Sociedad Hipotecaria Federal
January 21, 2026
•[ ransomware, data leak, encryption ]
Sociedad Hipotecaria Federal was listed by LockBit, which claimed to have stolen 277 GB of data and published it after a ransom deadline expired; reporting also cited encryption of critical systems and operational disruption.
Veenkoloniaal Museum (Veendam)
January 7, 2026
•[ ransomware, unauthorized access, data theft ]
The Veenkoloniaal Museum in Veendam experienced a ransomware incident discovered on January 7, 2026, in which the LockBit group gained unauthorized access to systems. Data was stolen and files were rendered inaccessible, affecting digital records and image archives. Individuals whose personal data was involved were notified. The museum restored systems from backups and declined to negotiate with the attackers.
LockBit ransomware operation
May 7, 2025
•[ ransomware, data leak, deface ]
LockBits dark-web panels were defaced and a MySQL database dump with internal operational data was posted by an unknown actor.
Robeson County Government
December 10, 2024
•[ ransomware, malware, government ]
Robeson County, North Carolina confirmed that a December 2024 LockBit ransomware incident encrypted county servers and exfiltrated HR and payroll data. County operations were disrupted for about three weeks before full restoration in January 2025.
Fairfield Memorial Hospital
July 2, 2024
•[ ransomware, leak, malware ]
The LockBit ransomware gang claims to have breached Fairfield Memorial Hospital in Illinois and adds it to their Tor leak site.
University Hospital Centre in Zagreb, a.k.a. KBC Zagreb
June 27, 2024
•[ ransomware, malware, healthcare ]
The LockBit ransomware gang claims responsibility for a cyberattack on Croatias largest hospital, which forces it to shut down IT systems for a day.
City of Wichita
May 3, 2024
•[ ransomware, malware, government ]
The City of Wichita, Kansas, discloses it was forced to shut down portions of its network after suffering a weekend ransomware attack. The LockBit ransomware operation claims responsibility for the attack.
Keuka College
April 25, 2024
•[ ransomware, malware, education ]
Keuka College discloses a ransomware attack, allegedly carried out by the LockBit ransomware operation.
Medios de Prevención Externos Sur SL
March 22, 2024
•[ ransomware, LockBit, medical ]
Medios de Prevencin Externos Sur SL, a medical company servicing Spain's Guardia Civil, is hit with a LockBit ransomware attack.
Government of Palau
March 15, 2024
•[ ransomware, malware, government ]
The government of Palau is hit with an alleged ransomware attack by the LockBit and DragonForce ransomware gangs.
Municipality of Korneuburg
February 2, 2024
•[ ransomware, malware, government ]
The municipality of Korneuburg in Austria says it was hit by a LockBit ransomware attack, leading to funerals reportedly being canceled and the town hall informing residents its staff can only be reached via telephone.
Maisons de l’Avenir
January 15, 2024
•[ ransomware, data leak ]
Maisons de lAvenir is added to the LockBit 3.0 ransomware leak site.
Eagers Automotive
December 24, 2023
•[ ransomware, malware, automotive ]
Eagers Automotive, the largest operator of car dealerships in Australia and New Zealand, announces it suffered a cyberattack and was forced to halt trading on the stock exchange as it evaluates the impact of the incident. The Lockbit ransomware gang claims responsibility for the attack.
Saint Anthony Hospital
December 18, 2023
•[ ransomware, malware, healthcare ]
Saint Anthony Hospital files a notice of data breach after discovering that an unauthorized party was able to gain access to the organizations IT network. The LockBit ransomware group claims responsibility for the attack.
Amber Hill Group
November 8, 2023
•[ ransomware, leak, malware ]
The LockBit 3.0 ransomware group adds Amber Hill Group the their leak site.
Consorzio di Bonifica dell'Emilia Centrale
November 6, 2023
•[ ransomware, malware, government ]
The LockBit 3.0 ransomware gang claims responsibility for a cyber attack to Consorzio di Bonifica dell'Emilia Centrale.
Quertaro Intercontinental Airport
October 30, 2023
•[ ransomware, malware ]
The Quertaro Intercontinental Airport confirms reports that it had been attacked. The LockBit ransomware gang claims responsibility for the attack.
Rao Hondo College
October 24, 2023
•[ ransomware, leak, malware ]
Rao Hondo College in Southern California is listed in the Lockbit ransomware leak site.
Hillsborough County Public Schools
September 15, 2023
•[ ransomware, malware, education ]
LockBit adds Hillsborough County Public Schools to their leak site, claiming to have acquired 2 TB of data, and providing a file list and some sample files.
Skokie-Morton Grove School District 69
September 8, 2023
•[ ransomware, malware, education ]
The LockBit ransomware gang adds Skokie-Morton Grove School District 69 to their leak site.
