Atlantic Federal Credit Union was named on the Play ransomware data-leak (extortion) site on 2025-05-23.
Victim South Atlantic Federal Credit Union
4Motive was named on the Spacebears ransomware data-leak (extortion) site on 2025-05-22.
Victim 4Motive
CNHI LLC was named on the Play ransomware data-leak (extortion) site on 2025-05-22.
Victim CNHI LLC
Curewell Pharmacy & Surgicals was named on the Spacebears ransomware data-leak (extortion) site on 2025-05-22.
Victim Curewell Pharmacy & Surgicals
Greater Seattle Concrete was named on the Play ransomware data-leak (extortion) site on 2025-05-22.
Victim Greater Seattle Concrete
piercecountylibrary.org was named on the Incransom ransomware data-leak (extortion) site on 2025-05-22.
Victim piercecountylibrary.org
AttainX was named on the Play ransomware data-leak (extortion) site on 2025-05-21.
Victim AttainX
Neighborhood Development Services was named on the Kairos ransomware data-leak (extortion) site on 2025-05-21.
Victim Neighborhood Development Services
Rivers Academy West London was named on the Incransom ransomware data-leak (extortion) site on 2025-05-21.
Victim Rivers Academy West London
Durham Arts Council was named on the Kairos ransomware data-leak (extortion) site on 2025-05-20.
Victim Durham Arts Council
Florida Lung was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-20.
Victim Florida Lung
Runtec was named on the Lynx ransomware data-leak (extortion) site on 2025-05-20.
Victim Runtec
The Vascular Experts was named on the Incransom ransomware data-leak (extortion) site on 2025-05-20.
Victim The Vascular Experts
Tri State Electric was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-05-20.
Victim Tri State Electric
K & K Fence was named on the Play ransomware data-leak (extortion) site on 2025-05-19.
Victim K & K Fence
Colegio de la Compania de Maria Vigo was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-18.
Victim Colegio de la Compania de Maria Vigo
Fong Shann Printing Philippines was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-18.
Victim Fong Shann Printing Philippines
Grupo Boulevard was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-18.
Victim Grupo Boulevard
null was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-18.
Victim null
RECI SYSTEMS was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-18.
Victim RECI SYSTEMS
Road Development Corporation was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-18.
Victim Road Development Corporation
Termolar was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-18.
Victim Termolar
diyar.com was named on the Lynx ransomware data-leak (extortion) site on 2025-05-17.
Victim diyar.com
Gearhiser Peters Elliott & Cannon was named on the Lynx ransomware data-leak (extortion) site on 2025-05-17.
Victim Gearhiser Peters Elliott & Cannon
Maruichi Leavitt Pipe & Tube was named on the Lynx ransomware data-leak (extortion) site on 2025-05-17.
Victim Maruichi Leavitt Pipe & Tube
nissi-beach.com was named on the Incransom ransomware data-leak (extortion) site on 2025-05-17.
Victim nissi-beach.com
npfy.org was named on the Incransom ransomware data-leak (extortion) site on 2025-05-17.
Victim npfy.org
ros.eu was named on the Incransom ransomware data-leak (extortion) site on 2025-05-17.
Victim ros.eu
www.davisdavisco.com was named on the Incransom ransomware data-leak (extortion) site on 2025-05-17.
Victim www.davisdavisco.com
alpha-steuer.de was named on the Incransom ransomware data-leak (extortion) site on 2025-05-16.
Victim alpha-steuer.de
Carney Badley Spellman was named on the Play ransomware data-leak (extortion) site on 2025-05-16.
Victim Carney Badley Spellman
ccrcda.org was named on the Incransom ransomware data-leak (extortion) site on 2025-05-16.
Victim ccrcda.org
finanzconsult-immobilien.de was named on the Incransom ransomware data-leak (extortion) site on 2025-05-16.
Victim finanzconsult-immobilien.de
south african airways (flysaa.com) was named on the Incransom ransomware data-leak (extortion) site on 2025-05-16.
Victim south african airways (flysaa.com)
Triple Jump was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-05-16.
Victim Triple Jump
[DISCLOSED]OeTTINGER Brauerei was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-05-15.
Victim [DISCLOSED]OeTTINGER Brauerei
GARDNER ORTHOPEDICS was named on the Incransom ransomware data-leak (extortion) site on 2025-05-15.
Victim GARDNER ORTHOPEDICS
http://www.gloucesterva.gov was named on the BlackSuit ransomware data-leak (extortion) site on 2025-05-15.
Victim http://www.gloucesterva.gov
Grafton Technologies was named on the Play ransomware data-leak (extortion) site on 2025-05-14.
Victim Grafton Technologies
Kingsmen Creatives Ltd. was named on the Embargo ransomware data-leak (extortion) site on 2025-05-14.
Victim Kingsmen Creatives Ltd.
Redirecting... was named on the Hellcat ransomware data-leak (extortion) site on 2025-05-14.
Victim Redirecting...
Regal Ideas was named on the Play ransomware data-leak (extortion) site on 2025-05-14.
Victim Regal Ideas
Royal Chemical was named on the Lynx ransomware data-leak (extortion) site on 2025-05-14.
Victim Royal Chemical
Sao Camilo Cachoeiro de Itapemirim was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-14.
Victim Sao Camilo Cachoeiro de Itapemirim
architekturbuero-heller.de was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-13.
Victim architekturbuero-heller.de
Dishaka was named on the Play ransomware data-leak (extortion) site on 2025-05-13.
Victim Dishaka
First Choice Courier & Messenger was named on the Spacebears ransomware data-leak (extortion) site on 2025-05-13.
Victim First Choice Courier & Messenger
Looper Goodwine was named on the Kairos ransomware data-leak (extortion) site on 2025-05-13.
Victim Looper Goodwine
Nedved Architekti was named on the Spacebears ransomware data-leak (extortion) site on 2025-05-13.
Victim Nedved Architekti
Operative was named on the Play ransomware data-leak (extortion) site on 2025-05-13.
Victim Operative
Overhead Door of Nova Scotia was named on the Play ransomware data-leak (extortion) site on 2025-05-13.
Victim Overhead Door of Nova Scotia
thaonlesvosges.fr was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-13.
Victim thaonlesvosges.fr
www.colemanmaterials.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-13.
Victim www.colemanmaterials.com
altara.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
Victim altara.com
atlplasticsurgeon.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
Victim atlplasticsurgeon.com
EIZO Rugged Solutions was named on the Play ransomware data-leak (extortion) site on 2025-05-12.
Victim EIZO Rugged Solutions
iacc.holdings was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
Victim iacc.holdings
industrialdynamics.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
Victim industrialdynamics.com
jtalleycorp.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
Victim jtalleycorp.com
Just Concrete & Masonry was named on the Play ransomware data-leak (extortion) site on 2025-05-12.
Victim Just Concrete & Masonry
net-move.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
Victim net-move.com
southernavionics.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
Victim southernavionics.com
www.condista.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
Victim www.condista.com
www.dermatologysolutions.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
Victim www.dermatologysolutions.com
www.philsmithauto.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
Victim www.philsmithauto.com
dac-law.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim dac-law.com
kraftkisarna.se was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim kraftkisarna.se
millercaggiano.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim millercaggiano.com
ossman.co.uk was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim ossman.co.uk
pratthomes.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim pratthomes.com
pryor-morrow.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim pryor-morrow.com
stitaly.it was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim stitaly.it
www.harrissteelco.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim www.harrissteelco.com
www.irisid.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim www.irisid.com
www.precisiontextiles-usa.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim www.precisiontextiles-usa.com
www.setpointsystems.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim www.setpointsystems.com
www.texlaenergy.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim www.texlaenergy.com
American Eagle Logistics - Full Leak was named on the Monti ransomware data-leak (extortion) site on 2025-05-10.
Victim American Eagle Logistics - Full Leak
citrusmagic.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-10.
Victim citrusmagic.com
statesmanbiz.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-10.
Victim statesmanbiz.com
Verrex was named on the Play ransomware data-leak (extortion) site on 2025-05-10.
Victim Verrex
www.cityofgroveok.gov was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-10.
Victim www.cityofgroveok.gov
EMX Enterprises was named on the Play ransomware data-leak (extortion) site on 2025-05-09.
Victim EMX Enterprises
Gistic Research was named on the Play ransomware data-leak (extortion) site on 2025-05-09.
Victim Gistic Research
hennessyfunds.com was named on the LockBit ransomware data-leak (extortion) site on 2025-05-09.
Victim hennessyfunds.com
Mountain View Mushrooms was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-09.
Victim Mountain View Mushrooms
Sweet Shop USA was named on the Play ransomware data-leak (extortion) site on 2025-05-09.
Victim Sweet Shop USA
UniTrak was named on the Play ransomware data-leak (extortion) site on 2025-05-08.
Victim UniTrak
vzlom7may.omg was named on the LockBit ransomware data-leak (extortion) site on 2025-05-08.
Victim vzlom7may.omg
Amtech Software was named on the Monti ransomware data-leak (extortion) site on 2025-05-07.
Victim Amtech Software
GPF Lewis was named on the Hunters International ransomware data-leak (extortion) site on 2025-05-07.
Victim GPF Lewis
LGM was named on the Termite ransomware data-leak (extortion) site on 2025-05-07.
Victim LGM
Sioux Chief was named on the Hunters International ransomware data-leak (extortion) site on 2025-05-07.
Victim Sioux Chief
Transport Lutztulln was named on the Orca ransomware data-leak (extortion) site on 2025-05-07.
Victim Transport Lutztulln
Breen Construction Services was named on the Play ransomware data-leak (extortion) site on 2025-05-06.
Victim Breen Construction Services
Commune de Jemeppe-sur-Sambre was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-05-06.
Victim Commune de Jemeppe-sur-Sambre
Downtown Travel was named on the Play ransomware data-leak (extortion) site on 2025-05-06.
Victim Downtown Travel
ehlers-inc.com was named on the LockBit ransomware data-leak (extortion) site on 2025-05-06.
Victim ehlers-inc.com
Marine Technical Surveyors was named on the Play ransomware data-leak (extortion) site on 2025-05-06.
Victim Marine Technical Surveyors
Mediprobe Research was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-06.
Victim Mediprobe Research
Novosit was named on the Play ransomware data-leak (extortion) site on 2025-05-06.
Victim Novosit
Rand Technology was named on the Play ransomware data-leak (extortion) site on 2025-05-06.
Victim Rand Technology
Sugar Lake Lodge was named on the Play ransomware data-leak (extortion) site on 2025-05-06.
Victim Sugar Lake Lodge
Technical Die-Casting was named on the Play ransomware data-leak (extortion) site on 2025-05-06.
Victim Technical Die-Casting
Trybus was named on the Play ransomware data-leak (extortion) site on 2025-05-06.
Victim Trybus
Webcor was named on the Play ransomware data-leak (extortion) site on 2025-05-06.
Victim Webcor
Alberta Construction Safety Association was named on the Play ransomware data-leak (extortion) site on 2025-05-05.
Victim Alberta Construction Safety Association
ATI Systems was named on the Play ransomware data-leak (extortion) site on 2025-05-05.
Victim ATI Systems
Hire Velocity (lan.hirevelocity.com) was named on the Lynx ransomware data-leak (extortion) site on 2025-05-05.
Victim Hire Velocity (lan.hirevelocity.com)
OeTTINGER Brauerei was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-05-05.
Victim OeTTINGER Brauerei
pbw- was named on the LockBit ransomware data-leak (extortion) site on 2025-05-05.
Victim pbw-
CabinC.com was named on the Lynx ransomware data-leak (extortion) site on 2025-05-04.
Victim CabinC.com
soundtransit.org was named on the Braincipher ransomware data-leak (extortion) site on 2025-05-04.
Victim soundtransit.org
valedolobo.com was named on the Braincipher ransomware data-leak (extortion) site on 2025-05-04.
Victim valedolobo.com
American Eagle Logistics - Press Release was named on the Monti ransomware data-leak (extortion) site on 2025-05-03.
Victim American Eagle Logistics - Press Release
ddecor.com was named on the Braincipher ransomware data-leak (extortion) site on 2025-05-03.
Victim ddecor.com
edisoft.es was named on the Braincipher ransomware data-leak (extortion) site on 2025-05-03.
Victim edisoft.es
iycsa.com.co was named on the Braincipher ransomware data-leak (extortion) site on 2025-05-03.
Victim iycsa.com.co
Kalin Hobeltechnik was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-03.
Victim Kalin Hobeltechnik
ruizre.es was named on the Braincipher ransomware data-leak (extortion) site on 2025-05-03.
Victim ruizre.es
arc-com.com was named on the LockBit ransomware data-leak (extortion) site on 2025-05-02.
Victim arc-com.com
derichsukonertz.de was named on the Lynx ransomware data-leak (extortion) site on 2025-05-02.
Victim derichsukonertz.de
[DISCLOSED]Imedexsa was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-05-02.
Victim [DISCLOSED]Imedexsa
ECOM America was named on the Play ransomware data-leak (extortion) site on 2025-05-02.
Victim ECOM America
Government of Peru was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-02.
Victim Government of Peru
kll-law.com was named on the LockBit ransomware data-leak (extortion) site on 2025-05-02.
Victim kll-law.com
pdcm.com was named on the LockBit ransomware data-leak (extortion) site on 2025-05-02.
Victim pdcm.com
runtec.co.jp was named on the Lynx ransomware data-leak (extortion) site on 2025-05-02.
Victim runtec.co.jp
Southern Fidelity was named on the Play ransomware data-leak (extortion) site on 2025-05-02.
Victim Southern Fidelity
The Seydel Companies was named on the Play ransomware data-leak (extortion) site on 2025-05-02.
Victim The Seydel Companies
Custom Paper was named on the Play ransomware data-leak (extortion) site on 2025-05-01.
Victim Custom Paper
Defected Records was named on the Play ransomware data-leak (extortion) site on 2025-05-01.
Victim Defected Records
maywdef was named on the Lynx ransomware data-leak (extortion) site on 2025-05-01.
Victim maywdef
StudioVaiani was named on the Incransom ransomware data-leak (extortion) site on 2025-05-01.
Victim StudioVaiani
The Saint James Hospital Group was named on the Incransom ransomware data-leak (extortion) site on 2025-05-01.
Victim The Saint James Hospital Group
WDEF-TV was named on the Lynx ransomware data-leak (extortion) site on 2025-05-01.
Victim WDEF-TV
Coop UQAM was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-30.
Victim Coop UQAM
Digestive Specialists was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-30.
Victim Digestive Specialists
FCC was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-30.
Victim FCC
Gorham Sand & Gravel was named on the Play ransomware data-leak (extortion) site on 2025-04-30.
Victim Gorham Sand & Gravel
Missouri Pipe Fittings was named on the Play ransomware data-leak (extortion) site on 2025-04-30.
Victim Missouri Pipe Fittings
National Steel City was named on the Play ransomware data-leak (extortion) site on 2025-04-30.
Victim National Steel City
Penn Emblem (penn.local) was named on the Lynx ransomware data-leak (extortion) site on 2025-04-30.
Victim Penn Emblem (penn.local)
PermaCold Engineering was named on the Play ransomware data-leak (extortion) site on 2025-04-30.
Victim PermaCold Engineering
southernagllc.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-30.
Victim southernagllc.com
Telco Intercontinental was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-30.
Victim Telco Intercontinental
Ushio was named on the Termite ransomware data-leak (extortion) site on 2025-04-30.
Victim Ushio
BOLL Logistik was named on the Play ransomware data-leak (extortion) site on 2025-04-29.
Victim BOLL Logistik
Cooper Global Chauffeured was named on the Play ransomware data-leak (extortion) site on 2025-04-29.
Victim Cooper Global Chauffeured
David Mills CPA, LLC was named on the Lynx ransomware data-leak (extortion) site on 2025-04-29.
Victim David Mills CPA, LLC
Haas & Associates was named on the Play ransomware data-leak (extortion) site on 2025-04-28.
Victim Haas & Associates
Hpital Glengarry Memorial Hospital (clglen.local) was named on the Incransom ransomware data-leak (extortion) site on 2025-04-28.
Victim Hpital Glengarry Memorial Hospital (clglen.local)
LaBella Associates was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-28.
Victim LaBella Associates
Mantel Machine Products was named on the Play ransomware data-leak (extortion) site on 2025-04-28.
Victim Mantel Machine Products
Minnesota Lawyers Mutual Insurance was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-28.
Victim Minnesota Lawyers Mutual Insurance
Scientel Solutions was named on the Play ransomware data-leak (extortion) site on 2025-04-28.
Victim Scientel Solutions
Crawford Door Sales was named on the Play ransomware data-leak (extortion) site on 2025-04-27.
Victim Crawford Door Sales
FMT Consultants was named on the Play ransomware data-leak (extortion) site on 2025-04-27.
Victim FMT Consultants
Global Media Group was named on the Nitrogen ransomware data-leak (extortion) site on 2025-04-26.
Victim Global Media Group
M'AR De AR Hotels was named on the Nitrogen ransomware data-leak (extortion) site on 2025-04-26.
Victim M'AR De AR Hotels
MDB was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-26.
Victim MDB
Stadtwerke Schwerte GmbH was named on the Nitrogen ransomware data-leak (extortion) site on 2025-04-26.
Victim Stadtwerke Schwerte GmbH
AKTO was named on the Nitrogen ransomware data-leak (extortion) site on 2025-04-25.
Victim AKTO
corporateflight.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-25.
Victim corporateflight.com
friscochamber.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-25.
Victim friscochamber.com
greatplainstransport.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-25.
Victim greatplainstransport.com
impactcanada.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-25.
Victim impactcanada.com
Kasb Bank - K-Trade was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-25.
Victim Kasb Bank - K-Trade
Kenworth Del Sur was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-25.
Victim Kenworth Del Sur
pay4freight.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-25.
Victim pay4freight.com
shgcpa.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-25.
Victim shgcpa.com
arkansasprimarycare.com was named on the Incransom ransomware data-leak (extortion) site on 2025-04-24.
Victim arkansasprimarycare.com
buildingmaterialspecialties.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-24.
Victim buildingmaterialspecialties.com
Colorado Pulmonary Intensivists was named on the Kairos ransomware data-leak (extortion) site on 2025-04-24.
Victim Colorado Pulmonary Intensivists
end2endtechnologies was named on the Lynx ransomware data-leak (extortion) site on 2025-04-24.
Victim end2endtechnologies
https://fortunesociety.org/ was named on the BlackSuit ransomware data-leak (extortion) site on 2025-04-24.
Victim https://fortunesociety.org/
https://www.pacmet.com was named on the BlackSuit ransomware data-leak (extortion) site on 2025-04-24.
Victim https://www.pacmet.com
Vicarage Court Solicitors was named on the Lynx ransomware data-leak (extortion) site on 2025-04-24.
Victim Vicarage Court Solicitors
amethystgroup.co.uk was named on the Lynx ransomware data-leak (extortion) site on 2025-04-23.
Victim amethystgroup.co.uk
Farmo Res was named on the Lynx ransomware data-leak (extortion) site on 2025-04-23.
Victim Farmo Res
iaconnect was named on the LockBit ransomware data-leak (extortion) site on 2025-04-23.
Victim iaconnect
Lantronix was named on the Play ransomware data-leak (extortion) site on 2025-04-23.
Victim Lantronix
lemi-group was named on the Incransom ransomware data-leak (extortion) site on 2025-04-23.
Victim lemi-group
Mafi was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-23.
Victim Mafi
Milicic was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-23.
Victim Milicic
NESCTC was named on the Play ransomware data-leak (extortion) site on 2025-04-23.
Victim NESCTC
Springer & Steinberg was named on the Lynx ransomware data-leak (extortion) site on 2025-04-23.
Victim Springer & Steinberg
Suburban Carting was named on the Play ransomware data-leak (extortion) site on 2025-04-23.
Victim Suburban Carting
The Derby High School was named on the Kairos ransomware data-leak (extortion) site on 2025-04-23.
Victim The Derby High School
The Human Bean was named on the Play ransomware data-leak (extortion) site on 2025-04-23.
Victim The Human Bean
Acos Favorit was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-22.
Victim Acos Favorit
All Book Covers was named on the Play ransomware data-leak (extortion) site on 2025-04-22.
Victim All Book Covers
Bacton Transport Services was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-04-22.
Victim Bacton Transport Services
franklin nursing home was named on the Incransom ransomware data-leak (extortion) site on 2025-04-22.
Victim franklin nursing home
Independent Financial Services was named on the Play ransomware data-leak (extortion) site on 2025-04-22.
Victim Independent Financial Services
Jet Ice was named on the Play ransomware data-leak (extortion) site on 2025-04-22.
Victim Jet Ice
R&N Manufacturing was named on the Lynx ransomware data-leak (extortion) site on 2025-04-22.
Victim R&N Manufacturing
C-Mec was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-04-21.
Victim C-Mec
Social-engineering of a third-party service desk gave Scattered Spider a domain administrator, which they used to deploy DragonForce ransomware on M&S's VMware ESXi estate at Easter 2025 โ knocking out contactless payments, Click & Collect, and online ordering for over six weeks.
Victim Marks & Spencer
Loss $550.0M
Pharma Force was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-21.
Victim Pharma Force
tuttoperlufficio.eu was named on the LockBit ransomware data-leak (extortion) site on 2025-04-21.
Victim tuttoperlufficio.eu
Z****a.com was named on the Flocker ransomware data-leak (extortion) site on 2025-04-19.
Victim Z****a.com
dhsmithco.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-18.
Victim dhsmithco.com
[EVIDENCE PACK 2] Telecontrol was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-04-18.
Victim [EVIDENCE PACK 2] Telecontrol
The Tech Interactive was named on the Moneymessage ransomware data-leak (extortion) site on 2025-04-18.
Victim The Tech Interactive
d-line was named on the Kairos ransomware data-leak (extortion) site on 2025-04-17.
Victim d-line
EVERTECH INSTRUMENTAL CO., LTD was named on the Spacebears ransomware data-leak (extortion) site on 2025-04-17.
Victim EVERTECH INSTRUMENTAL CO., LTD
Feldman & Lopez was named on the Lynx ransomware data-leak (extortion) site on 2025-04-17.
Victim Feldman & Lopez
HOPI was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-17.
Victim HOPI
Hyalogic was named on the Lynx ransomware data-leak (extortion) site on 2025-04-17.
Victim Hyalogic
Koninklijke Ahold Delhaize N.V. was named on the Incransom ransomware data-leak (extortion) site on 2025-04-17.
Victim Koninklijke Ahold Delhaize N.V.
Red Chamber was named on the Play ransomware data-leak (extortion) site on 2025-04-17.
Victim Red Chamber
Sally B Gold was named on the Lynx ransomware data-leak (extortion) site on 2025-04-17.
Victim Sally B Gold
VIรUELAS ABOGADOS was named on the Spacebears ransomware data-leak (extortion) site on 2025-04-17.
Victim VIรUELAS ABOGADOS
aeamg.org.br was named on the LockBit ransomware data-leak (extortion) site on 2025-04-16.
Victim aeamg.org.br
aqhch.com.cn was named on the LockBit ransomware data-leak (extortion) site on 2025-04-16.
Victim aqhch.com.cn
ende.bo was named on the LockBit ransomware data-leak (extortion) site on 2025-04-16.
Victim ende.bo
iblinfo.de was named on the Incransom ransomware data-leak (extortion) site on 2025-04-16.
Victim iblinfo.de
jackpotjunction.com was named on the LockBit ransomware data-leak (extortion) site on 2025-04-16.
Victim jackpotjunction.com
McElwee Firm was named on the Lynx ransomware data-leak (extortion) site on 2025-04-16.
Victim McElwee Firm
semex.com was named on the Underground ransomware data-leak (extortion) site on 2025-04-16.
Victim semex.com
spscompanies.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-16.
Victim spscompanies.com
toolsign.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-16.
Victim toolsign.com
Astra Products was named on the Lynx ransomware data-leak (extortion) site on 2025-04-15.
Victim Astra Products
Destination Toronto was named on the Play ransomware data-leak (extortion) site on 2025-04-15.
Victim Destination Toronto
James & Sons Fine Jewelers was named on the Play ransomware data-leak (extortion) site on 2025-04-15.
Victim James & Sons Fine Jewelers
Lake HVAC was named on the Lynx ransomware data-leak (extortion) site on 2025-04-15.
Victim Lake HVAC
Merri-Makers was named on the Play ransomware data-leak (extortion) site on 2025-04-15.
Victim Merri-Makers
Miller Boskus Lack Architects was named on the Play ransomware data-leak (extortion) site on 2025-04-15.
Victim Miller Boskus Lack Architects
nevadareadymix.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-15.
Victim nevadareadymix.com
O'Brien & Ryan was named on the Play ransomware data-leak (extortion) site on 2025-04-15.
Victim O'Brien & Ryan
Oregon Department of Environmental Quality was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-15.
Victim Oregon Department of Environmental Quality
trocaire.edu was named on the Incransom ransomware data-leak (extortion) site on 2025-04-15.
Victim trocaire.edu
Voigt-Abernathy Company was named on the Play ransomware data-leak (extortion) site on 2025-04-15.
Victim Voigt-Abernathy Company
Waller was named on the Play ransomware data-leak (extortion) site on 2025-04-15.
Victim Waller
Calmont Group was named on the Play ransomware data-leak (extortion) site on 2025-04-14.
Victim Calmont Group
Comport Technology Solutions was named on the Play ransomware data-leak (extortion) site on 2025-04-14.
Victim Comport Technology Solutions
Cortez Resources was named on the Play ransomware data-leak (extortion) site on 2025-04-14.
Victim Cortez Resources
MENTAL HEALTH was named on the Incransom ransomware data-leak (extortion) site on 2025-04-14.
Victim MENTAL HEALTH
Orthopaedic Specialists of Connecticut was named on the Incransom ransomware data-leak (extortion) site on 2025-04-14.
Victim Orthopaedic Specialists of Connecticut
intelliloan.com was named on the LockBit ransomware data-leak (extortion) site on 2025-04-13.
Victim intelliloan.com
acimfunds.com was named on the LockBit ransomware data-leak (extortion) site on 2025-04-12.
Victim acimfunds.com
bilbie.com.au was named on the Lynx ransomware data-leak (extortion) site on 2025-04-12.
Victim bilbie.com.au
Bjรธrklund was named on the Termite ransomware data-leak (extortion) site on 2025-04-12.
Victim Bjรธrklund
Chickenshed was named on the Incransom ransomware data-leak (extortion) site on 2025-04-12.
Victim Chickenshed
Dimension Composite was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-12.
Victim Dimension Composite
On IT was named on the Termite ransomware data-leak (extortion) site on 2025-04-12.
Victim On IT
Restaurant Associates was named on the Lynx ransomware data-leak (extortion) site on 2025-04-12.
Victim Restaurant Associates
visionproducts.llc was named on the LockBit ransomware data-leak (extortion) site on 2025-04-12.
Victim visionproducts.llc
C?l???t Group was named on the Play ransomware data-leak (extortion) site on 2025-04-11.
Victim C?l???t Group
Codinter was named on the Play ransomware data-leak (extortion) site on 2025-04-11.
Victim Codinter
Colmar Industrial Supplies was named on the Lynx ransomware data-leak (extortion) site on 2025-04-11.
Victim Colmar Industrial Supplies
Harvest, a French wealth-management software editor, was hit by a Run Some Wares ransomware double-extortion attack disclosed in April 2025; internal and client files were exfiltrated and published, reportedly exposing data on tens of thousands of individuals and thousands of companies.
Victim Harvest
hotelemc2.c was named on the LockBit ransomware data-leak (extortion) site on 2025-04-11.
Victim hotelemc2.c
Imagineering Finishing Technologies was named on the Incransom ransomware data-leak (extortion) site on 2025-04-11.
Victim Imagineering Finishing Technologies
KER Custom Molders was named on the Play ransomware data-leak (extortion) site on 2025-04-11.
Victim KER Custom Molders
mbmdubai.com was named on the Braincipher ransomware data-leak (extortion) site on 2025-04-11.
Victim mbmdubai.com
New York Sports Club was named on the Play ransomware data-leak (extortion) site on 2025-04-11.
Victim New York Sports Club
Noyen Construction was named on the Play ransomware data-leak (extortion) site on 2025-04-11.
Victim Noyen Construction
PAC Strapping Products was named on the Play ransomware data-leak (extortion) site on 2025-04-11.
Victim PAC Strapping Products
Sfrent.net was named on the Play ransomware data-leak (extortion) site on 2025-04-11.
Victim Sfrent.net
The Study was named on the Play ransomware data-leak (extortion) site on 2025-04-11.
Victim The Study
3P Corporation was named on the Spacebears ransomware data-leak (extortion) site on 2025-04-10.
Victim 3P Corporation
Bonick Landscaping was named on the Play ransomware data-leak (extortion) site on 2025-04-10.
Victim Bonick Landscaping
Cane Creek Cycling Components was named on the Play ransomware data-leak (extortion) site on 2025-04-10.
Victim Cane Creek Cycling Components
chesterfieldtwp.org was named on the Incransom ransomware data-leak (extortion) site on 2025-04-10.
Victim chesterfieldtwp.org
finetech.de was named on the Incransom ransomware data-leak (extortion) site on 2025-04-10.
Victim finetech.de
inspec-international.com was named on the Incransom ransomware data-leak (extortion) site on 2025-04-10.
Victim inspec-international.com
silocaf.com was named on the Incransom ransomware data-leak (extortion) site on 2025-04-10.
Victim silocaf.com
ccso2014.local(sheriffs) was named on the Incransom ransomware data-leak (extortion) site on 2025-04-09.
Victim ccso2014.local(sheriffs)
gramoll.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-09.
Victim gramoll.com
Coop57 was named on the Incransom ransomware data-leak (extortion) site on 2025-04-08.
Victim Coop57
crystal-d.com was named on the LockBit ransomware data-leak (extortion) site on 2025-04-08.
Victim crystal-d.com
https://www.thirdave.com was named on the Metaencryptor ransomware data-leak (extortion) site on 2025-04-08.
Victim https://www.thirdave.com
physiciansmedicalbilling.net was named on the LockBit ransomware data-leak (extortion) site on 2025-04-08.
Victim physiciansmedicalbilling.net
RFMS, Inc. was named on the Kairos ransomware data-leak (extortion) site on 2025-04-08.
Victim RFMS, Inc.
shengyusteel.com was named on the Underground ransomware data-leak (extortion) site on 2025-04-08.
Victim shengyusteel.com
Thiekon Constructie was named on the Incransom ransomware data-leak (extortion) site on 2025-04-08.
Victim Thiekon Constructie
[DISCLOSED]Cell C was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-04-07.
Victim [DISCLOSED]Cell C
Galesburg Area Chamber of Commerce was named on the Kairos ransomware data-leak (extortion) site on 2025-04-07.
Victim Galesburg Area Chamber of Commerce
IDS Infotech was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-07.
Victim IDS Infotech
Telecontrol was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-04-07.
Victim Telecontrol
asiapacificex.com was named on the LockBit ransomware data-leak (extortion) site on 2025-04-06.
Victim asiapacificex.com
graphiquedefrance.com was named on the LockBit ransomware data-leak (extortion) site on 2025-04-06.
Victim graphiquedefrance.com
Groupe Delcourt was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-06.
Victim Groupe Delcourt
grupotersa.com.mx was named on the LockBit ransomware data-leak (extortion) site on 2025-04-06.
Victim grupotersa.com.mx
Hofmann Fรถrdertechnik GmbH was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-06.
Victim Hofmann Fรถrdertechnik GmbH
Swiss Capitals Group was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-06.
Victim Swiss Capitals Group
ABITL Finishing was named on the Play ransomware data-leak (extortion) site on 2025-04-05.
Victim ABITL Finishing
Baltimore Steel Erectors was named on the Play ransomware data-leak (extortion) site on 2025-04-05.
Victim Baltimore Steel Erectors
Blackmon Mooring was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-05.
Victim Blackmon Mooring
Csm Engineering was named on the Play ransomware data-leak (extortion) site on 2025-04-05.
Victim Csm Engineering
Hawk Technology was named on the Play ransomware data-leak (extortion) site on 2025-04-05.
Victim Hawk Technology
https://www.mmwec.org was named on the BlackSuit ransomware data-leak (extortion) site on 2025-04-05.
Victim https://www.mmwec.org
Industrial Corona de Mรฉxico was named on the Spacebears ransomware data-leak (extortion) site on 2025-04-05.
Victim Industrial Corona de Mรฉxico
L&S Mechanical (Reuploaded) was named on the Spacebears ransomware data-leak (extortion) site on 2025-04-05.
Victim L&S Mechanical (Reuploaded)
Nexia Poyiadjis IT was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-05.
Victim Nexia Poyiadjis IT
TEDOM was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-05.
Victim TEDOM
Fraser Trebilcock was named on the Play ransomware data-leak (extortion) site on 2025-04-04.
Victim Fraser Trebilcock
National Sign corp was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-04.
Victim National Sign corp
Royal Glass was named on the Play ransomware data-leak (extortion) site on 2025-04-04.
Victim Royal Glass
Sansone Group was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-04.
Victim Sansone Group
Alton Steel was named on the Lynx ransomware data-leak (extortion) site on 2025-04-03.
Victim Alton Steel
Hop Industries was named on the Play ransomware data-leak (extortion) site on 2025-04-03.
Victim Hop Industries
Lifebreath was named on the Play ransomware data-leak (extortion) site on 2025-04-03.
Victim Lifebreath
OTA Management was named on the Play ransomware data-leak (extortion) site on 2025-04-03.
Victim OTA Management
Parvin-Clauss Sign Company was named on the Play ransomware data-leak (extortion) site on 2025-04-03.
Victim Parvin-Clauss Sign Company
Regionale Verkehrsbetriebe was named on the Play ransomware data-leak (extortion) site on 2025-04-03.
Victim Regionale Verkehrsbetriebe
A little gift of exclusive data for everyone was named on the Daixin ransomware data-leak (extortion) site on 2025-04-02.
Victim A little gift of exclusive data for everyone
Clarity Ventures was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-02.
Victim Clarity Ventures
crownlaboratories.com was named on the Abyss ransomware data-leak (extortion) site on 2025-04-02.
Victim crownlaboratories.com
Fulfillment Plus was named on the Play ransomware data-leak (extortion) site on 2025-04-02.
Victim Fulfillment Plus
The Hoff Brand SL Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-04-02.
Victim The Hoff Brand SL Data Leak
delta-life.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-04-01.
Victim delta-life.com
europtec.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-04-01.
Victim europtec.com
intellioan.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-04-01.
Victim intellioan.com
State's Attorney Office was named on the Kairos ransomware data-leak (extortion) site on 2025-04-01.
Victim State's Attorney Office
The Loretto Hospital was named on the Incransom ransomware data-leak (extortion) site on 2025-04-01.
Victim The Loretto Hospital
CMC Technology Group was named on the BianLian ransomware data-leak (extortion) site on 2025-03-31.
Victim CMC Technology Group
Meridian Senior was named on the BianLian ransomware data-leak (extortion) site on 2025-03-31.
Victim Meridian Senior
Saunders and Saunders was named on the BianLian ransomware data-leak (extortion) site on 2025-03-31.
Victim Saunders and Saunders
SIRIUS S.R.L. was named on the Nitrogen ransomware data-leak (extortion) site on 2025-03-31.
Victim SIRIUS S.R.L.
Sonrisas Dental Health was named on the BianLian ransomware data-leak (extortion) site on 2025-03-31.
Victim Sonrisas Dental Health
test1234.com was named on the LockBit ransomware data-leak (extortion) site on 2025-03-31.
Victim test1234.com
www.assisi.nl was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-30.
Victim www.assisi.nl
AJF Inspections & Engineering () was named on the Lynx ransomware data-leak (extortion) site on 2025-03-29.
Victim AJF Inspections & Engineering ()
Amatech was named on the Lynx ransomware data-leak (extortion) site on 2025-03-29.
Victim Amatech
bahnlog.com was named on the Incransom ransomware data-leak (extortion) site on 2025-03-29.
Victim bahnlog.com
Commercial Concrete Systems was named on the Lynx ransomware data-leak (extortion) site on 2025-03-29.
Victim Commercial Concrete Systems
Forrest City School District was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-29.
Victim Forrest City School District
importantsteps.com was named on the Incransom ransomware data-leak (extortion) site on 2025-03-29.
Victim importantsteps.com
Martin Mechanical (martin.local) was named on the Lynx ransomware data-leak (extortion) site on 2025-03-29.
Victim Martin Mechanical (martin.local)
Pacific Residential Mortgage was named on the Lynx ransomware data-leak (extortion) site on 2025-03-29.
Victim Pacific Residential Mortgage
Senior Support Services was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-29.
Victim Senior Support Services
Solar Optimum was named on the Lynx ransomware data-leak (extortion) site on 2025-03-29.
Victim Solar Optimum
solaroptimum.com was named on the Lynx ransomware data-leak (extortion) site on 2025-03-29.
Victim solaroptimum.com
amatechinc.com was named on the Lynx ransomware data-leak (extortion) site on 2025-03-28.
Victim amatechinc.com
augustssons.se was named on the Incransom ransomware data-leak (extortion) site on 2025-03-28.
Victim augustssons.se
Direct Traffic Control was named on the Lynx ransomware data-leak (extortion) site on 2025-03-28.
Victim Direct Traffic Control
entandallergy.com was named on the Abyss ransomware data-leak (extortion) site on 2025-03-28.
Victim entandallergy.com
phaus.us&phakr.com&phabodysystems.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-28.
Victim phaus.us&phakr.com&phabodysystems.com
W*******w.com was named on the Flocker ransomware data-leak (extortion) site on 2025-03-28.
Victim W*******w.com
www.bassi.it was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-28.
Victim www.bassi.it
www.solventacentroamerica.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-28.
Victim www.solventacentroamerica.com
brattenelectrictn.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.
Victim brattenelectrictn.com
City of Fort St. John (city.cityfsj.local) was named on the Incransom ransomware data-leak (extortion) site on 2025-03-27.
Victim City of Fort St. John (city.cityfsj.local)
conterra.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.
Victim conterra.com
NEW JERSEY CPA was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-03-27.
Victim NEW JERSEY CPA
www.allmilmoe.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.
Victim www.allmilmoe.com
www.carolinaac.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.
Victim www.carolinaac.com
www.DSelectrical.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.
Victim www.DSelectrical.com
www.garbinc.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.
Victim www.garbinc.com
www.hongthongrice.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.
Victim www.hongthongrice.com
www.s3s.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.
Victim www.s3s.com
www.solidworld.it was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.
Victim www.solidworld.it
Concord Orthopaedics Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-03-26.
Victim Concord Orthopaedics Data Leak
Genie Healthcare Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-03-26.
Victim Genie Healthcare Data Leak
TriCity Family Services was named on the Incransom ransomware data-leak (extortion) site on 2025-03-26.
Victim TriCity Family Services
usCalibration was named on the Play ransomware data-leak (extortion) site on 2025-03-26.
Victim usCalibration
www.afnigc.ca was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.
Victim www.afnigc.ca
www.argentosc.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.
Victim www.argentosc.com
www.cormidom.com.do was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.
Victim www.cormidom.com.do
www.creativelogisticservices.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.
Victim www.creativelogisticservices.com
www.fkm-elemente.de was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.
Victim www.fkm-elemente.de
www.lions-online.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.
Victim www.lions-online.org
www.mododoc.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.
Victim www.mododoc.com
www.ripplejunction.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.
Victim www.ripplejunction.com
B&C Industries was named on the Play ransomware data-leak (extortion) site on 2025-03-25.
Victim B&C Industries
bioclimaservice.it was named on the LockBit ransomware data-leak (extortion) site on 2025-03-25.
Victim bioclimaservice.it
cisd.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-25.
Victim cisd.org
fepasa.com.ar was named on the LockBit ransomware data-leak (extortion) site on 2025-03-25.
Victim fepasa.com.ar
Kimco Steel was named on the Play ransomware data-leak (extortion) site on 2025-03-25.
Victim Kimco Steel
mnm.hu was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-25.
Victim mnm.hu
Okeene Elementary School was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-25.
Victim Okeene Elementary School
OMLTD.CO.JP was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-25.
Victim OMLTD.CO.JP
ossc.com.mx was named on the LockBit ransomware data-leak (extortion) site on 2025-03-25.
Victim ossc.com.mx
technicare.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-25.
Victim technicare.com
texascompressionservices.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-25.
Victim texascompressionservices.com
www.rivaldt.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-25.
Victim www.rivaldt.com
allbiz.com was named on the Incransom ransomware data-leak (extortion) site on 2025-03-24.
Victim allbiz.com
Lupin Limited was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-24.
Victim Lupin Limited
TMT Clam Dredger was named on the Incransom ransomware data-leak (extortion) site on 2025-03-24.
Victim TMT Clam Dredger
www.exemplar.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-24.
Victim www.exemplar.com
abeyor.fr was named on the Incransom ransomware data-leak (extortion) site on 2025-03-23.
Victim abeyor.fr
Goshen Medical Center was named on the BianLian ransomware data-leak (extortion) site on 2025-03-23.
Victim Goshen Medical Center
Precision Accounting Intl was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-23.
Victim Precision Accounting Intl
Doumen was named on the Lynx ransomware data-leak (extortion) site on 2025-03-22.
Victim Doumen
Innovative Surfaces was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-22.
Victim Innovative Surfaces
REOC San Antonio was named on the Play ransomware data-leak (extortion) site on 2025-03-22.
Victim REOC San Antonio
SPARSH Hospital was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-22.
Victim SPARSH Hospital
Zaveta Custom Homes was named on the Play ransomware data-leak (extortion) site on 2025-03-22.
Victim Zaveta Custom Homes
Cayman National Bank was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-21.
Victim Cayman National Bank
gbsn.com.br was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
Victim gbsn.com.br
https://www.orangeville.ca was named on the BlackSuit ransomware data-leak (extortion) site on 2025-03-21.
Victim https://www.orangeville.ca
Officio Medical was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-21.
Victim Officio Medical
www.abmenviro.ca was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
Victim www.abmenviro.ca
www.accessfinanceonline.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
Victim www.accessfinanceonline.com
www.ahmadiyya.ca was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
Victim www.ahmadiyya.ca
www.allstarhealthcaresolutions.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
Victim www.allstarhealthcaresolutions.com
www.avalonapparel.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
Victim www.avalonapparel.com
www.broadmoormethodist.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
Victim www.broadmoormethodist.org
www.core-1.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
Victim www.core-1.com
www.elizajennings.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
Victim www.elizajennings.org
www.engines.man.eu was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
Victim www.engines.man.eu
www.esquirebrands.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
Victim www.esquirebrands.com
www.gcsnet.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
Victim www.gcsnet.com
www.gestionquintessence.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
Victim www.gestionquintessence.com
www.mslglobalexp.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
Victim www.mslglobalexp.com
www.njcalwe.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
Victim www.njcalwe.com
www.oneupinnovations.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
Victim www.oneupinnovations.com
www.parklandmanufacturing.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
Victim www.parklandmanufacturing.com
www.scpautomation.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
Victim www.scpautomation.com
www.sinkdirect.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
Victim www.sinkdirect.com
www.solinst.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
Victim www.solinst.com
Cargills Bank was named on the Hunters International ransomware data-leak (extortion) site on 2025-03-20.
Victim Cargills Bank
Instituto de Ojos was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-20.
Victim Instituto de Ojos
interiseworld.com was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-20.
Victim interiseworld.com
L&S Mechanical was named on the Spacebears ransomware data-leak (extortion) site on 2025-03-20.
Victim L&S Mechanical
Megacentro was named on the Hunters International ransomware data-leak (extortion) site on 2025-03-20.
Victim Megacentro
Newtown Friends School (newtownfriends.org) was named on the FOG ransomware data-leak (extortion) site on 2025-03-20.
Victim Newtown Friends School (newtownfriends.org)
Obra Play was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-20.
Victim Obra Play
Whittaker & Company was named on the Spacebears ransomware data-leak (extortion) site on 2025-03-20.
Victim Whittaker & Company
www.georgehay.co.uk was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-20.
Victim www.georgehay.co.uk
www.janvier-labs.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-20.
Victim www.janvier-labs.com
yano.tokyo was named on the Blackout ransomware data-leak (extortion) site on 2025-03-20.
Victim yano.tokyo
alphaoil.ca was named on the Incransom ransomware data-leak (extortion) site on 2025-03-19.
Victim alphaoil.ca
controlledair.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-19.
Victim controlledair.com
Coopertruni was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-19.
Victim Coopertruni
Kiribati Government was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-19.
Victim Kiribati Government
newhollandwood.com was named on the Incransom ransomware data-leak (extortion) site on 2025-03-19.
Victim newhollandwood.com
Palomino Petroleum was named on the Lynx ransomware data-leak (extortion) site on 2025-03-19.
Victim Palomino Petroleum
Q railing was named on the Play ransomware data-leak (extortion) site on 2025-03-19.
Victim Q railing
THX Transport was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-19.
Victim THX Transport
warmsworth.doncaster.sch.uk was named on the Incransom ransomware data-leak (extortion) site on 2025-03-19.
Victim warmsworth.doncaster.sch.uk
51talk.com was named on the LockBit ransomware data-leak (extortion) site on 2025-03-18.
Victim 51talk.com
airtelligence.com was named on the Incransom ransomware data-leak (extortion) site on 2025-03-18.
Victim airtelligence.com
AMICIO was named on the Lynx ransomware data-leak (extortion) site on 2025-03-18.
Victim AMICIO
CD was named on the Monti ransomware data-leak (extortion) site on 2025-03-18.
Victim CD
expertdata.com.au was named on the Incransom ransomware data-leak (extortion) site on 2025-03-18.
Victim expertdata.com.au
gaertnerhof-jeutter.de was named on the Incransom ransomware data-leak (extortion) site on 2025-03-18.
Victim gaertnerhof-jeutter.de
Gloria Cales was named on the Monti ransomware data-leak (extortion) site on 2025-03-18.
Victim Gloria Cales
Harcourts Prime Properties was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-18.
Victim Harcourts Prime Properties
Ted Hosmer Enterprises was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-18.
Victim Ted Hosmer Enterprises
assaabloy.com\$14.4B\Sweden\229GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.
Victim assaabloy.com\$14.4B\Sweden\229GB\<1% DISCLOSED
baillie.com\$130.5M\USA\52GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.
Victim baillie.com\$130.5M\USA\52GB\100% DISCLOSED
bluedge.com\$104.5M\USA\994GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.
Victim bluedge.com\$104.5M\USA\994GB\100% DISCLOSED
CableVision was named on the Hunters International ransomware data-leak (extortion) site on 2025-03-17.
Victim CableVision
ccktech.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-17.
Victim ccktech.com
kyb.com\$600.5M\USA\1.8TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.
Victim kyb.com\$600.5M\USA\1.8TB\<1% DISCLOSED
oneill.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-17.
Victim oneill.com
RAE (Real Academia Espaรฑola) (rae.es) was named on the FOG ransomware data-leak (extortion) site on 2025-03-17.
Victim RAE (Real Academia Espaรฑola) (rae.es)
rocketstores.com\$738.9M\USA\3.2TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.
Victim rocketstores.com\$738.9M\USA\3.2TB\100% DISCLOSED
tempel.com\$628.7M\USA\111GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.
Victim tempel.com\$628.7M\USA\111GB\100% DISCLOSED
thermoid.com\$183.2M\USA\199GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.
Victim thermoid.com\$183.2M\USA\199GB\100% DISCLOSED
urban1.com\$460.3M\USA\2.5TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.
Victim urban1.com\$460.3M\USA\2.5TB\100% DISCLOSED
www.baxterlaboratories.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-17.
Victim www.baxterlaboratories.com
www.jhayber.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-17.
Victim www.jhayber.com
Courageous Home Care was named on the Hunters International ransomware data-leak (extortion) site on 2025-03-16.
Victim Courageous Home Care
www.ameda.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-16.
Victim www.ameda.com
yeanshalle.de was named on the Incransom ransomware data-leak (extortion) site on 2025-03-15.
Victim yeanshalle.de
Bancroft Wines was named on the Incransom ransomware data-leak (extortion) site on 2025-03-14.
Victim Bancroft Wines
Casale Del Giglio was named on the Orca ransomware data-leak (extortion) site on 2025-03-14.
Victim Casale Del Giglio
Fulcrum Lifting was named on the Lynx ransomware data-leak (extortion) site on 2025-03-14.
Victim Fulcrum Lifting
idcconstruction.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-14.
Victim idcconstruction.com
Indiv Usa was named on the Lynx ransomware data-leak (extortion) site on 2025-03-14.
Victim Indiv Usa
jennyyoo.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-14.
Victim jennyyoo.com
mdm-insurance.com was named on the Abyss ransomware data-leak (extortion) site on 2025-03-14.
Victim mdm-insurance.com
Perrigo Company was named on the Termite ransomware data-leak (extortion) site on 2025-03-14.
Victim Perrigo Company
Tryon was named on the Lynx ransomware data-leak (extortion) site on 2025-03-14.
Victim Tryon
Backes was named on the Play ransomware data-leak (extortion) site on 2025-03-13.
Victim Backes
Best Cheer Stone was named on the Play ransomware data-leak (extortion) site on 2025-03-13.
Victim Best Cheer Stone
chfindustries.com\$253.8M\USA\2.5TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-13.
Victim chfindustries.com\$253.8M\USA\2.5TB\100% DISCLOSED
Cothron's Security Professionals was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-13.
Victim Cothron's Security Professionals
dtrglaw.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-13.
Victim dtrglaw.com
fstlogistics.com was named on the Lynx ransomware data-leak (extortion) site on 2025-03-13.
Victim fstlogistics.com
Harrells.com was named on the Lynx ransomware data-leak (extortion) site on 2025-03-13.
Victim Harrells.com
muellersyste was named on the LockBit ransomware data-leak (extortion) site on 2025-03-13.
Victim muellersyste
rixos.com was named on the Embargo ransomware data-leak (extortion) site on 2025-03-13.
Victim rixos.com
SL Tennessee Information was named on the Play ransomware data-leak (extortion) site on 2025-03-13.
Victim SL Tennessee Information
University Diagnostic Medical Imaging, PC (udmi.net) was named on the FOG ransomware data-leak (extortion) site on 2025-03-13.
Victim University Diagnostic Medical Imaging, PC (udmi.net)
www.raymond.in was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-13.
Victim www.raymond.in
baillie.com\$130.5M\USA\52GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-12.
Victim baillie.com\$130.5M\USA\52GB\<1% DISCLOSED
El Camino Real Academy (elcaminorealacademy) was named on the FOG ransomware data-leak (extortion) site on 2025-03-12.
Victim El Camino Real Academy (elcaminorealacademy)
HYPERNOVA TELECOM was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-12.
Victim HYPERNOVA TELECOM
HYPONAMIRU was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-12.
Victim HYPONAMIRU
rocketstores.com\$738.9M\USA\3.2TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-12.
Victim rocketstores.com\$738.9M\USA\3.2TB\<1% DISCLOSED
tempel.com\$628.7M\USA\111GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-12.
Victim tempel.com\$628.7M\USA\111GB\<1% DISCLOSED
thermoid.com\$183.2M\USA\199GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-12.
Victim thermoid.com\$183.2M\USA\199GB\<1% DISCLOSED
TUV India Pvt. Ltd. was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-03-12.
Victim TUV India Pvt. Ltd.
urban1.com\$460.3M\USA\2.5TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-12.
Victim urban1.com\$460.3M\USA\2.5TB\<1% DISCLOSED
www.visualisation.one was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-12.
Victim www.visualisation.one
ciscientific.com.au was named on the Lynx ransomware data-leak (extortion) site on 2025-03-11.
Victim ciscientific.com.au
Edesur Dominicana was named on the Hunters International ransomware data-leak (extortion) site on 2025-03-11.
Victim Edesur Dominicana
Essex County OB/GYN Associates was named on the Incransom ransomware data-leak (extortion) site on 2025-03-11.
Victim Essex County OB/GYN Associates
Longue Vue Club was named on the Lynx ransomware data-leak (extortion) site on 2025-03-11.
Victim Longue Vue Club
quigleyeye.com\$33.6M\USA\3.4TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-11.
Victim quigleyeye.com\$33.6M\USA\3.4TB\100% DISCLOSED
Research Electronics International was named on the Nitrogen ransomware data-leak (extortion) site on 2025-03-11.
Victim Research Electronics International
Skyward Specialty Insurance was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-11.
Victim Skyward Specialty Insurance
Springfield Water and Sewer Commission was named on the Lynx ransomware data-leak (extortion) site on 2025-03-11.
Victim Springfield Water and Sewer Commission
Trymata was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-11.
Victim Trymata
Wilkinson Rogers (wilkinsonrogers.com) was named on the FOG ransomware data-leak (extortion) site on 2025-03-11.
Victim Wilkinson Rogers (wilkinsonrogers.com)
wmk-hvb.de was named on the Incransom ransomware data-leak (extortion) site on 2025-03-11.
Victim wmk-hvb.de
aiibeauty.com\$274.8M\USA\508GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-10.
Victim aiibeauty.com\$274.8M\USA\508GB\100% DISCLOSED
amalgamatedsugar.com\$764.8 M\USA\464GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-10.
Victim amalgamatedsugar.com\$764.8 M\USA\464GB\100% DISCLOSED
caltrol.com\$296.3M\USA\224GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-10.
Victim caltrol.com\$296.3M\USA\224GB\100% DISCLOSED
dccsagroup.com&csahome.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-10.
Victim dccsagroup.com&csahome.com
[DISCLOSED]Nationz Technologies Inc. was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-03-10.
Victim [DISCLOSED]Nationz Technologies Inc.
formanmills.com\$422.2M\USA\846GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-10.
Victim formanmills.com\$422.2M\USA\846GB\100% DISCLOSED
Fred Salvucci was named on the Kairos ransomware data-leak (extortion) site on 2025-03-10.
Victim Fred Salvucci
Magnolia Manor (magnoliamanor.com) was named on the FOG ransomware data-leak (extortion) site on 2025-03-10.
Victim Magnolia Manor (magnoliamanor.com)
pace-usa.com\$134.4M\USA\65GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-10.
Victim pace-usa.com\$134.4M\USA\65GB\100% DISCLOSED
steelwarehouse.com\$570.3M\USA\679GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-10.
Victim steelwarehouse.com\$570.3M\USA\679GB\100% DISCLOSED
www.hexosys.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-10.
Victim www.hexosys.com
ACTi Corporation was named on the Lynx ransomware data-leak (extortion) site on 2025-03-09.
Victim ACTi Corporation
baldaufarchitekten.de was named on the Incransom ransomware data-leak (extortion) site on 2025-03-09.
Victim baldaufarchitekten.de
BerksBar.org was named on the Incransom ransomware data-leak (extortion) site on 2025-03-09.
Victim BerksBar.org
British virgin islands London Office was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-09.
Victim British virgin islands London Office
Buckley BalaWilson Mew was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
Victim Buckley BalaWilson Mew
Clawson Honda was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
Victim Clawson Honda
Compound Solutions was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
Victim Compound Solutions
Dectron was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
Victim Dectron
emperors.edu was named on the Incransom ransomware data-leak (extortion) site on 2025-03-09.
Victim emperors.edu
Gevril was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
Victim Gevril
Greenwood Village South GVS was named on the Incransom ransomware data-leak (extortion) site on 2025-03-09.
Victim Greenwood Village South GVS
Holiday Comfort was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
Victim Holiday Comfort
Insider Technologies Limited was named on the Embargo ransomware data-leak (extortion) site on 2025-03-09.
Victim Insider Technologies Limited
Jerue Companies was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
Victim Jerue Companies
Nor Arc was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
Victim Nor Arc
Peak Season was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
Victim Peak Season
Salemerode.com was named on the Flocker ransomware data-leak (extortion) site on 2025-03-09.
Victim Salemerode.com
State Bar of Texas (www.texasbar.com) was named on the Incransom ransomware data-leak (extortion) site on 2025-03-09.
Victim State Bar of Texas (www.texasbar.com)
Syma-System was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
Victim Syma-System
T J Machine & Tool was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
Victim T J Machine & Tool
williampevear.com was named on the Incransom ransomware data-leak (extortion) site on 2025-03-09.
Victim williampevear.com
wog-kaiserbaeder.de was named on the Incransom ransomware data-leak (extortion) site on 2025-03-09.
Victim wog-kaiserbaeder.de
Yorke & Curtis was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
Victim Yorke & Curtis
mitchellmcnutt.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-08.
Victim mitchellmcnutt.com
Tech NH was named on the Lynx ransomware data-leak (extortion) site on 2025-03-08.
Victim Tech NH
www.dcarosolutions.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-08.
Victim www.dcarosolutions.com
www.jpwindustries.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-08.
Victim www.jpwindustries.com
ACDC Express was named on the Lynx ransomware data-leak (extortion) site on 2025-03-07.
Victim ACDC Express
Allworx was named on the BianLian ransomware data-leak (extortion) site on 2025-03-07.
Victim Allworx
alphabaking.com\$421.9M\USA\1TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-07.
Victim alphabaking.com\$421.9M\USA\1TB\100% DISCLOSED
associatedasset.com\$288M\USA\26GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-07.
Victim associatedasset.com\$288M\USA\26GB\100% DISCLOSED
bayvillage.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-07.
Victim bayvillage.org
grede.com\$814.7M\USA\524GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-07.
Victim grede.com\$814.7M\USA\524GB\100% DISCLOSED
Island Realty was named on the BianLian ransomware data-leak (extortion) site on 2025-03-07.
Victim Island Realty
lofotenseafood.com was named on the Lynx ransomware data-leak (extortion) site on 2025-03-07.
Victim lofotenseafood.com
Minnesota Orthodontics was named on the BianLian ransomware data-leak (extortion) site on 2025-03-07.
Victim Minnesota Orthodontics
REYCOTEL was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-07.
Victim REYCOTEL
srmg.com.au was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-07.
Victim srmg.com.au
total-ps.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-07.
Victim total-ps.com
wheats.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-07.
Victim wheats.com
Adval Tech was named on the Lynx ransomware data-leak (extortion) site on 2025-03-06.
Victim Adval Tech
agi.net was named on the Monti ransomware data-leak (extortion) site on 2025-03-06.
Victim agi.net
Dynamic Closures was named on the Lynx ransomware data-leak (extortion) site on 2025-03-06.
Victim Dynamic Closures
electrocraft.com\$190.1M\USA\477GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-06.
Victim electrocraft.com\$190.1M\USA\477GB\100% DISCLOSED
hickorylaw.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-06.
Victim hickorylaw.com
holtcat.com\$1B\USA\868GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-06.
Victim holtcat.com\$1B\USA\868GB\100% DISCLOSED
lovesac.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-06.
Victim lovesac.com
Naples Heritage Golf & Country Club was named on the Incransom ransomware data-leak (extortion) site on 2025-03-06.
Victim Naples Heritage Golf & Country Club
Oberlin Cable Co-op (oberlin.net) was named on the FOG ransomware data-leak (extortion) site on 2025-03-06.
Victim Oberlin Cable Co-op (oberlin.net)
stanleyconsultants.com\$190.5M\USA\388GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-06.
Victim stanleyconsultants.com\$190.5M\USA\388GB\100% DISCLOSED
Tugwell Pump & Supply was named on the Lynx ransomware data-leak (extortion) site on 2025-03-06.
Victim Tugwell Pump & Supply
WJCC Public Schools (wjccschools.org) was named on the FOG ransomware data-leak (extortion) site on 2025-03-06.
Victim WJCC Public Schools (wjccschools.org)
www.centersheetmetal.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-06.
Victim www.centersheetmetal.com
www.convention.qc.ca was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-06.
Victim www.convention.qc.ca
www.hinton.ca was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-06.
Victim www.hinton.ca
www.portlandschools.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-06.
Victim www.portlandschools.org
Best Collateral, Inc. was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-05.
Victim Best Collateral, Inc.
Pervedant was named on the Lynx ransomware data-leak (extortion) site on 2025-03-05.
Victim Pervedant
Schmiedetechnik Plettenberg GmbH & Co KG was named on the Lynx ransomware data-leak (extortion) site on 2025-03-05.
Victim Schmiedetechnik Plettenberg GmbH & Co KG
SCOLARO FETTER GRIZANTI & McGOUGH, P.C. (scolaro.com) was named on the FOG ransomware data-leak (extortion) site on 2025-03-05.
Victim SCOLARO FETTER GRIZANTI & McGOUGH, P.C. (scolaro.com)
The 19 biggest gitlabs was named on the FOG ransomware data-leak (extortion) site on 2025-03-05.
Victim The 19 biggest gitlabs
USA Rice<br /> was named on the Kairos ransomware data-leak (extortion) site on 2025-03-05.
Victim USA Rice<br />
www.black-star.fr was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-05.
Victim www.black-star.fr
www.cda.be was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-05.
Victim www.cda.be
www.japanrebuilt.jp was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-05.
Victim www.japanrebuilt.jp
www.sunsweet.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-05.
Victim www.sunsweet.com
365labs - Security Corp was named on the Monti ransomware data-leak (extortion) site on 2025-03-04.
Victim 365labs - Security Corp
Brien, Inc. was named on the BianLian ransomware data-leak (extortion) site on 2025-03-04.
Victim Brien, Inc.
dsrny.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-04.
Victim dsrny.com
Ewald Consulting was named on the BianLian ransomware data-leak (extortion) site on 2025-03-04.
Victim Ewald Consulting
Garner, P.C. was named on the BianLian ransomware data-leak (extortion) site on 2025-03-04.
Victim Garner, P.C.
goencon.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-04.
Victim goencon.com
Grupo Baston Aerossol (baston.com.br) was named on the FOG ransomware data-leak (extortion) site on 2025-03-04.
Victim Grupo Baston Aerossol (baston.com.br)
Keystone Pacific Property Management LLC was named on the BianLian ransomware data-leak (extortion) site on 2025-03-04.
Victim Keystone Pacific Property Management LLC
Layfield and Borel CPA's L.L.C was named on the BianLian ransomware data-leak (extortion) site on 2025-03-04.
Victim Layfield and Borel CPA's L.L.C
Legal Aid Society of Salt Lake was named on the BianLian ransomware data-leak (extortion) site on 2025-03-04.
Victim Legal Aid Society of Salt Lake
Pampili (pampili.com.br) was named on the FOG ransomware data-leak (extortion) site on 2025-03-04.
Victim Pampili (pampili.com.br)
Phoenix was named on the Monti ransomware data-leak (extortion) site on 2025-03-04.
Victim Phoenix
Seabank Group was named on the Lynx ransomware data-leak (extortion) site on 2025-03-04.
Victim Seabank Group
Tata Technologies was named on the Hunters International ransomware data-leak (extortion) site on 2025-03-04.
Victim Tata Technologies
Wendy Wu Tours was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-04.
Victim Wendy Wu Tours
almostfamousclothing.com\$183M\USA\375GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-03.
Victim almostfamousclothing.com\$183M\USA\375GB\100% DISCLOSED
andreyevengineering.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-03.
Victim andreyevengineering.com
Central McGowan (centralmcgowan.com) was named on the FOG ransomware data-leak (extortion) site on 2025-03-03.
Victim Central McGowan (centralmcgowan.com)
ceratec.com was named on the Abyss ransomware data-leak (extortion) site on 2025-03-03.
Victim ceratec.com
everelgroup.com\$259M\Italy\440GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-03.
Victim everelgroup.com\$259M\Italy\440GB\100% DISCLOSED
familychc.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-03.
Victim familychc.com
Grafitec was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.
Victim Grafitec
ICO was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.
Victim ICO
Itapeseg was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.
Victim Itapeseg
K**d.edu was named on the Flocker ransomware data-leak (extortion) site on 2025-03-03.
Victim K**d.edu
Klesk Metal Stamping Co (kleskmetalstamping.com) was named on the FOG ransomware data-leak (extortion) site on 2025-03-03.
Victim Klesk Metal Stamping Co (kleskmetalstamping.com)
La Uniรณn was named on the Lynx ransomware data-leak (extortion) site on 2025-03-03.
Victim La Uniรณn
LINKGROUP was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.
Victim LINKGROUP
logic insectes was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.
Victim logic insectes
New .Gov ? was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.
Victim New .Gov ?
Openreso was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.
Victim Openreso
quigleyeye.com\$33.6M\USA\435GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-03.
Victim quigleyeye.com\$33.6M\USA\435GB\<1% DISCLOSED
regulvar.com\$253.5M\Canada\3.6TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-03.
Victim regulvar.com\$253.5M\Canada\3.6TB\100% DISCLOSED
RJ IT Solutions was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.
Victim RJ IT Solutions
S********e.com was named on the Flocker ransomware data-leak (extortion) site on 2025-03-03.
Victim S********e.com
ssmcoop.com\$22.5M\USA\26GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-03.
Victim ssmcoop.com\$22.5M\USA\26GB\100% DISCLOSED
synaptic.co.tz was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.
Victim synaptic.co.tz
Vitenas Cosmetic Surgery was named on the Kairos ransomware data-leak (extortion) site on 2025-03-03.
Victim Vitenas Cosmetic Surgery
bestbrands.com\$25.5M\USA\659GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.
Victim bestbrands.com\$25.5M\USA\659GB\100% DISCLOSED
britannicahome.com\$20.6M\USA\2.8TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.
Victim britannicahome.com\$20.6M\USA\2.8TB\100% DISCLOSED
Couri Insurance Agency was named on the Play ransomware data-leak (extortion) site on 2025-03-02.
Victim Couri Insurance Agency
FM.GOB.AR was named on the Monti ransomware data-leak (extortion) site on 2025-03-02.
Victim FM.GOB.AR
Ganong Bros was named on the Play ransomware data-leak (extortion) site on 2025-03-02.
Victim Ganong Bros
germancentre.sg was named on the Incransom ransomware data-leak (extortion) site on 2025-03-02.
Victim germancentre.sg
gruppocogesi.org was named on the LockBit ransomware data-leak (extortion) site on 2025-03-02.
Victim gruppocogesi.org
International Process Plants was named on the Play ransomware data-leak (extortion) site on 2025-03-02.
Victim International Process Plants
IT-IQ Botswana was named on the Play ransomware data-leak (extortion) site on 2025-03-02.
Victim IT-IQ Botswana
kinseysinc.com\$74.9M\USA\675GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.
Victim kinseysinc.com\$74.9M\USA\675GB\100% DISCLOSED
M&n Management was named on the Play ransomware data-leak (extortion) site on 2025-03-02.
Victim M&n Management
midwayimporting.com\$43.7M\USA\915GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.
Victim midwayimporting.com\$43.7M\USA\915GB\100% DISCLOSED
newhorizonsbaking.com\$163M\USA\455GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.
Victim newhorizonsbaking.com\$163M\USA\455GB\100% DISCLOSED
North American Fire Hose was named on the Play ransomware data-leak (extortion) site on 2025-03-02.
Victim North American Fire Hose
Optometrics was named on the Play ransomware data-leak (extortion) site on 2025-03-02.
Victim Optometrics
Pre Con Industries was named on the Play ransomware data-leak (extortion) site on 2025-03-02.
Victim Pre Con Industries
revitalash.com\$21.5M\USA\1.2TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.
Victim revitalash.com\$21.5M\USA\1.2TB\100% DISCLOSED
steelerubber.com\$17.9M\USA\116GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.
Victim steelerubber.com\$17.9M\USA\116GB\100% DISCLOSED
uniekinc.com\$37.5M\USA\1.8TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.
Victim uniekinc.com\$37.5M\USA\1.8TB\100% DISCLOSED
Workforce Group was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-02.
Victim Workforce Group
breakawayconcretecutting.com was named on the Incransom ransomware data-leak (extortion) site on 2025-03-01.
Victim breakawayconcretecutting.com
Newton & Associates, Inc was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-01.
Victim Newton & Associates, Inc
associatedasset.com\$288M\USA\26GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.
Victim associatedasset.com\$288M\USA\26GB\<1% DISCLOSED
branchgroup.com\$333M\USA\253GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.
Victim branchgroup.com\$333M\USA\253GB\<1% DISCLOSED
curtisint.com\$37.2M\Canada\676GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.
Victim curtisint.com\$37.2M\Canada\676GB\100% DISCLOSED
electrocraft.com\$190.1M\USA\477GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.
Victim electrocraft.com\$190.1M\USA\477GB\<1% DISCLOSED
Engineering Mechanics was named on the Lynx ransomware data-leak (extortion) site on 2025-02-28.
Victim Engineering Mechanics
grede.com\$814.7M\USA\524gb\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.
Victim grede.com\$814.7M\USA\524gb\<1% DISCLOSED
Inversiones Clinica Del Meta SA was named on the Ransomblog_noname ransomware data-leak (extortion) site on 2025-02-28.
Victim Inversiones Clinica Del Meta SA
pace-usa.com\$134.4M\USA\65gb\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.
Victim pace-usa.com\$134.4M\USA\65gb\<1% DISCLOSED
stanleyconsultants.com\$190.5M\USA\388GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.
Victim stanleyconsultants.com\$190.5M\USA\388GB\<1% DISCLOSED
steelwarehouse.com\$570.3M\USA\679gb\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.
Victim steelwarehouse.com\$570.3M\USA\679gb\<1% DISCLOSED
sublettecountywy.gov was named on the Incransom ransomware data-leak (extortion) site on 2025-02-28.
Victim sublettecountywy.gov
uniquehd.com\$13.7M\USA\429GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.
Victim uniquehd.com\$13.7M\USA\429GB\100% DISCLOSED
www.casinoessentials.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-28.
Victim www.casinoessentials.com
www.journeyoilfield.net was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-28.
Victim www.journeyoilfield.net
Biogena GmbH & Co KG was named on the Lynx ransomware data-leak (extortion) site on 2025-02-27.
Victim Biogena GmbH & Co KG
jtu.com.br was named on the LockBit ransomware data-leak (extortion) site on 2025-02-27.
Victim jtu.com.br
teamwass.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-27.
Victim teamwass.com
www.nasonptc.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-27.
Victim www.nasonptc.com
www.townofbourne.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-27.
Victim www.townofbourne.com
3cBSI was named on the Play ransomware data-leak (extortion) site on 2025-02-26.
Victim 3cBSI
alphabaking.com\$421.9M\USA\1TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-26.
Victim alphabaking.com\$421.9M\USA\1TB\<1% DISCLOSED
Arcandco was named on the Termite ransomware data-leak (extortion) site on 2025-02-26.
Victim Arcandco
caltrol.com\$296.3M\USA\224gb\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-26.
Victim caltrol.com\$296.3M\USA\224gb\<1% DISCLOSED
Finck Cigar was named on the Play ransomware data-leak (extortion) site on 2025-02-26.
Victim Finck Cigar
Genea was named on the Termite ransomware data-leak (extortion) site on 2025-02-26.
Victim Genea
Gitlabs: Synelixis Solutions, INGV, VMO Holdings was named on the FOG ransomware data-leak (extortion) site on 2025-02-26.
Victim Gitlabs: Synelixis Solutions, INGV, VMO Holdings
holtcat.com\$1B\USA\868GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-26.
Victim holtcat.com\$1B\USA\868GB\<1% DISCLOSED
ITU AbsorbTech was named on the Lynx ransomware data-leak (extortion) site on 2025-02-26.
Victim ITU AbsorbTech
Kendall Auto Group was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-26.
Victim Kendall Auto Group
London Belgravia was named on the Termite ransomware data-leak (extortion) site on 2025-02-26.
Victim London Belgravia
Muller Insurance was named on the Play ransomware data-leak (extortion) site on 2025-02-26.
Victim Muller Insurance
National Legal Service was named on the Termite ransomware data-leak (extortion) site on 2025-02-26.
Victim National Legal Service
Nationz Technologies Inc. was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-02-26.
Victim Nationz Technologies Inc.
Nichino Ryokka Co Ltd was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-26.
Victim Nichino Ryokka Co Ltd
Omni United was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-26.
Victim Omni United
powelltool.com was named on the Lynx ransomware data-leak (extortion) site on 2025-02-26.
Victim powelltool.com
Rooks Rider Solicitors was named on the Termite ransomware data-leak (extortion) site on 2025-02-26.
Victim Rooks Rider Solicitors
Story Environmental was named on the Play ransomware data-leak (extortion) site on 2025-02-26.
Victim Story Environmental
Vermeer Mexico was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-26.
Victim Vermeer Mexico
www.amerasphalt.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-26.
Victim www.amerasphalt.com
www.cmsg.cl was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-26.
Victim www.cmsg.cl
www.emeryair.net was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-26.
Victim www.emeryair.net
www.envirolabsinc.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-26.
Victim www.envirolabsinc.com
www.kppm.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-26.
Victim www.kppm.com
www.newburghhealthcarecenter.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-26.
Victim www.newburghhealthcarecenter.com
www.obrienavocats.qc.ca was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-26.
Victim www.obrienavocats.qc.ca
acmefan.com was named on the Lynx ransomware data-leak (extortion) site on 2025-02-25.
Victim acmefan.com
ALCOTT HR GROUP was named on the Play ransomware data-leak (extortion) site on 2025-02-25.
Victim ALCOTT HR GROUP
bluedge.com\$104.5M\USA\994GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-25.
Victim bluedge.com\$104.5M\USA\994GB\<1% DISCLOSED
Convert Solar was named on the Play ransomware data-leak (extortion) site on 2025-02-25.
Victim Convert Solar
essenzamovies.com.br was named on the LockBit ransomware data-leak (extortion) site on 2025-02-25.
Victim essenzamovies.com.br
Fairhaven Shipyard Companies was named on the Play ransomware data-leak (extortion) site on 2025-02-25.
Victim Fairhaven Shipyard Companies
First Federal Savings & Loan was named on the Play ransomware data-leak (extortion) site on 2025-02-25.
Victim First Federal Savings & Loan
GANRO was named on the Lynx ransomware data-leak (extortion) site on 2025-02-25.
Victim GANRO
hgmlegal.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.
Victim hgmlegal.com
lifting.com\$135.8M\USA\1.4TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-25.
Victim lifting.com\$135.8M\USA\1.4TB\<1% DISCLOSED
megamtls.com was named on the Incransom ransomware data-leak (extortion) site on 2025-02-25.
Victim megamtls.com
neatem.fr | Update! was named on the Braincipher ransomware data-leak (extortion) site on 2025-02-25.
Victim neatem.fr | Update!
ossc.mx was named on the LockBit ransomware data-leak (extortion) site on 2025-02-25.
Victim ossc.mx
pacresmortgage.com was named on the Lynx ransomware data-leak (extortion) site on 2025-02-25.
Victim pacresmortgage.com
PPS Services Group was named on the Lynx ransomware data-leak (extortion) site on 2025-02-25.
Victim PPS Services Group
Radco Industries was named on the Play ransomware data-leak (extortion) site on 2025-02-25.
Victim Radco Industries
South Georgia Accounting Services was named on the Spacebears ransomware data-leak (extortion) site on 2025-02-25.
Victim South Georgia Accounting Services
tequaly.com was named on the Embargo ransomware data-leak (extortion) site on 2025-02-25.
Victim tequaly.com
unila.edu.mx was named on the LockBit ransomware data-leak (extortion) site on 2025-02-25.
Victim unila.edu.mx
Vvf Ilinois Services was named on the Lynx ransomware data-leak (extortion) site on 2025-02-25.
Victim Vvf Ilinois Services
welcompanies.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.
Victim welcompanies.com
www.ateliermonarque.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.
Victim www.ateliermonarque.com
www.avalon-hotel.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.
Victim www.avalon-hotel.com
www.bwdtechnology.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.
Victim www.bwdtechnology.com
www.confabca.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.
Victim www.confabca.com
www.rgb.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.
Victim www.rgb.com
www.wpisd.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.
Victim www.wpisd.com
Xepa Soul was named on the Lynx ransomware data-leak (extortion) site on 2025-02-25.
Victim Xepa Soul
aiibeauty.com\$274.8M\USA\508GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-24.
Victim aiibeauty.com\$274.8M\USA\508GB\<1% DISCLOSED
amalgamatedsugar.com\$764.8 M\USA\464gb\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-24.
Victim amalgamatedsugar.com\$764.8 M\USA\464gb\<1% DISCLOSED
chfindustries.com\$253.8M\USA\2.5TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-24.
Victim chfindustries.com\$253.8M\USA\2.5TB\<1% DISCLOSED
compactmould.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-24.
Victim compactmould.com
denbyco.co.uk was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-24.
Victim denbyco.co.uk
[DISCLOSED] Aishu, Eshoo was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-02-24.
Victim [DISCLOSED] Aishu, Eshoo
everelgroup.com\$259M\Italy\440GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-24.
Victim everelgroup.com\$259M\Italy\440GB\<1% DISCLOSED
[EVIDENCE] Aishu, Eshoo was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-02-24.
Victim [EVIDENCE] Aishu, Eshoo
Fireplace Warehouse was named on the Kairos ransomware data-leak (extortion) site on 2025-02-24.
Victim Fireplace Warehouse
formanmills.com\$422.2M\USA\846gb\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-24.
Victim formanmills.com\$422.2M\USA\846gb\<1% DISCLOSED
Geokon was named on the Lynx ransomware data-leak (extortion) site on 2025-02-24.
Victim Geokon
IDEA Expertises was named on the Lynx ransomware data-leak (extortion) site on 2025-02-24.
Victim IDEA Expertises
Planet One was named on the Lynx ransomware data-leak (extortion) site on 2025-02-24.
Victim Planet One
regulvar.com\$253.5M\Canada\3.6TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-24.
Victim regulvar.com\$253.5M\Canada\3.6TB\<1% DISCLOSED
Stรผrmer Maschinen was named on the Lynx ransomware data-leak (extortion) site on 2025-02-24.
Victim Stรผrmer Maschinen
BluAgent Technologies, Inc was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-23.
Victim BluAgent Technologies, Inc
G& was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-23.
Victim G&
Gitlabs: Naphix, WDNA, Bayteq was named on the FOG ransomware data-leak (extortion) site on 2025-02-23.
Victim Gitlabs: Naphix, WDNA, Bayteq
Novi Community School District was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-23.
Victim Novi Community School District
ondaralogistica.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-23.
Victim ondaralogistica.com
Shaghalni was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-23.
Victim Shaghalni
www.famcomachine.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-23.
Victim www.famcomachine.com
alleghenybradford.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-22.
Victim alleghenybradford.com
CCOO Servicios was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-22.
Victim CCOO Servicios
evergreenpnw.com was named on the Incransom ransomware data-leak (extortion) site on 2025-02-22.
Victim evergreenpnw.com
Excel Security was named on the Lynx ransomware data-leak (extortion) site on 2025-02-22.
Victim Excel Security
Peter Glenn Ski Sport was named on the Rhysida ransomware data-leak (extortion) site on 2025-02-22.
Victim Peter Glenn Ski Sport
SPEED Co was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-22.
Victim SPEED Co
teamsters175.org was named on the Incransom ransomware data-leak (extortion) site on 2025-02-22.
Victim teamsters175.org
guadeloupeformation.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.
Victim guadeloupeformation.com
headcount.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.
Victim headcount.com
jindalgroup.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.
Victim jindalgroup.com
(kc2) geokon.com was named on the Lynx ransomware data-leak (extortion) site on 2025-02-21.
Victim (kc2) geokon.com
planetone-asia.com was named on the Lynx ransomware data-leak (extortion) site on 2025-02-21.
Victim planetone-asia.com
statesideseattle.com was named on the Incransom ransomware data-leak (extortion) site on 2025-02-21.
Victim statesideseattle.com
www.elecgalapagos.com.ec was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.
Victim www.elecgalapagos.com.ec
www.electro-fusion.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.
Victim www.electro-fusion.com
www.fla-esq.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.
Victim www.fla-esq.com
www.midwestvascular.net was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.
Victim www.midwestvascular.net
www.nola-law.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.
Victim www.nola-law.com
www.saracenproperties.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.
Victim www.saracenproperties.com
www.witheyaddison.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.
Victim www.witheyaddison.com
californiaclingpeaches.com was named on the Incransom ransomware data-leak (extortion) site on 2025-02-20.
Victim californiaclingpeaches.com
eaglepost.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-20.
Victim eaglepost.com
ehdd.com was named on the Incransom ransomware data-leak (extortion) site on 2025-02-20.
Victim ehdd.com
Fortune Electric Co Ltd was named on the Lynx ransomware data-leak (extortion) site on 2025-02-20.
Victim Fortune Electric Co Ltd
gilcar.co was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-20.
Victim gilcar.co
Ligentia was named on the Termite ransomware data-leak (extortion) site on 2025-02-20.
Victim Ligentia
Medical File was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-20.
Victim Medical File
newhorizonsbaking.com\$163M\USA\455GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-20.
Victim newhorizonsbaking.com\$163M\USA\455GB\<1% DISCLOSED
www.okddsi.net was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-20.
Victim www.okddsi.net
www.phdental.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-20.
Victim www.phdental.com
www.pransystems.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-20.
Victim www.pransystems.com
www.riverdale.edu was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-20.
Victim www.riverdale.edu
Alabama Ophthalmology Associates was named on the BianLian ransomware data-leak (extortion) site on 2025-02-19.
Victim Alabama Ophthalmology Associates
BeniPlus was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-19.
Victim BeniPlus
Brolly was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-19.
Victim Brolly
DR.Claims FL LLC was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-19.
Victim DR.Claims FL LLC
Eservices.gov.zm was named on the Flocker ransomware data-leak (extortion) site on 2025-02-19.
Victim Eservices.gov.zm
EzyLegal was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-19.
Victim EzyLegal
Gitlabs: Next TI, VISEO, Hochschule Trier was named on the FOG ransomware data-leak (extortion) site on 2025-02-19.
Victim Gitlabs: Next TI, VISEO, Hochschule Trier
Haggin Oaks Golf (hagginoaks.com) was named on the FOG ransomware data-leak (extortion) site on 2025-02-19.
Victim Haggin Oaks Golf (hagginoaks.com)
haleycomfort.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-19.
Victim haleycomfort.com
Help Me Grow Yolo was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-19.
Victim Help Me Grow Yolo
NimuSoft was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-19.
Victim NimuSoft
Pulmonary Physicians of South Florida Clinics | Data security breach! was named on the Braincipher ransomware data-leak (extortion) site on 2025-02-19.
Victim Pulmonary Physicians of South Florida Clinics | Data security breach!
Ranhill Bersekutu was named on the Lynx ransomware data-leak (extortion) site on 2025-02-19.
Victim Ranhill Bersekutu
Revi was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-19.
Victim Revi
Supreme Administrative Court of Bulgaria was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-02-19.
Victim Supreme Administrative Court of Bulgaria
Afa Systems Ltd. was named on the Underground ransomware data-leak (extortion) site on 2025-02-18.
Victim Afa Systems Ltd.
bestbrands.com\$25.5M\USA\659GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-18.
Victim bestbrands.com\$25.5M\USA\659GB\<1% DISCLOSED
boostheat.com was named on the Bashe ransomware data-leak (extortion) site on 2025-02-18.
Victim boostheat.com
Buanderie Centrale de Montreal was named on the Rhysida ransomware data-leak (extortion) site on 2025-02-18.
Victim Buanderie Centrale de Montreal
lavi.co.il was named on the Incransom ransomware data-leak (extortion) site on 2025-02-18.
Victim lavi.co.il
midwayimporting.com\$43.7M\USA\915GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-18.
Victim midwayimporting.com\$43.7M\USA\915GB\<1% DISCLOSED
pyasolutions.com was named on the Incransom ransomware data-leak (extortion) site on 2025-02-18.
Victim pyasolutions.com
ranhillbersekutu.com.my was named on the Lynx ransomware data-leak (extortion) site on 2025-02-18.
Victim ranhillbersekutu.com.my
revitalash.com\$21.5M\USA\1.2TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-18.
Victim revitalash.com\$21.5M\USA\1.2TB\<1% DISCLOSED
uniekinc.com\$37.5M\USA\1.8TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-18.
Victim uniekinc.com\$37.5M\USA\1.8TB\<1% DISCLOSED
www.alphamedctr.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-18.
Victim www.alphamedctr.com
www.ccttechnologies.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-18.
Victim www.ccttechnologies.com
www.copleystoughton.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-18.
Victim www.copleystoughton.com
www.macmed.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-18.
Victim www.macmed.com
www.mwmechanicalinc.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-18.
Victim www.mwmechanicalinc.com
Allied Tenesis was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.
Victim Allied Tenesis
almostfamousclothing.com\$183M\USA\375GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.
Victim almostfamousclothing.com\$183M\USA\375GB\<1% DISCLOSED
Autoschade Pippel was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.
Victim Autoschade Pippel
bisindustries.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-17.
Victim bisindustries.com
Bulldog Oilfield Services was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
Victim Bulldog Oilfield Services
Bushmans was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
Victim Bushmans
Cirion Technologies was named on the Braincipher ransomware data-leak (extortion) site on 2025-02-17.
Victim Cirion Technologies
Cuna Supply was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
Victim Cuna Supply
Dane Court Grammar School was named on the Kairos ransomware data-leak (extortion) site on 2025-02-17.
Victim Dane Court Grammar School
Greencastle-Antrim Senior High School (gcasd.org) was named on the FOG ransomware data-leak (extortion) site on 2025-02-17.
Victim Greencastle-Antrim Senior High School (gcasd.org)
hamton was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.
Victim hamton
Hisingstads Bleck was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.
Victim Hisingstads Bleck
HRS_IDEA_Expertises was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.
Victim HRS_IDEA_Expertises
https://www.dapope.com/ was named on the BlackSuit ransomware data-leak (extortion) site on 2025-02-17.
Victim https://www.dapope.com/
Inland Empire Distribution Systems, Inc. was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
Victim Inland Empire Distribution Systems, Inc.
kinseysinc.com\$74.9M\USA\675GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.
Victim kinseysinc.com\$74.9M\USA\675GB\<1% DISCLOSED
Leadership Strategies was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.
Victim Leadership Strategies
lekiaviation.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-17.
Victim lekiaviation.com
LINTEC & LINNHOFF Holdings was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.
Victim LINTEC & LINNHOFF Holdings
mgainnovation.com\$30.9M\USA\215GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.
Victim mgainnovation.com\$30.9M\USA\215GB\100% DISCLOSED
myhscu.com was named on the Embargo ransomware data-leak (extortion) site on 2025-02-17.
Victim myhscu.com
neatem.fr was named on the Braincipher ransomware data-leak (extortion) site on 2025-02-17.
Victim neatem.fr
northernresponse.com\$17.4M\Canada\366GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.
Victim northernresponse.com\$17.4M\Canada\366GB\100% DISCLOSED
Oxford Companies was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
Victim Oxford Companies
Pedensia Graphics Distribution was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.
Victim Pedensia Graphics Distribution
Persante Health Care was named on the Incransom ransomware data-leak (extortion) site on 2025-02-17.
Victim Persante Health Care
Rheinischer Sch was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
Victim Rheinischer Sch
savoiesfoods.com\$18.2M\USA\95GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.
Victim savoiesfoods.com\$18.2M\USA\95GB\100% DISCLOSED
ssmcoop.com\$22.5M\USA\26GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.
Victim ssmcoop.com\$22.5M\USA\26GB\<1% DISCLOSED
Stage 3 Separation was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
Victim Stage 3 Separation
Startek Peglar & Calcagni was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
Victim Startek Peglar & Calcagni
steelerubber.com\$17.9M\USA\116GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.
Victim steelerubber.com\$17.9M\USA\116GB\<1% DISCLOSED
Swissmem was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-17.
Victim Swissmem
teamwass.com\$676.3M\USA\451GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.
Victim teamwass.com\$676.3M\USA\451GB\<1% DISCLOSED
The Townsley Law Firm Information was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
Victim The Townsley Law Firm Information
Toi Toi USA was named on the Kairos ransomware data-leak (extortion) site on 2025-02-17.
Victim Toi Toi USA
Transkid was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
Victim Transkid
Weed Man Canada was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
Victim Weed Man Canada
Winbas was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.
Victim Winbas
www.macter.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-17.
Victim www.macter.com
Wylie Steel Fabricators was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
Victim Wylie Steel Fabricators
A*u.edu.au was named on the Flocker ransomware data-leak (extortion) site on 2025-02-16.
Victim A*u.edu.au
annegrady.org was named on the Embargo ransomware data-leak (extortion) site on 2025-02-16.
Victim annegrady.org
Gitlabs: Acqua development, QBurst, Pamyra.de was named on the FOG ransomware data-leak (extortion) site on 2025-02-16.
Victim Gitlabs: Acqua development, QBurst, Pamyra.de
Gpstech2007.com was named on the Flocker ransomware data-leak (extortion) site on 2025-02-16.
Victim Gpstech2007.com
Mervis.info was named on the Flocker ransomware data-leak (extortion) site on 2025-02-16.
Victim Mervis.info
Realtime.tw was named on the Flocker ransomware data-leak (extortion) site on 2025-02-16.
Victim Realtime.tw
City of McKinney was named on the Incransom ransomware data-leak (extortion) site on 2025-02-15.
Victim City of McKinney
Empire Home Center was named on the Lynx ransomware data-leak (extortion) site on 2025-02-15.
Victim Empire Home Center
halex.com was named on the Abyss ransomware data-leak (extortion) site on 2025-02-15.
Victim halex.com
(M)Empire-home-center was named on the Lynx ransomware data-leak (extortion) site on 2025-02-15.
Victim (M)Empire-home-center
Northeast Delta Human Services Authority was named on the Incransom ransomware data-leak (extortion) site on 2025-02-15.
Victim Northeast Delta Human Services Authority
saulttribe.com/kewadin.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.
Victim saulttribe.com/kewadin.com
www.310tempering.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.
Victim www.310tempering.com
www.cityoftarrant.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.
Victim www.cityoftarrant.com
www.colacouronnelocations.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.
Victim www.colacouronnelocations.com
www.imgenterprises.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.
Victim www.imgenterprises.com
www.naga.ae was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.
Victim www.naga.ae
www.rowetactical.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.
Victim www.rowetactical.com
www.solardatasystems.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.
Victim www.solardatasystems.com
www.transcend-info.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.
Victim www.transcend-info.com
brockbanks.co.uk was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-14.
Victim brockbanks.co.uk
Heritage South Credit Union was named on the Embargo ransomware data-leak (extortion) site on 2025-02-14.
Victim Heritage South Credit Union
The Agency was named on the Rhysida ransomware data-leak (extortion) site on 2025-02-14.
Victim The Agency
www.calspa.it was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-14.
Victim www.calspa.it
Aspire Rural Health System was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.
Victim Aspire Rural Health System
Ball, LLP was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.
Victim Ball, LLP
Borel CPA's L.L.C was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.
Victim Borel CPA's L.L.C
Dain, Torpy, Le Ray, Wiest and Garner, P.C. was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.
Victim Dain, Torpy, Le Ray, Wiest and Garner, P.C.
enventuregt.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-13.
Victim enventuregt.com
Financial Services of America, Inc. was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.
Victim Financial Services of America, Inc.
Gitlabs: Omydoo, Ayomi, ADULLACT was named on the FOG ransomware data-leak (extortion) site on 2025-02-13.
Victim Gitlabs: Omydoo, Ayomi, ADULLACT
leonardo.com was named on the Threeam ransomware data-leak (extortion) site on 2025-02-13.
Victim leonardo.com
Mozo Grau (mozo-grau.com) was named on the FOG ransomware data-leak (extortion) site on 2025-02-13.
Victim Mozo Grau (mozo-grau.com)
Nash Brothers Construction was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.
Victim Nash Brothers Construction
Nippon Steel USA was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.
Victim Nippon Steel USA
R Molds Inc was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.
Victim R Molds Inc
Shields Facilities Maintenance was named on the Play ransomware data-leak (extortion) site on 2025-02-13.
Victim Shields Facilities Maintenance
snoqualmietribe.us was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-13.
Victim snoqualmietribe.us
alderconstruction.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
Victim alderconstruction.com
askgs.ma was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
Victim askgs.ma
bergconst.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
Victim bergconst.com
britannicahome.com\$20.6M\USA\2.8TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-12.
Victim britannicahome.com\$20.6M\USA\2.8TB\<1% DISCLOSED
burdickpainting.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
Victim burdickpainting.com
columbiacabinets.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
Victim columbiacabinets.com
curtisint.com\$37.2M\Canada\676GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-12.
Victim curtisint.com\$37.2M\Canada\676GB\<1% DISCLOSED
E*******s.gov.zm was named on the Flocker ransomware data-leak (extortion) site on 2025-02-12.
Victim E*******s.gov.zm
ekvallbyrne.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
Victim ekvallbyrne.com
Gitlabs: INGV, Spacemanic, Squeezer-software was named on the FOG ransomware data-leak (extortion) site on 2025-02-12.
Victim Gitlabs: INGV, Spacemanic, Squeezer-software
Hess (hess-gmbh.de) was named on the FOG ransomware data-leak (extortion) site on 2025-02-12.
Victim Hess (hess-gmbh.de)
http://thermaseal.net was named on the Ciphbit ransomware data-leak (extortion) site on 2025-02-12.
Victim http://thermaseal.net
krmcustomhomes.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
Victim krmcustomhomes.com
laderalending.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
Victim laderalending.com
MICRO MANUFACTRING was named on the Ransomblog_noname ransomware data-leak (extortion) site on 2025-02-12.
Victim MICRO MANUFACTRING
minnesotaexteriors.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
Victim minnesotaexteriors.com
Obex Medical was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-12.
Victim Obex Medical
Omni Fiber LLC was named on the Monti ransomware data-leak (extortion) site on 2025-02-12.
Victim Omni Fiber LLC
rogerspetro.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
Victim rogerspetro.com
slchc.edu was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
Victim slchc.edu
Societatea Energetica Electrica S.A. was named on the Lynx ransomware data-leak (extortion) site on 2025-02-12.
Victim Societatea Energetica Electrica S.A.
steveallcorn.remax.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
Victim steveallcorn.remax.com
STIIIZY Full Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-02-12.
Victim STIIIZY Full Data Leak
sundanceliving.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
Victim sundanceliving.com
The Brown & Hurley Group was named on the Lynx ransomware data-leak (extortion) site on 2025-02-12.
Victim The Brown & Hurley Group
thejdkgroup.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
Victim thejdkgroup.com
twncomm.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
Victim twncomm.com
uniquehd.com\$13.7M\USA\429GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-12.
Victim uniquehd.com\$13.7M\USA\429GB\<1% DISCLOSED
weathersa.co.za was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
Victim weathersa.co.za
Aurora Public Schools (aurorak12.org) was named on the FOG ransomware data-leak (extortion) site on 2025-02-11.
Victim Aurora Public Schools (aurorak12.org)
Baltimore Country Club was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
Victim Baltimore Country Club
CESI was named on the Termite ransomware data-leak (extortion) site on 2025-02-11.
Victim CESI
Cold Storage Manufacturing was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
Victim Cold Storage Manufacturing
EAC Consulting was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
Victim EAC Consulting
Fastighetsservice AB was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
Victim Fastighetsservice AB
Hammond Trucking & Excavation was named on the Rhysida ransomware data-leak (extortion) site on 2025-02-11.
Victim Hammond Trucking & Excavation
Jildor Shoes was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
Victim Jildor Shoes
Kensington Glass Arts was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
Victim Kensington Glass Arts
Logix Corporate Solutions was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-11.
Victim Logix Corporate Solutions
Mainline Information Systems was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
Victim Mainline Information Systems
Monroe Transportation Services Inc was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
Victim Monroe Transportation Services Inc
Neaton Auto Products Manufacturing was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
Victim Neaton Auto Products Manufacturing
primesourcestaffing.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-11.
Victim primesourcestaffing.com
ROCK SOLID Stabilization & Reclamation was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
Victim ROCK SOLID Stabilization & Reclamation
Rogers was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-11.
Victim Rogers
Saint George's College (saintgeorge.cl) was named on the FOG ransomware data-leak (extortion) site on 2025-02-11.
Victim Saint George's College (saintgeorge.cl)
sehma.com was named on the Threeam ransomware data-leak (extortion) site on 2025-02-11.
Victim sehma.com
Shinn Fu Company of America was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
Victim Shinn Fu Company of America
sole technology was named on the Monti ransomware data-leak (extortion) site on 2025-02-11.
Victim sole technology
The Children's Center Of Hamden was named on the Incransom ransomware data-leak (extortion) site on 2025-02-11.
Victim The Children's Center Of Hamden
The University of Notre Dame Australia (nd.edu.au) was named on the FOG ransomware data-leak (extortion) site on 2025-02-11.
Victim The University of Notre Dame Australia (nd.edu.au)
Tie Down Engineering was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
Victim Tie Down Engineering
TMC was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-11.
Victim TMC
abcapital.com.ph was named on the LockBit ransomware data-leak (extortion) site on 2025-02-10.
Victim abcapital.com.ph
Albright Institute was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-10.
Victim Albright Institute
ASRAM Medical College and Hospita was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-10.
Victim ASRAM Medical College and Hospita
Atlas Commodities was named on the Lynx ransomware data-leak (extortion) site on 2025-02-10.
Victim Atlas Commodities
bazcooil.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-10.
Victim bazcooil.com
Capital Cell Global (CCG) was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-10.
Victim Capital Cell Global (CCG)
D-7 Roofing was named on the BianLian ransomware data-leak (extortion) site on 2025-02-10.
Victim D-7 Roofing
Enfin was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-10.
Victim Enfin
kaplanstahler.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-10.
Victim kaplanstahler.com
komline.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-10.
Victim komline.com
Lexington Electric was named on the Lynx ransomware data-leak (extortion) site on 2025-02-10.
Victim Lexington Electric
Marshall Motor Holdings was named on the Lynx ransomware data-leak (extortion) site on 2025-02-10.
Victim Marshall Motor Holdings
ome.tv | SOLD was named on the Bashe ransomware data-leak (extortion) site on 2025-02-10.
Victim ome.tv | SOLD
Recievership Specialists was named on the BianLian ransomware data-leak (extortion) site on 2025-02-10.
Victim Recievership Specialists
sdfab.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-10.
Victim sdfab.com
WhoHire was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-10.
Victim WhoHire
www.jsp.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-10.
Victim www.jsp.com
Gitlabs: Universitatea Politehnica din Bucuresti, Maxvy Technologies Pvt, iRidge Inc. was named on the FOG ransomware data-leak (extortion) site on 2025-02-09.
Victim Gitlabs: Universitatea Politehnica din Bucuresti, Maxvy Technologies Pvt, iRidge Inc.
Handala New Telegram Channel was named on the Handala ransomware data-leak (extortion) site on 2025-02-09.
Victim Handala New Telegram Channel
Hpisd.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-09.
Victim Hpisd.org
Israel Police Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-02-09.
Victim Israel Police Hacked
Leading Edge Specialized Dentistry was named on the Rhysida ransomware data-leak (extortion) site on 2025-02-09.
Victim Leading Edge Specialized Dentistry
wwcsd.net was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-09.
Victim wwcsd.net
G*********7.com was named on the Flocker ransomware data-leak (extortion) site on 2025-02-08.
Victim G*********7.com
M****s.info was named on the Flocker ransomware data-leak (extortion) site on 2025-02-08.
Victim M****s.info
R******e.tw was named on the Flocker ransomware data-leak (extortion) site on 2025-02-08.
Victim R******e.tw
SAKAI SOUKEN Co. was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-08.
Victim SAKAI SOUKEN Co.
Gitlabs: Chalmers tekniska hรถgskola, Fligno, 3SS was named on the FOG ransomware data-leak (extortion) site on 2025-02-07.
Victim Gitlabs: Chalmers tekniska hรถgskola, Fligno, 3SS
sautech.edu was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-07.
Victim sautech.edu
teamues.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-07.
Victim teamues.com
Gitlabs: eConceptions, Top Systems, DIEM was named on the FOG ransomware data-leak (extortion) site on 2025-02-06.
Victim Gitlabs: eConceptions, Top Systems, DIEM
northernresponse.com\$17.4M\Canada\366GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-06.
Victim northernresponse.com\$17.4M\Canada\366GB\<1% DISCLOSED
Robertshaw was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-06.
Victim Robertshaw
savoiesfoods.com\$18.2M\USA\95GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-06.
Victim savoiesfoods.com\$18.2M\USA\95GB\<1% DISCLOSED
SmithDunn&Co was named on the Spacebears ransomware data-leak (extortion) site on 2025-02-06.
Victim SmithDunn&Co
zsattorneys.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-06.
Victim zsattorneys.com
A2b-cargo.com was named on the Flocker ransomware data-leak (extortion) site on 2025-02-05.
Victim A2b-cargo.com
Banfi Vintners was named on the Lynx ransomware data-leak (extortion) site on 2025-02-05.
Victim Banfi Vintners
corehandf.com was named on the Threeam ransomware data-leak (extortion) site on 2025-02-05.
Victim corehandf.com
Dash Business was named on the BianLian ransomware data-leak (extortion) site on 2025-02-05.
Victim Dash Business
Hall Chadwick was named on the BianLian ransomware data-leak (extortion) site on 2025-02-05.
Victim Hall Chadwick
India car owners was named on the Bashe ransomware data-leak (extortion) site on 2025-02-05.
Victim India car owners
Mid-State Machine & Fabricating Corp was named on the Play ransomware data-leak (extortion) site on 2025-02-05.
Victim Mid-State Machine & Fabricating Corp
NESCTC Security Services was named on the BianLian ransomware data-leak (extortion) site on 2025-02-05.
Victim NESCTC Security Services
OFW Law was named on the BianLian ransomware data-leak (extortion) site on 2025-02-05.
Victim OFW Law
Shinsung Delta Tech was named on the Lynx ransomware data-leak (extortion) site on 2025-02-05.
Victim Shinsung Delta Tech
St Clair Orthopaedics and Sports Medicine P.C. was named on the BianLian ransomware data-leak (extortion) site on 2025-02-05.
Victim St Clair Orthopaedics and Sports Medicine P.C.
Toshapp.com was named on the Flocker ransomware data-leak (extortion) site on 2025-02-05.
Victim Toshapp.com
alojaimi.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.
Victim alojaimi.com
C and R Molds Inc was named on the BianLian ransomware data-leak (extortion) site on 2025-02-04.
Victim C and R Molds Inc
C2S Technologies Inc. was named on the Everest ransomware data-leak (extortion) site on 2025-02-04.
Victim C2S Technologies Inc.
capstoneins.ca was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.
Victim capstoneins.ca
Casper's Truck Equipment was named on the Kairos ransomware data-leak (extortion) site on 2025-02-04.
Victim Casper's Truck Equipment
clarkfreightways.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.
Victim clarkfreightways.com
coel.com.mx was named on the Bashe ransomware data-leak (extortion) site on 2025-02-04.
Victim coel.com.mx
Commercial Solutions was named on the BianLian ransomware data-leak (extortion) site on 2025-02-04.
Victim Commercial Solutions
cornwelltools.com\$218.7M\USA\4.6TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-04.
Victim cornwelltools.com\$218.7M\USA\4.6TB\<1% DISCLOSED
escada.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.
Victim escada.com
gaheritagefcu.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.
Victim gaheritagefcu.org
Gitlabs: hemio.de, SOLEIL, Devlion was named on the FOG ransomware data-leak (extortion) site on 2025-02-04.
Victim Gitlabs: hemio.de, SOLEIL, Devlion
heartlandrvs.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.
Victim heartlandrvs.com
ITSS was named on the Everest ransomware data-leak (extortion) site on 2025-02-04.
Victim ITSS
Medical Reports was named on the Kairos ransomware data-leak (extortion) site on 2025-02-04.
Victim Medical Reports
mgainnovation.com\$30.9M\USA\215GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-04.
Victim mgainnovation.com\$30.9M\USA\215GB\<1% DISCLOSED
mistralsolutions.com was named on the Bashe ransomware data-leak (extortion) site on 2025-02-04.
Victim mistralsolutions.com
rashtiandrashti.com\$19.1M\USA\786GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-04.
Victim rashtiandrashti.com\$19.1M\USA\786GB\<1% DISCLOSED
sportadmin.se was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.
Victim sportadmin.se
Town Counsel Law & Litigation was named on the Rhysida ransomware data-leak (extortion) site on 2025-02-04.
Victim Town Counsel Law & Litigation
www.aswgr.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.
Victim www.aswgr.com
www.aymcdonald.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.
Victim www.aymcdonald.com
Daniel Island Club was named on the Play ransomware data-leak (extortion) site on 2025-02-03.
Victim Daniel Island Club
Dickerson & Nieman Realtors was named on the Play ransomware data-leak (extortion) site on 2025-02-03.
Victim Dickerson & Nieman Realtors
DPC Development was named on the Play ransomware data-leak (extortion) site on 2025-02-03.
Victim DPC Development
[EVIDANCE] AIshu, Eshoo was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-02-03.
Victim [EVIDANCE] AIshu, Eshoo
Evidn Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-02-03.
Victim Evidn Data Leak
Gitlabs: Bolin Centre for Climate Research, X-lab group, Madia was named on the FOG ransomware data-leak (extortion) site on 2025-02-03.
Victim Gitlabs: Bolin Centre for Climate Research, X-lab group, Madia
gruppozaccaria.it was named on the LockBit ransomware data-leak (extortion) site on 2025-02-03.
Victim gruppozaccaria.it
Karadeniz Holding (karadenizholding.com) was named on the FOG ransomware data-leak (extortion) site on 2025-02-03.
Victim Karadeniz Holding (karadenizholding.com)
KWS was named on the Play ransomware data-leak (extortion) site on 2025-02-03.
Victim KWS
ome.tv was named on the Bashe ransomware data-leak (extortion) site on 2025-02-03.
Victim ome.tv
Pineland community service board was named on the Spacebears ransomware data-leak (extortion) site on 2025-02-03.
Victim Pineland community service board
Ponte16 Hotel & was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-03.
Victim Ponte16 Hotel &
QGS Development was named on the Play ransomware data-leak (extortion) site on 2025-02-03.
Victim QGS Development
realtaxcanada.com was named on the Bashe ransomware data-leak (extortion) site on 2025-02-03.
Victim realtaxcanada.com
Sheridan Nurseries was named on the Play ransomware data-leak (extortion) site on 2025-02-03.
Victim Sheridan Nurseries
smithmidland.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-03.
Victim smithmidland.com
The Hill Brush was named on the Play ransomware data-leak (extortion) site on 2025-02-03.
Victim The Hill Brush
Woodway USA was named on the Play ransomware data-leak (extortion) site on 2025-02-03.
Victim Woodway USA
www.origene.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-03.
Victim www.origene.com
www.wongfleming.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-03.
Victim www.wongfleming.com
Ayres Law Firm was named on the BianLian ransomware data-leak (extortion) site on 2025-02-02.
Victim Ayres Law Firm
Civic Committee was named on the BianLian ransomware data-leak (extortion) site on 2025-02-02.
Victim Civic Committee
Four Eye Clinics was named on the Abyss ransomware data-leak (extortion) site on 2025-02-02.
Victim Four Eye Clinics
Growth Acceleration Partners was named on the BianLian ransomware data-leak (extortion) site on 2025-02-02.
Victim Growth Acceleration Partners
jpcgroupinc.com was named on the Abyss ransomware data-leak (extortion) site on 2025-02-02.
Victim jpcgroupinc.com
Tosaf Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-02-02.
Victim Tosaf Hacked
usuhs.edu was named on the LockBit ransomware data-leak (extortion) site on 2025-02-02.
Victim usuhs.edu
CAMRIDGEPORT was named on the Spacebears ransomware data-leak (extortion) site on 2025-02-01.
Victim CAMRIDGEPORT
Eascon was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-02-01.
Victim Eascon
Falcon Gaming was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-02-01.
Victim Falcon Gaming
GATTELLI SpA was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-02-01.
Victim GATTELLI SpA
Gitlabs: PT. ITPRENEUR INDONESIA TECHNOLOGY, GFZ Helmholtz Centre for Geosciences, LUA Cof was named on the FOG ransomware data-leak (extortion) site on 2025-02-01.
Victim Gitlabs: PT. ITPRENEUR INDONESIA TECHNOLOGY, GFZ Helmholtz Centre for Geosciences, LUA Cof
My New Jersey Dentist was named on the Rhysida ransomware data-leak (extortion) site on 2025-02-01.
Victim My New Jersey Dentist
Nano Health was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-01.
Victim Nano Health
Technico was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-02-01.
Victim Technico
Utilissimo Transportes was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-02-01.
Victim Utilissimo Transportes
Wireless Solutions (Morris.Domain) was named on the Lynx ransomware data-leak (extortion) site on 2025-02-01.
Victim Wireless Solutions (Morris.Domain)
Zamzow's was named on the Lynx ransomware data-leak (extortion) site on 2025-02-01.
Victim Zamzow's
A**-****o.com was named on the Flocker ransomware data-leak (extortion) site on 2025-01-31.
Victim A**-****o.com
BH Aircraft Company, Inc. was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-31.
Victim BH Aircraft Company, Inc.
Pembina Trails School Division was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-31.
Victim Pembina Trails School Division
T*****p.com was named on the Flocker ransomware data-leak (extortion) site on 2025-01-31.
Victim T*****p.com
Engine Power Source was named on the Lynx ransomware data-leak (extortion) site on 2025-01-30.
Victim Engine Power Source
FENSTERMAKER was named on the Monti ransomware data-leak (extortion) site on 2025-01-30.
Victim FENSTERMAKER
Gitlabs: Prasaga, HE2B, Kombinat was named on the FOG ransomware data-leak (extortion) site on 2025-01-30.
Victim Gitlabs: Prasaga, HE2B, Kombinat
Gitlabs: Professional Computer, X-Pans, Propulsion Academy AG was named on the FOG ransomware data-leak (extortion) site on 2025-01-30.
Victim Gitlabs: Professional Computer, X-Pans, Propulsion Academy AG
ibericar was named on the Monti ransomware data-leak (extortion) site on 2025-01-30.
Victim ibericar
icicibank.com | SOLD was named on the Bashe ransomware data-leak (extortion) site on 2025-01-30.
Victim icicibank.com | SOLD
Jalaram Produce was named on the Lynx ransomware data-leak (extortion) site on 2025-01-30.
Victim Jalaram Produce
jayaapparelgroup.com\$60.6M\USA\824GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-30.
Victim jayaapparelgroup.com\$60.6M\USA\824GB\<1% DISCLOSED
johnpaulrichard.com\$60M\USA\985GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-30.
Victim johnpaulrichard.com\$60M\USA\985GB\<1% DISCLOSED
KPI Engineering was named on the Lynx ransomware data-leak (extortion) site on 2025-01-30.
Victim KPI Engineering
malindoair.com | SOLD was named on the Bashe ransomware data-leak (extortion) site on 2025-01-30.
Victim malindoair.com | SOLD
nenok.de was named on the Monti ransomware data-leak (extortion) site on 2025-01-30.
Victim nenok.de
Night Hawk was named on the Play ransomware data-leak (extortion) site on 2025-01-30.
Victim Night Hawk
payahmedabadechallan.org was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-30.
Victim payahmedabadechallan.org
Scott Engineering was named on the Lynx ransomware data-leak (extortion) site on 2025-01-30.
Victim Scott Engineering
Silverado Contractors was named on the Lynx ransomware data-leak (extortion) site on 2025-01-30.
Victim Silverado Contractors
soitinlaine.fi was named on the Threeam ransomware data-leak (extortion) site on 2025-01-30.
Victim soitinlaine.fi
sunrise-soya.com\$42.2M\Canada\504GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-30.
Victim sunrise-soya.com\$42.2M\Canada\504GB\<1% DISCLOSED
Tri-Sen Systems was named on the Lynx ransomware data-leak (extortion) site on 2025-01-30.
Victim Tri-Sen Systems
ttucorp.com\$27.6M\USA\1TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-30.
Victim ttucorp.com\$27.6M\USA\1TB\<1% DISCLOSED
vsstransportationgroup.com\$54.5M\USA\522GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-30.
Victim vsstransportationgroup.com\$54.5M\USA\522GB\<1% DISCLOSED
Zschimmer and Schwarz was named on the Termite ransomware data-leak (extortion) site on 2025-01-30.
Victim Zschimmer and Schwarz
air europa was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.
Victim air europa
alkodistributors.com\$33.5M\USA\345GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-29.
Victim alkodistributors.com\$33.5M\USA\345GB\<1% DISCLOSED
biagibros.com\$273M\USA\820GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-29.
Victim biagibros.com\$273M\USA\820GB\<1% DISCLOSED
Boldon James was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.
Victim Boldon James
Boutin Jones (boutindentino.com) was named on the FOG ransomware data-leak (extortion) site on 2025-01-29.
Victim Boutin Jones (boutindentino.com)
By design was named on the Play ransomware data-leak (extortion) site on 2025-01-29.
Victim By design
Cahoon Farms was named on the Play ransomware data-leak (extortion) site on 2025-01-29.
Victim Cahoon Farms
Cimarron Telephone Company was named on the Play ransomware data-leak (extortion) site on 2025-01-29.
Victim Cimarron Telephone Company
City Of Beloit was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.
Victim City Of Beloit
Commercial & Residential Management Group was named on the Play ransomware data-leak (extortion) site on 2025-01-29.
Victim Commercial & Residential Management Group
daVinci was named on the Play ransomware data-leak (extortion) site on 2025-01-29.
Victim daVinci
DEL Packaging was named on the Kairos ransomware data-leak (extortion) site on 2025-01-29.
Victim DEL Packaging
Delta Screen & Filtration () was named on the Lynx ransomware data-leak (extortion) site on 2025-01-29.
Victim Delta Screen & Filtration ()
Heart to Heart Hospice was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.
Victim Heart to Heart Hospice
Israel Ministry of National Security Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-01-29.
Victim Israel Ministry of National Security Hacked
Johnston was named on the Play ransomware data-leak (extortion) site on 2025-01-29.
Victim Johnston
Marshall & Bruce Printing was named on the Play ransomware data-leak (extortion) site on 2025-01-29.
Victim Marshall & Bruce Printing
Menominee Tribal Clinic was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.
Victim Menominee Tribal Clinic
midwaymetals.com.vn was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-29.
Victim midwaymetals.com.vn
Mission Locale Montpellier was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.
Victim Mission Locale Montpellier
Plymouth Foam was named on the Play ransomware data-leak (extortion) site on 2025-01-29.
Victim Plymouth Foam
Rossi Real Estate (ROSSIDG.LOCAL) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-29.
Victim Rossi Real Estate (ROSSIDG.LOCAL)
SCV Med Group was named on the Monti ransomware data-leak (extortion) site on 2025-01-29.
Victim SCV Med Group
Strategic Materials was named on the Lynx ransomware data-leak (extortion) site on 2025-01-29.
Victim Strategic Materials
The Wendt Agency was named on the Lynx ransomware data-leak (extortion) site on 2025-01-29.
Victim The Wendt Agency
tnlottery.com was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.
Victim tnlottery.com
TRIVAD was named on the Play ransomware data-leak (extortion) site on 2025-01-29.
Victim TRIVAD
Turning Leaf (TURNINGLEAF.local) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.
Victim Turning Leaf (TURNINGLEAF.local)
W*****e.com was named on the Flocker ransomware data-leak (extortion) site on 2025-01-29.
Victim W*****e.com
Wallin & Klarich was named on the Play ransomware data-leak (extortion) site on 2025-01-29.
Victim Wallin & Klarich
Acoustiblok was named on the Monti ransomware data-leak (extortion) site on 2025-01-28.
Victim Acoustiblok
BBLAWFIRM was named on the Monti ransomware data-leak (extortion) site on 2025-01-28.
Victim BBLAWFIRM
broward.edu was named on the Incransom ransomware data-leak (extortion) site on 2025-01-28.
Victim broward.edu
Carthage Police Department was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-28.
Victim Carthage Police Department
cnnindonesia.com was named on the Incransom ransomware data-leak (extortion) site on 2025-01-28.
Victim cnnindonesia.com
lnetwork was named on the Monti ransomware data-leak (extortion) site on 2025-01-28.
Victim lnetwork
metalurgica roma was named on the Monti ransomware data-leak (extortion) site on 2025-01-28.
Victim metalurgica roma
sce.org.sg was named on the Lynx ransomware data-leak (extortion) site on 2025-01-28.
Victim sce.org.sg
www.healthcarewithinreach.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-28.
Victim www.healthcarewithinreach.org
AIshu, Eshoo was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-01-27.
Victim AIshu, Eshoo
Alo Center (hq.aloteknik.se) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-27.
Victim Alo Center (hq.aloteknik.se)
https://leehartman.com was named on the Metaencryptor ransomware data-leak (extortion) site on 2025-01-27.
Victim https://leehartman.com
International AIDS Vaccine Initiative (iavi.org) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-27.
Victim International AIDS Vaccine Initiative (iavi.org)
lhps.org was named on the Incransom ransomware data-leak (extortion) site on 2025-01-27.
Victim lhps.org
Prinston Pharmaceutical (huahaius.com) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-27.
Victim Prinston Pharmaceutical (huahaius.com)
Weeks, Brucker & Coleman, Ltd | Legal Services was named on the Everest ransomware data-leak (extortion) site on 2025-01-27.
Victim Weeks, Brucker & Coleman, Ltd | Legal Services
Letโs Secure Insurance was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-26.
Victim Letโs Secure Insurance
Metro Wire & Cable was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-26.
Victim Metro Wire & Cable
DataSociete was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-25.
Victim DataSociete
envirosep.com was named on the Abyss ransomware data-leak (extortion) site on 2025-01-25.
Victim envirosep.com
Keepz was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-25.
Victim Keepz
Arrow Motor Auctions was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-24.
Victim Arrow Motor Auctions
De La Salle High School (dlshs.org) was named on the FOG ransomware data-leak (extortion) site on 2025-01-24.
Victim De La Salle High School (dlshs.org)
ELTEK Group (eltekgroup.com) was named on the FOG ransomware data-leak (extortion) site on 2025-01-24.
Victim ELTEK Group (eltekgroup.com)
icicibank.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-24.
Victim icicibank.com
Kooijman Vianen (kooijmanvianen.nl) was named on the FOG ransomware data-leak (extortion) site on 2025-01-24.
Victim Kooijman Vianen (kooijmanvianen.nl)
ORU Mabee Center was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-24.
Victim ORU Mabee Center
PrimoTicketing was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-24.
Victim PrimoTicketing
Punjab.gov.pk was named on the Flocker ransomware data-leak (extortion) site on 2025-01-24.
Victim Punjab.gov.pk
topackt.com was named on the LockBit ransomware data-leak (extortion) site on 2025-01-24.
Victim topackt.com
www.pcm.com.mx was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-24.
Victim www.pcm.com.mx
archaeologicalresearchservices.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-23.
Victim archaeologicalresearchservices.com
Cyrious Software was named on the BianLian ransomware data-leak (extortion) site on 2025-01-23.
Victim Cyrious Software
Medical Associates of Brevard was named on the BianLian ransomware data-leak (extortion) site on 2025-01-23.
Victim Medical Associates of Brevard
PINELAND BHDD COMMUNITY SERVICES was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-23.
Victim PINELAND BHDD COMMUNITY SERVICES
reesndt.ca was named on the Eldorado ransomware data-leak (extortion) site on 2025-01-23.
Victim reesndt.ca
samsill.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-23.
Victim samsill.com
starkaerospace.com was named on the Incransom ransomware data-leak (extortion) site on 2025-01-23.
Victim starkaerospace.com
www.missionbank.bank was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-23.
Victim www.missionbank.bank
Christian Community Aid was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-22.
Victim Christian Community Aid
Gossett Motor Cars was named on the Lynx ransomware data-leak (extortion) site on 2025-01-22.
Victim Gossett Motor Cars
ilemgroup.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-22.
Victim ilemgroup.com
Jacobs & Thompson was named on the Lynx ransomware data-leak (extortion) site on 2025-01-22.
Victim Jacobs & Thompson
Mintz Law Firm, LLC was named on the Lynx ransomware data-leak (extortion) site on 2025-01-22.
Victim Mintz Law Firm, LLC
Omni Fiber LLC - Press Release was named on the Monti ransomware data-leak (extortion) site on 2025-01-22.
Victim Omni Fiber LLC - Press Release
SANTA MARIA LABORATORIO was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-22.
Victim SANTA MARIA LABORATORIO
sdkgroup.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-22.
Victim sdkgroup.com
www.americanstandard-us.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-22.
Victim www.americanstandard-us.com
www.grohe.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-22.
Victim www.grohe.com
www.manpower.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-22.
Victim www.manpower.com
www.reesndt.com was named on the Eldorado ransomware data-leak (extortion) site on 2025-01-22.
Victim www.reesndt.com
Bethany Hospital was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-21.
Victim Bethany Hospital
boardman-hamilton.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-21.
Victim boardman-hamilton.com
FAAB Invest Advisors Private Limited was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-21.
Victim FAAB Invest Advisors Private Limited
Inaya Clinique was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-21.
Victim Inaya Clinique
malindoair.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-21.
Victim malindoair.com
Marukai was named on the Lynx ransomware data-leak (extortion) site on 2025-01-21.
Victim Marukai
miedemaproduce.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-21.
Victim miedemaproduce.com
Nimbus Facility Services was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-21.
Victim Nimbus Facility Services
precisionmechsd.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-21.
Victim precisionmechsd.com
RETAL Baltic Films was named on the Incransom ransomware data-leak (extortion) site on 2025-01-21.
Victim RETAL Baltic Films
Solaris-pharma.com leakage was named on the Everest ransomware data-leak (extortion) site on 2025-01-21.
Victim Solaris-pharma.com leakage
supremegroup.co.in was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-21.
Victim supremegroup.co.in
whychoosebw.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-21.
Victim whychoosebw.com
Angotti & Reilly was named on the Lynx ransomware data-leak (extortion) site on 2025-01-20.
Victim Angotti & Reilly
Clutch Industries was named on the Lynx ransomware data-leak (extortion) site on 2025-01-20.
Victim Clutch Industries
fol-23.fr was named on the Bashe ransomware data-leak (extortion) site on 2025-01-20.
Victim fol-23.fr
Kinseth Hospitality Companies was named on the Lynx ransomware data-leak (extortion) site on 2025-01-20.
Victim Kinseth Hospitality Companies
P****b.gov.pk was named on the Flocker ransomware data-leak (extortion) site on 2025-01-20.
Victim P****b.gov.pk
PetroVietnam Exploration Production Corporation was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-20.
Victim PetroVietnam Exploration Production Corporation
Sentinel Systems was named on the Lynx ransomware data-leak (extortion) site on 2025-01-20.
Victim Sentinel Systems
The Urswick School was named on the Kairos ransomware data-leak (extortion) site on 2025-01-20.
Victim The Urswick School
Zuk Group Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-01-20.
Victim Zuk Group Hacked
TG3 Electronics was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-19.
Victim TG3 Electronics
Kassin & Carrow was named on the Lynx ransomware data-leak (extortion) site on 2025-01-18.
Victim Kassin & Carrow
Marina Family Medical was named on the Moneymessage ransomware data-leak (extortion) site on 2025-01-18.
Victim Marina Family Medical
MassDevelopment was named on the BianLian ransomware data-leak (extortion) site on 2025-01-18.
Victim MassDevelopment
betclic.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-17.
Victim betclic.com
Kilgore College (kilgore.edu) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-17.
Victim Kilgore College (kilgore.edu)
Nightingale Hammerson was named on the Kairos ransomware data-leak (extortion) site on 2025-01-17.
Victim Nightingale Hammerson
peponline.org was named on the Incransom ransomware data-leak (extortion) site on 2025-01-17.
Victim peponline.org
Regina Coeli Convent was named on the Incransom ransomware data-leak (extortion) site on 2025-01-17.
Victim Regina Coeli Convent
Taylor Regional Hospital (thcg.local) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-17.
Victim Taylor Regional Hospital (thcg.local)
Washington Gastroenterology (DHSWA.NET) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-17.
Victim Washington Gastroenterology (DHSWA.NET)
Access Capital Partners SA was named on the Lynx ransomware data-leak (extortion) site on 2025-01-16.
Victim Access Capital Partners SA
anupalanonline.com was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-16.
Victim anupalanonline.com
bsegroup.it was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-16.
Victim bsegroup.it
Fish Nelson and Holden was named on the BianLian ransomware data-leak (extortion) site on 2025-01-16.
Victim Fish Nelson and Holden
Real Tax was named on the Kairos ransomware data-leak (extortion) site on 2025-01-16.
Victim Real Tax
Solaris Pharma proof was named on the Everest ransomware data-leak (extortion) site on 2025-01-16.
Victim Solaris Pharma proof
The Hoff Brand SL was named on the Everest ransomware data-leak (extortion) site on 2025-01-16.
Victim The Hoff Brand SL
Volt Infrastructure was named on the Everest ransomware data-leak (extortion) site on 2025-01-16.
Victim Volt Infrastructure
Woodlake was named on the Everest ransomware data-leak (extortion) site on 2025-01-16.
Victim Woodlake
www.liteputer.com.tw was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-16.
Victim www.liteputer.com.tw
www.solariumrevestimentos.com.br was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-16.
Victim www.solariumrevestimentos.com.br
A*****Y.com was named on the Flocker ransomware data-leak (extortion) site on 2025-01-15.
Victim A*****Y.com
AKConstructors.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-15.
Victim AKConstructors.com
anwsd.org was named on the Threeam ransomware data-leak (extortion) site on 2025-01-15.
Victim anwsd.org
Combined Pool and Spa was named on the Kairos ransomware data-leak (extortion) site on 2025-01-15.
Victim Combined Pool and Spa
communisis.com & paragon.world was named on the Lynx ransomware data-leak (extortion) site on 2025-01-15.
Victim communisis.com & paragon.world
fplfood.com\$675M\USA\21GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-15.
Victim fplfood.com\$675M\USA\21GB\<1% DISCLOSED
FSOCIETY X FUNKSEC was named on the Flocker ransomware data-leak (extortion) site on 2025-01-15.
Victim FSOCIETY X FUNKSEC
J.G. Electrical Installations was named on the Kairos ransomware data-leak (extortion) site on 2025-01-15.
Victim J.G. Electrical Installations
Lowe Engineers was named on the Lynx ransomware data-leak (extortion) site on 2025-01-15.
Victim Lowe Engineers
optiline.com\$127.3M\USA\947GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-15.
Victim optiline.com\$127.3M\USA\947GB\<1% DISCLOSED
pnp.co.za was named on the Bashe ransomware data-leak (extortion) site on 2025-01-15.
Victim pnp.co.za
Woodport Doors was named on the Lynx ransomware data-leak (extortion) site on 2025-01-15.
Victim Woodport Doors
www.eurocert.pl was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-15.
Victim www.eurocert.pl
Buttery (butterycompany.com) was named on the FOG ransomware data-leak (extortion) site on 2025-01-14.
Victim Buttery (butterycompany.com)
Douglas County, GA (DDCWSA.COM) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-14.
Victim Douglas County, GA (DDCWSA.COM)
Farmacia Cofar was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-14.
Victim Farmacia Cofar
Intelservice.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-14.
Victim Intelservice.com
pittman-construction.com was named on the LockBit ransomware data-leak (extortion) site on 2025-01-14.
Victim pittman-construction.com
QualiTech (qualitech.com) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-14.
Victim QualiTech (qualitech.com)
SciTech Services, Inc. was named on the FOG ransomware data-leak (extortion) site on 2025-01-14.
Victim SciTech Services, Inc.
Sharm Reef Hotel was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-14.
Victim Sharm Reef Hotel
Solaris Pharma was named on the Everest ransomware data-leak (extortion) site on 2025-01-14.
Victim Solaris Pharma
Spectrum was named on the Incransom ransomware data-leak (extortion) site on 2025-01-14.
Victim Spectrum
The Chicano Federation was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-14.
Victim The Chicano Federation
The University of Oklahoma (ou.edu) was named on the FOG ransomware data-leak (extortion) site on 2025-01-14.
Victim The University of Oklahoma (ou.edu)
udb.net was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-14.
Victim udb.net
WPD.WOODPORTDOORS.COM was named on the Lynx ransomware data-leak (extortion) site on 2025-01-14.
Victim WPD.WOODPORTDOORS.COM
adveo.com\$740.7M\France\1.1TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-13.
Victim adveo.com\$740.7M\France\1.1TB\100% DISCLOSED
atpformosa.gob.ar was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.
Victim atpformosa.gob.ar
Biomedical Caledonia Medical Laboratory (calmedlab.local) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-13.
Victim Biomedical Caledonia Medical Laboratory (calmedlab.local)
Browdy (bl.local) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-13.
Victim Browdy (bl.local)
candelasyasociados.es was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.
Victim candelasyasociados.es
Conad (conad.lan) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-13.
Victim Conad (conad.lan)
Delap & Waller was named on the Lynx ransomware data-leak (extortion) site on 2025-01-13.
Victim Delap & Waller
Findhelp Information Services was named on the Incransom ransomware data-leak (extortion) site on 2025-01-13.
Victim Findhelp Information Services
gelco-s-a.com.br was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.
Victim gelco-s-a.com.br
healthcarewithinreach.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-13.
Victim healthcarewithinreach.org
Imperial Valley Respite (ivrespite.com) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-13.
Victim Imperial Valley Respite (ivrespite.com)
lamejor.com.co was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.
Victim lamejor.com.co
mi.edu was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-13.
Victim mi.edu
Nash Brothers Construction (nashdom.local) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-13.
Victim Nash Brothers Construction (nashdom.local)
nicatel.com.uy was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.
Victim nicatel.com.uy
Novati Constructions was named on the Lynx ransomware data-leak (extortion) site on 2025-01-13.
Victim Novati Constructions
Onecare was named on the Incransom ransomware data-leak (extortion) site on 2025-01-13.
Victim Onecare
oyolasvegas.com was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.
Victim oyolasvegas.com
PHG CPAs (bushman.biz) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-13.
Victim PHG CPAs (bushman.biz)
Riverina Medical was named on the Incransom ransomware data-leak (extortion) site on 2025-01-13.
Victim Riverina Medical
SERGAS Group was named on the Lynx ransomware data-leak (extortion) site on 2025-01-13.
Victim SERGAS Group
telering.de was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.
Victim telering.de
viacaojacarei.com.br was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.
Victim viacaojacarei.com.br
Welcomehallmission.com was named on the Everest ransomware data-leak (extortion) site on 2025-01-13.
Victim Welcomehallmission.com
Arun Estates was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.
Victim Arun Estates
Astaphans was named on the Lynx ransomware data-leak (extortion) site on 2025-01-11.
Victim Astaphans
Avril Supermarchรฉ Santรฉ was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.
Victim Avril Supermarchรฉ Santรฉ
Barber Specialties was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-11.
Victim Barber Specialties
Bnext.nl was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.
Victim Bnext.nl
Brachot was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.
Victim Brachot
COROB was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-11.
Victim COROB
Costex was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-11.
Victim Costex
Granby Industries was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.
Victim Granby Industries
Jim Thompson was named on the Lynx ransomware data-leak (extortion) site on 2025-01-11.
Victim Jim Thompson
Mortgage Investors Group (MIG) was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.
Victim Mortgage Investors Group (MIG)
Patriarche Office of Architecture was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-11.
Victim Patriarche Office of Architecture
Plasma-Therm was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.
Victim Plasma-Therm
RocSearch was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-11.
Victim RocSearch
Schuff Steel Company was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.
Victim Schuff Steel Company
T. Hasegawa USA was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-11.
Victim T. Hasegawa USA
Unisource Information Services was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-11.
Victim Unisource Information Services
amerplumb.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-10.
Victim amerplumb.com
Evidn was named on the Everest ransomware data-leak (extortion) site on 2025-01-10.
Victim Evidn
massdevelopment.com\$24.6M\USA\1.2TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-10.
Victim massdevelopment.com\$24.6M\USA\1.2TB\100% DISCLOSED
OmniRide (omniride.com) was named on the FOG ransomware data-leak (extortion) site on 2025-01-10.
Victim OmniRide (omniride.com)
Protected: Title Hidden was named on the Everest ransomware data-leak (extortion) site on 2025-01-10.
Victim Protected: Title Hidden
ptcky.com\$5M\USA\902GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-10.
Victim ptcky.com\$5M\USA\902GB\100% DISCLOSED
Qualinet was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-10.
Victim Qualinet
www.wisesocon.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-10.
Victim www.wisesocon.com
xtremmedia.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-10.
Victim xtremmedia.com
alansarioman.com was named on the Embargo ransomware data-leak (extortion) site on 2025-01-09.
Victim alansarioman.com
awimc.com\$102.7M\USA\440GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-09.
Victim awimc.com\$102.7M\USA\440GB\100% DISCLOSED
azpay.me | SOLD was named on the Bashe ransomware data-leak (extortion) site on 2025-01-09.
Victim azpay.me | SOLD
castlehillha.co.uk was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.
Victim castlehillha.co.uk
CO-VER Power Technology SpA Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-01-09.
Victim CO-VER Power Technology SpA Data Leak
depewgillen.com was named on the Incransom ransomware data-leak (extortion) site on 2025-01-09.
Victim depewgillen.com
drive-lines.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.
Victim drive-lines.com
evasair.com was named on the Eldorado ransomware data-leak (extortion) site on 2025-01-09.
Victim evasair.com
Fukoku Co. Ltd. was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-09.
Victim Fukoku Co. Ltd.
hapsch.de was named on the Threeam ransomware data-leak (extortion) site on 2025-01-09.
Victim hapsch.de
Izmocars Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-01-09.
Victim Izmocars Data Leak
Myhealthcarebilling Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-01-09.
Victim Myhealthcarebilling Data Leak
Sarah Car Care Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-01-09.
Victim Sarah Car Care Data Leak
www.excelresourcing.co.uk was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.
Victim www.excelresourcing.co.uk
www.fairhallzhang.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.
Victim www.fairhallzhang.com
www.leaguecenter.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.
Victim www.leaguecenter.org
www.mie.com.my was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.
Victim www.mie.com.my
www.primalwear.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.
Victim www.primalwear.com
www.rotaryeng.co.th was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.
Victim www.rotaryeng.co.th
www.temotekstil.com.tr was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.
Victim www.temotekstil.com.tr
acquafertil.com.br was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-08.
Victim acquafertil.com.br
bendixengineering was named on the Ransomblog_noname ransomware data-leak (extortion) site on 2025-01-08.
Victim bendixengineering
fwmep.edu was named on the Incransom ransomware data-leak (extortion) site on 2025-01-08.
Victim fwmep.edu
General Digital was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-08.
Victim General Digital
General Digital CRM was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-08.
Victim General Digital CRM
Huntington Hotel Group was named on the Termite ransomware data-leak (extortion) site on 2025-01-08.
Victim Huntington Hotel Group
kingpower.com was named on the Abyss ransomware data-leak (extortion) site on 2025-01-08.
Victim kingpower.com
sahpetrol.com.tr was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-08.
Victim sahpetrol.com.tr
astaphans.com was named on the Lynx ransomware data-leak (extortion) site on 2025-01-07.
Victim astaphans.com
jimthompson.com was named on the Lynx ransomware data-leak (extortion) site on 2025-01-07.
Victim jimthompson.com
Saint-Bar (saintbar.be) was named on the FOG ransomware data-leak (extortion) site on 2025-01-07.
Victim Saint-Bar (saintbar.be)
Sunflower Medical Group was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-07.
Victim Sunflower Medical Group
u0 Excel Transportation was named on the Lynx ransomware data-leak (extortion) site on 2025-01-07.
Victim u0 Excel Transportation
molars.co.ke was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-06.
Victim molars.co.ke
yoniot.cn was named on the Darkvault ransomware data-leak (extortion) site on 2025-01-06.
Victim yoniot.cn
akantha.fr was named on the Eldorado ransomware data-leak (extortion) site on 2025-01-05.
Victim akantha.fr
Car Care Plan - Turkey was named on the Hellcat ransomware data-leak (extortion) site on 2025-01-05.
Victim Car Care Plan - Turkey
Hunter Taubman Fischer & Li was named on the Lynx ransomware data-leak (extortion) site on 2025-01-05.
Victim Hunter Taubman Fischer & Li
aliorbank.pl was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim aliorbank.pl
assurified.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim assurified.com
baldinger-ag.ch was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim baldinger-ag.ch
bigalsfoodservice.co.uk was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim bigalsfoodservice.co.uk
bms.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim bms.com
certifiedinfosec.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim certifiedinfosec.com
credio.eu was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim credio.eu
datascan.com was named on the Eldorado ransomware data-leak (extortion) site on 2025-01-04.
Victim datascan.com
fpj.com.py PART1 was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim fpj.com.py PART1
fpj.com.py PART2 was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim fpj.com.py PART2
fpj.com.py PART3 was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim fpj.com.py PART3
gannons.co.uk was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim gannons.co.uk
hasa-arg.com was named on the Eldorado ransomware data-leak (extortion) site on 2025-01-04.
Victim hasa-arg.com
lamaisonducitron.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim lamaisonducitron.com
legilog.fr was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim legilog.fr
minerasancristobal.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim minerasancristobal.com
Montreal North was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-04.
Victim Montreal North
netromsoftware.ro was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim netromsoftware.ro
northernsafety.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim northernsafety.com
perucontrols.com was named on the Eldorado ransomware data-leak (extortion) site on 2025-01-04.
Victim perucontrols.com
pindrophearing.co.uk was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim pindrophearing.co.uk
polleninformation.at was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim polleninformation.at
prixet.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim prixet.com
protectasecurity.pe was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim protectasecurity.pe
sansirostadium.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim sansirostadium.com
scopeset.de was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim scopeset.de
sella.eng.br was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim sella.eng.br
servicepower.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim servicepower.com
sfr.fr was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim sfr.fr
siapenet.gov.br was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim siapenet.gov.br
talonsolutions.co.uk was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim talonsolutions.co.uk
trifecta.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim trifecta.com
trinitesolutions.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
Victim trinitesolutions.com
Amourgis & Associates was named on the Lynx ransomware data-leak (extortion) site on 2025-01-03.
Victim Amourgis & Associates
Nikki-Universal Co Ltd was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-03.
Victim Nikki-Universal Co Ltd
www.alliancemat.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-03.
Victim www.alliancemat.com
www.geedingconstruction.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-03.
Victim www.geedingconstruction.com
confluxhr.com was named on the Darkvault ransomware data-leak (extortion) site on 2025-01-02.
Victim confluxhr.com
groupegm.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-02.
Victim groupegm.com
CM Buck & Associates was named on the Lynx ransomware data-leak (extortion) site on 2025-01-01.
Victim CM Buck & Associates
http://www.kitevuc.com was named on the Ciphbit ransomware data-leak (extortion) site on 2025-01-01.
Victim http://www.kitevuc.com
lianbeng.sg was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-01.
Victim lianbeng.sg
regencymedia was named on the LockBit ransomware data-leak (extortion) site on 2025-01-01.
Victim regencymedia
On 31 December 2024, the DragonForce ransomware gang listed Cogitis โ a French inter-municipal IT syndicate serving local authorities โ on its leak site, claiming around 81 GB of exfiltrated data including internal files and personal data tied to the public bodies it supports.
Victim Cogitis
On 28 December 2024, the Space Bears ransomware group claimed to have compromised an Atos database; the French IT giant investigated and concluded its own systems were not breached, attributing the leaked Atos-related data to a compromised external third-party infrastructure.
Victim Atos
A ransomware attack disclosed in late December 2024 crippled Arsoรฉ de Soual, the agricultural IT provider hosting livestock-management software for ~30,000 farmers across some 22 French departments; systems were encrypted and a ransom demanded, with no data exfiltration detected.
Victim Arsoรฉ
In December 2024, the ransomware-as-a-service group Cicada 3301 claimed to have stolen 40 GB of data from Peugeot dealerships (mainly in Lot-et-Garonne, France), including customer ID documents, VINs and vehicle inventory data, threatening to publish it by 6 January 2025.
Victim Peugeot
The Lynx ransomware gang breached Electrica Group, one of Romania's largest electricity suppliers serving 3.8 million users, disrupting customer-facing services while SCADA and other critical grid systems were isolated and kept running.
Victim Electrica Group
On 4 December 2024, the Brain Cipher ransomware group publicly claimed to have stolen over 1 TB of data from Deloitte UK; Deloitte said the allegations related to a single client's system outside its own network and that no Deloitte systems were impacted.
Victim Deloitte
RansomHub ransomware forced Costa Rica's state oil refiner RECOPE to switch its entire fuel-distribution network to manual operations, triggering the first real-world deployment of the U.S. State Department's FALCON cyber-response program.
Victim Refinadora Costarricense de Petrรณleo (RECOPE)
In November 2024, the Chambres d'agriculture d'Occitanie โ France's regional public chambers of agriculture โ were hit by a malware/ransomware-type cyberattack that spread across their interconnected national network and rendered the workstations of roughly 1,000 regional staff unusable.
Victim Chambres d'agriculture
RansomHub gained access to Halliburton's systems, prompting the oil-services giant to take infrastructure offline. The incident delayed invoicing and purchase orders, and Halliburton booked a $35 million loss in its SEC filings.
Victim Halliburton
Loss $35.0M
The Brain Cipher ransomware group encrypted Indonesia's Temporary National Data Centre (PDNS 2), disrupting 282 government services across more than 200 agencies and demanding an $8 million ransom the government refused to pay.
Victim Pusat Data Nasional Sementara (PDNS 2)
BlackSuit operators encrypted CDK Global's dealer-management platform, knocking ~15,000 North American car dealerships offline for nearly two weeks. A second attack hit on day two of recovery. Industry losses estimated at over $1 billion; CDK reportedly paid a $25 million ransom.
Victim CDK Global
Loss $1.00B
Phishing access let BlackSuit (Russian-linked) encrypt KADOKAWA's infrastructure and the Niconico video-sharing platform, taking services offline for two months. KADOKAWA paid ~$2.9M in cryptocurrency โ and BlackSuit leaked the stolen 1.5 TB anyway.
Victim KADOKAWA Corporation
Loss $2.9M
Records 254.2K
A ransomware attack on Australian e-prescription provider MediSecure exposed the personal and health data of roughly 12.9 million Australians โ one of the country's largest breaches โ and pushed the company into administration and liquidation.
Victim MediSecure
Records 12.9M
Black Basta ransomware crippled Ascension, one of the largest U.S. health systems, after an employee downloaded a malicious file. The attack forced 140 hospitals onto manual operations for weeks, diverted ambulances, and ultimately exposed the data of nearly 5.6 million patients.
Victim Ascension
Loss $1.80B
Records 5.6M
ALPHV/BlackCat compromised Change Healthcare via Citrix portal lacking MFA, paralyzed U.S. prescription claims for weeks, and exfiltrated data on an estimated 100 million people.
Victim Change Healthcare (UnitedHealth Group)
Loss $2.87B
Records 100.0M
A Backmydata (Phobos-family) ransomware attack on the shared Hipocrate hospital information system encrypted data at 25 Romanian hospitals and forced about 75 more offline, pushing more than 100 facilities back to paper records.
Victim Romanian hospitals (Hipocrate HIS / Romanian Soft Company)
Cactus ransomware operators hit Schneider Electric's Sustainability Business division, taking the Resource Advisor consulting platform offline and exfiltrating approximately 1.5 TB of data โ including passport scans and signed NDAs from customers like Hilton, PepsiCo, and Walmart.
Victim Schneider Electric โ Sustainability Business division
LockBit 3.0 encrypted the data centres of Italian cloud provider Westpole, taking down PA Digitale's Urbi platform โ which serves 1,300 Italian public administrations including 540 municipalities, the Quirinale presidency, ISTAT, the Bank of Italy, and the Ministry of Environment. Payroll, citizen services, and local-government workflows were degraded for weeks.
Victim Westpole / PA Digitale (Urbi platform)
The RA World ransomware gang breached Poland's nationwide ALAB Laboratoria medical-lab network, stealing patient test results and PESEL identity numbers. ALAB refused to pay, and the criminals published sensitive medical data on tens of thousands of patients in what became Poland's largest medical data breach.
Victim ALAB Laboratoria
Records 50.0K
LockBit ransomware disrupted the U.S. broker-dealer arm of the world's largest bank, ICBC, jamming settlement of over $9 billion in U.S. Treasury trades. Bank staff sent critical settlement details by USB stick via a messenger across Manhattan. $62 billion of Treasuries failed to deliver in one day.
Victim ICBC Financial Services (U.S. broker-dealer of Industrial and Commercial Bank of China)
Loss $9.00B
Rhysida ransomware operators destroyed servers, demanded ~ยฃ600,000, and leaked 600 GB of internal data when the British Library refused to pay. The main catalogue did not return online โ read-only โ until January 2024. Recovery is consuming 40% of the Library's financial reserves.
Victim British Library
Loss $8.5M
LockBit operators exploited the Citrix Bleed vulnerability (CVE-2023-4966) to enter Boeing's parts and distribution business. Boeing did not pay; LockBit leaked roughly 45 GB of data, including Citrix logs, email backups, supplier lists, and 2020 pricing data.
Victim Boeing โ Parts and Distribution business
The Medusa ransomware gang breached the Philippine Health Insurance Corporation, exfiltrating around 750 GB of sensitive member and medical data and demanding a $300,000 ransom; the government refused to pay and the data was leaked.
Victim Philippine Health Insurance Corporation (PhilHealth)
A ransomware attack crippled roughly 80% of the Hong Kong Consumer Council's computer systems, with attackers exfiltrating about 65GB of data and demanding a US$500,000 ransom that the watchdog refused to pay.
Victim Hong Kong Consumer Council
A ransomware attack on regional cloud provider IFX Networks cascaded into more than 50 Colombian state and private entities โ including the Ministry of Health, the Judiciary, and the Superintendency of Industry and Commerce โ and affected 762 organisations across Latin America.
Victim IFX Networks (Colombian government clients)
A ransomware attack on Sri Lanka's Lanka Government Cloud encrypted around 5,000 gov.lk email accounts โ including the Cabinet Office โ and, because backups were also encrypted, permanently destroyed roughly three months of government email.
Victim Lanka Government Cloud (ICTA Sri Lanka)
Scattered Spider vished an MGM IT-desk agent, gained Okta admin, and let ALPHV detonate ransomware. Casinos went offline for ten days; the loss to MGM exceeded $100 million.
Victim MGM Resorts International
Loss $100.0M
Scattered Spider impersonated a Caesars employee on a call to a third-party IT support vendor and convinced the vendor to grant Okta credentials, then exfiltrated customer loyalty data including SSNs and driver's licences. Caesars paid roughly $15 million ransom; the FBI later froze a substantial portion of the funds with Chainalysis assistance.
Victim Caesars Entertainment
Loss $15.0M
The Play ransomware gang breached Swiss IT supplier Xplain and leaked around 65,000 documents on the darknet, including sensitive Federal Administration files from the justice, police, and defence departments.
Victim Xplain AG
Records 65.0K
Play ransomware breached Swiss IT services provider Xplain, exfiltrating 1.3 million files. Approximately 65,000 documents belonging to the Swiss Federal Administration โ including classified content, personal data, and readable passwords โ were published on Play's dark-web leak site in June 2023.
Victim Xplain (Swiss IT services provider to the Federal Administration)
Records 1.3M
The LockBit ransomware gang crippled Indonesia's largest Islamic bank for days, then leaked 1.5 TB of data covering some 15 million customers and employees after a $20 million ransom went unpaid.
Victim Bank Syariah Indonesia
Records 1500.00B
A Black Basta ransomware intrusion into UK outsourcing giant Capita exposed pension and personal data on roughly 6.6 million people, drew a ยฃ14 million ICO fine, and cost the company over ยฃ25 million.
Victim Capita
Loss $32.0M
Records 6.6M
LockBit affiliates encrypted Canada's largest bookseller, taking the website and in-store payment systems offline for weeks. Indigo publicly refused the ransom; LockBit published employee personal data.
Victim Indigo Books & Music Inc.
Loss $40.0M
Records 5.0K
LockBit affiliates encrypted Royal Mail's international export systems, halting all overseas postal services from the U.K. for six weeks. Royal Mail publicly refused the ยฃ65.7M ransom demand; LockBit progressively leaked exfiltrated data.
Victim Royal Mail International
Loss $60.0M
Toronto's Hospital for Sick Children was hit by a ransomware attack over the December 2022 holidays that delayed lab and imaging results; in a rare move, the LockBit gang apologized, blamed a rogue affiliate, and released a free decryptor.
Victim The Hospital for Sick Children (SickKids)
The BlackCat/ALPHV ransomware gang crippled Colombia's largest public utility, Empresas Pรบblicas de Medellรญn, forcing 4,000 staff to work offline and disrupting electricity, water, and gas billing across 123 municipalities.
Victim Empresas Pรบblicas de Medellรญn (EPM)
The RansomHouse gang struck Colombian healthcare giant Keralty and its EPS Sanitas and Colsanitas subsidiaries, claiming 3 TB of stolen data and crippling appointment scheduling for a network serving more than 6 million patients.
Victim Keralty (EPS Sanitas, Colsanitas)
Ransomware encrypted the All India Institute of Medical Sciences in New Delhi โ India's most prestigious public hospital โ taking patient registration and clinical records offline for two weeks during peak winter patient load.
Victim All India Institute of Medical Sciences (AIIMS) New Delhi
Loss $15.0M
The Daixin Team ransomware gang breached AirAsia, stealing and leaking personal data on roughly 5 million unique passengers and all of the airline's employees, after the carrier reportedly declined to negotiate a ransom.
Victim AirAsia (Capital A Berhad)
Records 5.0M
Russian-speaking attackers exfiltrated full health-claim records on 9.7 million current and former Medibank customers, then released them in tranches on the dark web after the Australian insurer refused to pay.
Victim Medibank Private
Loss $250.0M
Records 9.7M
The Ragnar Locker ransomware gang breached Portugal's flag carrier, exfiltrating and later publishing 581 GB of data on roughly 1.5 million customers, exposing names, dates of birth, addresses and contact details for over 5 million email accounts.
Victim TAP Air Portugal
Records 1.5M
Ransomware encrypted the Microsoft and VMware ESXi servers of Chile's National Consumer Service (SERNAC), disrupting its systems and online services and prompting the government CSIRT to issue a state-wide cybersecurity alert.
Victim Servicio Nacional del Consumidor (SERNAC)
A LockBit 3.0 ransomware attack on NHS software supplier Advanced took down the NHS 111 triage service and forced clinicians back to pen and paper, exposing data on tens of thousands of patients and drawing a ยฃ3.07 million ICO fine.
Victim Advanced (Advanced Computer Software Group)
Loss $27.0M
Records 82.9K
LockBit operators infiltrated parts of German auto-parts giant Continental AG's IT systems in August 2022. Containment was initially declared, but in November the group put 40 terabytes of stolen Continental data on its dark-web leak site, offered for sale or destruction for $50 million.
Victim Continental AG
The Hive ransomware group crippled Costa Rica's national public-health insurer, the CCSS, encrypting more than 800 servers, forcing hospitals back to paper, and cancelling tens of thousands of medical appointments.
Victim Caja Costarricense de Seguro Social (CCSS)
The BlackCat/ALPHV ransomware gang encrypted around 3,000 computers of Austria's Carinthia state government and demanded $5 million, halting passport issuance, traffic-fine processing and COVID-19 contact tracing for weeks. The state refused to pay and rebuilt from backups.
Victim State of Carinthia (Land Kรคrnten)
Conti encrypted 27 Costa Rican government institutions including the Ministry of Finance, paralyzing tax collection and customs for months. President Chaves declared a national emergency โ the first cyber-incident state of emergency in history.
Victim Government of Costa Rica (27 institutions incl. Ministry of Finance, Customs, Social Security)
Loss $130.0M
A ransomware attack attributed to the Vice Society gang paralysed Greece's national postal operator ELTA for roughly eight days, halting financial services and pension payments, with data later leaked and a โฌ2.99 million GDPR fine in 2024.
Victim Hellenic Post (ELTA)
Loss $3.2M
The Hive ransomware gang hit Rompetrol, operator of Romania's largest oil refinery Petromidia, demanding a $2 million ransom and knocking out the Fill&Go payment service and corporate websites while refinery operations continued.
Victim Rompetrol (KMG International)
An attack on Toyota plastics-and-electronics supplier Kojima Industries paralysed one server enough to halt production at all 14 of Toyota's Japanese plants โ about 13,000 vehicles of daily output โ making the case the canonical example of just-in-time manufacturing's cyber-fragility.
Victim Kojima Industries (Toyota supplier)
The BlackCat (ALPHV) ransomware gang struck aviation ground-handling giant Swissport, delaying flights at Zurich Airport and stealing 1.6 TB of data that was later leaked online.
Victim Swissport International
Records 1600.00B
The Lapsus$ group seized the Amazon Web Services account of Impresa, Portugal's largest media conglomerate, knocking the Expresso newspaper and SIC television channels offline, defacing their websites and hijacking Expresso's verified Twitter account in what authorities called the country's largest ransomware attack.
Victim Impresa (Expresso / SIC)
A ransomware attack encrypted the central systems of Amedia, Norway's largest local-newspaper group, halting presses and disrupting subscription and advertising systems for more than 70 titles serving around 2 million readers. Amedia refused to pay.
Victim Amedia
A Hive ransomware attack on Newfoundland and Labrador's health-care network crippled IT systems across the province, forcing the cancellation of thousands of appointments and procedures in what officials called the worst cyberattack in Canadian history.
Victim Newfoundland and Labrador Centre for Health Information / Eastern Health
DeepBlueMagic ransomware paralysed Israel's Hillel Yaffe Medical Center, locking every hospital computer system. As a government-owned hospital barred from paying ransom, it ran on paper and alternative systems for weeks, taking roughly two months to fully recover.
Victim Hillel Yaffe Medical Center
A ransomware intrusion using a Cobalt Strike beacon forced Ecuador's largest private bank, Banco Pichincha, to take ATMs, online banking, and its mobile app offline for several days.
Victim Banco Pichincha
The AvosLocker ransomware gang attacked the Dubai branch of NHS-affiliated Moorfields Eye Hospital, exfiltrating roughly 60 GB of patient and staff data including ID cards, insurance claims and internal records, then dumping it online.
Victim Moorfields Eye Hospital Dubai
A RansomEXX ransomware attack encrypted the datacenter of Italy's Lazio Region, knocking the COVID-19 vaccination booking portal offline for days and triggering a domestic terrorism investigation.
Victim Regione Lazio
A ransomware attack on South Africa's state-owned logistics firm Transnet shut down operations at Durban, Ngqura, Port Elizabeth and Cape Town container terminals, forcing the operator to declare force majeure. Durban โ 60% of Southern Africa's containerised trade โ reverted to paper-based clearance for cargo for a week.
Victim Transnet SOC (state-owned freight & port operator)
The RansomEXX gang hit Ecuador's state-run telecom CNT, disrupting its payment portal and call centers and claiming to have stolen more than 190 GB of corporate and customer data.
Victim Corporaciรณn Nacional de Telecomunicaciones (CNT EP)
Swiss price-comparison portal Comparis was knocked offline by ransomware and faced a roughly $400,000 demand; investigators later found attackers had accessed some internal customer data.
Victim Comparis
REvil affiliates encrypted the world's largest meat processor, shutting down beef and pork plants across the U.S., Canada, and Australia. JBS paid an $11 million ransom โ one of the largest publicly-confirmed ransomware payments at the time.
Victim JBS S.A. / JBS USA
Loss $100.0M
A Zeppelin ransomware attack crippled New Zealand's Waikato District Health Board, taking down clinical systems and phone lines across five hospitals for weeks, postponing surgeries, and leaking patient and staff data on the dark web.
Victim Waikato District Health Board
Conti ransomware paralysed Ireland's Health Service Executive, forcing cancellation of outpatient appointments nationwide for weeks. Conti released the decryptor for free; recovery still cost an estimated โฌ100M+.
Victim Health Service Executive (HSE) of Ireland
Loss $130.0M
Records 700.0K
Conti operators tricked an HSE user into downloading a booby-trapped Excel attachment; the resulting ransomware forced the Health Service Executive to shut down all of Ireland's healthcare IT systems and exfiltrated 700 GB including COVID-19 vaccination PHI. Recovery cost exceeded โฌ100 million.
Victim Health Service Executive (HSE) of Ireland
Loss $110.0M
A reused VPN password let DarkSide encrypt Colonial Pipeline's billing systems. The operator shut down 5,500 miles of fuel pipeline for six days, paid $4.4M, and triggered a federal emergency.
Victim Colonial Pipeline Company
Loss $4.4M
The Babuk ransomware gang breached Spanish mobile retailer The Phone House and leaked roughly 100 GB of customer data โ names, ID numbers, bank details and contact information on up to 3 million people โ after the company refused to pay.
Victim The Phone House Espaรฑa
Loss $7.0M
Records 3.0M
HelloKitty ransomware encrypted CD Projekt Red devices and exfiltrated source code for Cyberpunk 2077, The Witcher 3, Gwent, and an unreleased version of The Witcher 3. CDPR refused to pay; the data was auctioned and reportedly sold to a private buyer.
Victim CD Projekt Red
The Black Shadow group breached Israeli insurer Shirbit, stealing ID cards, passports, financial and medical documents, and demanded a bitcoin ransom that escalated toward $1 million. When Shirbit refused, the attackers leaked customer data in stages.
Victim Shirbit Insurance
The RansomExx gang encrypted more than 1,000 servers at Brazil's Superior Tribunal de Justiรงa, paralysing the country's second-highest court for over a week in the most severe cyberattack ever against a Brazilian public institution.
Victim Superior Tribunal de Justiรงa (STJ)
The Clop ransomware gang breached German enterprise-software giant Software AG, demanded a $23 million ransom, forced internal systems offline, and leaked over a terabyte of stolen company and employee data after negotiations failed.
Victim Software AG
NetWalker ransomware crippled the billing and online systems of Karachi's sole electricity supplier and demanded a $3.85 million ransom that would double to $7.7 million; when K-Electric refused, the gang dumped an 8.5 GB archive of stolen data online.
Victim K-Electric
REvil (Sodinokibi) ransomware encrypted roughly 14,000 workstations at BancoEstado, one of Chile's largest banks, forcing it to close all branches nationwide for a day while ATMs, online banking, and customer funds were kept unaffected by network segmentation.
Victim BancoEstado
Netwalker ransomware encrypted the systems of Argentina's national immigration agency, halting all border crossings for about four hours and prompting a $4 million ransom demand that the government refused to pay.
Victim Direcciรณn Nacional de Migraciones
Attackers breached Swedish physical-security firm Gunnebo, stole 19 GB of data, and after the company refused to pay, leaked bank-vault floor plans, alarm schematics, and security arrangements for high-value clients including a Swedish parliament building.
Victim Gunnebo Group
Records 38.0K
Evil Corp deployed the WastedLocker ransomware against Garmin, taking flyGarmin aviation services, Garmin Connect, and inReach satellite messaging offline for five days. Garmin paid an estimated $10M ransom despite OFAC sanctions on Evil Corp.
Victim Garmin Ltd.
Loss $30.0M
A ransomware attack forced Brno University Hospital โ one of Czechia's largest hospitals and a major COVID-19 testing centre โ to shut down its entire IT network, cancel surgeries, and divert acute patients at the height of the early pandemic.
Victim Brno University Hospital (Fakultnรญ nemocnice Brno)
Clop ransomware encrypted backend servers at INA Group, Croatia's largest oil company and petrol-station chain, knocking out invoicing, loyalty cards, e-vignettes, mobile vouchers and utility-bill payments while fuel sales continued.
Victim INA Group
A ransomware attack paralysed weaving-machine manufacturer Picanol's plants in Ieper (Belgium), Romania, and China, halting production for ~2,300 employees for over a week. Trading in Picanol shares was suspended during the disruption.
Victim Picanol Group
REvil/Sodinokibi operators detonated against Travelex on New Year's Eve 2019 after dwelling in the network for six months via an unpatched Pulse Secure VPN. Travelex paid $2.3 million; parent Finablr failed; PwC put Travelex into administration with the loss of over 1,300 jobs.
Victim Travelex
Loss $2.3M
TA505 used Clop ransomware to encrypt 267 Maastricht University servers over Christmas 2019 after two phishing emails on 15โ16 October had compromised the network. The university paid 30 BTC (~$220,000). The ransom Bitcoin โ later seized from a money mule โ was returned and had appreciated, leaving the university ahead by ~$300,000.
Victim Maastricht University
Loss $220.0K
Canada's largest medical-testing laboratory disclosed that attackers had accessed health data on roughly 15 million customers, paid an undisclosed ransom to retrieve the stolen records, and was later found by privacy regulators to have failed to safeguard the information.
Victim LifeLabs
Records 15.0M
An EmotetโTrickBotโRyuk malware chain crippled the Rudolf and Stefanie Hospital in Beneลกov, Czech Republic, knocking out X-ray, ultrasound, and laboratory systems and paralysing the facility for weeks. The hospital did not pay the ransom and reported no patient-record loss.
Victim Rudolf and Stefanie Hospital, Beneลกov
DoppelPaymer ransomware paralysed corporate IT systems at Mexican state oil company Pemex, freezing payments and communications for weeks. Attackers demanded 565 BTC (~$5M). Pemex refused to pay; total recovery cost reached approximately $71 million.
Victim Petrรณleos Mexicanos (Pemex)
Loss $71.0M
A ransomware-style cyber incident forced Danish hearing-aid giant Demant to shut down IT systems worldwide, crippling production and order processing and causing an estimated loss of up to $95 million โ one of the costliest single ransomware events on record.
Victim Demant
Loss $95.0M
Aluminium producer Norsk Hydro lost most of its global IT estate to the LockerGoga ransomware. Hydro publicly refused to pay, ran operations on paper for weeks, and set the editorial standard for transparent incident communication.
Victim Norsk Hydro
Loss $75.0M
A WannaCry ransomware variant spread through unpatched Windows 7 fabrication tools at TSMC, the world's largest contract chipmaker, halting production at plants in Hsinchu, Taichung, and Tainan and causing an estimated $170 million in losses.
Victim Taiwan Semiconductor Manufacturing Company (TSMC)
Loss $170.0M
On the day WannaCry erupted worldwide, the worm tore through the corporate network of Spanish telecom giant Telefรณnica, forcing the company to order thousands of staff at its Madrid headquarters to shut down their PCs.
Victim Telefรณnica
A North Korean ransomware worm that exploited the EternalBlue SMB vulnerability to spread to ~200,000 systems across 150 countries in 24 hours. Paralysed the U.K.'s NHS and crippled manufacturing globally.
Victim ~200,000 organizations worldwide (UK NHS, Telefรณnica, Renault, Deutsche Bahn, Honda et al.)
Loss $6.00B