Belk, Inc.
July 29, 2025
•[ ransomware ]
Ransomware group INC claimed an attack on Belk; the retailer's confirmation and scope had not been disclosed at report time.
Albavision (Albavisión)
July 28, 2025
•[ ransomware, data leak, business disruption ]
GlobalGroup ransomware group alleged breach and data theft at media giant Albavision affecting broadcast operations, with data samples posted.
Gloucester County, Virginia
July 27, 2025
•[ ransomware ]
Gloucester County reported responding to a ransomware attack that impacted county systems and public access to some services.
Curaçao Tax & Customs Administration
July 24, 2025
•[ ransomware, malware, government ]
Ransomware attack on July 24, 2025 encrypted and paralyzed systems of Curaaos Tax & Customs Administration, disabling counters, phone lines, and internal operations. Online tax filing remained active. Services restored by August 4. No perpetrator identified; no data exfiltration reported.
Curaçao Tax & Customs Administration
July 24, 2025
•[ ransomware, operational disruption, government ]
Ransomware attack on July 24, 2025 encrypted and paralyzed systems of Curaaos Tax & Customs Administration, disabling counters, phone lines, and internal operations. Online tax filing remained active. Services restored by August 4. No perpetrator identified; no data exfiltration reported.
Schools in Shropshire (11 schools)
July 21, 2025
•[ ransomware ]
Local council committee informed that a ransomware cyberattack impacted 11 schools in Shropshire.
Palo Alto Networks (investigator)
July 17, 2025
•[ ransomware, malware, technology ]
Ransomware deployment (4L4MD4R) via exploitation of Microsoft SharePoint ToolShell vulnerabilities; attackers disabled defenses, bypassed certificate validation, and encrypted files; ransom note threatened deletion upon decryption attempts.
Mower County (Minnesota)
July 17, 2025
•[ ransomware ]
Mower County reported restoration progress following a ransomware incident that disrupted county services for roughly two weeks.
Otjiwarongo Municipality
July 17, 2025
•[ ransomware ]
Namibian Sun reports Otjiwarongo Municipality was hit by a cyberattack and a ransom was demanded, impacting services.
Cookeville Regional Medical Center (CRMC)
July 16, 2025
•[ ransomware ]
Local paper confirms ransomware at CRMC; hospital switched to downtime procedures while responding to the incident.
Albemarle County, Virginia
July 15, 2025
•[ ransomware, data leak ]
Albemarle County said a specific ransomware group was responsible for a July attack that disrupted services and potentially accessed internal records.
WineLab (Novabev Group)
July 14, 2025
•[ ransomware ]
Ransomware attack shutdown 2041 WineLab stores and online services across Russia.
Seoul Guarantee Insurance (SGI)
July 14, 2025
•[ ransomware ]
Ransomware attack began early Monday; joint investigation confirmed ransomware; SGI core systems offline for third day, causing widespread confusion.
Crenshaw Community Hospital
July 14, 2025
•[ ransomware, data leak ]
Ransomware group PayoutsKing claimed responsibility for a July 14 2025 attack on Crenshaw Community Hospital, exfiltrating approximately 53 GB of data; encryption was not confirmed.
Nymburk Hospital
July 8, 2025
•[ ransomware, extortion ]
Czech police investigating a cyberattack on Nymburk Hospital including extortion elements; disruption reported.
Woodlawn Health
July 5, 2025
•[ ransomware, malware, healthcare ]
Woodlawn Health in Rochester, Indiana suffered a ransomware attack starting July 5, 2025, which encrypted systems and disrupted clinical and administrative operations. Systems were gradually restored, and officials confirmed that some patient care was impacted. Investigations continue into whether personal or medical data was exfiltrated.
Ingram Micro
July 3, 2025
•[ ransomware ]
SafePay ransomware attack on Ingram Micro shut down internal systems, website, and online ordering systems.
Avantic Medical Lab
July 3, 2025
•[ ransomware, data leak ]
Everest listed the lab June 10 and leaked 31 GB of patient files on July 3; contents include PHI, EOB files, and some financial details.
Deutsche Welthungerhilfe (WHH)
July 2, 2025
•[ ransomware, data leak ]
RaaS group listed WHH and offered stolen data for sale; WHH shut down affected systems, involved police and DPA, and refused to pay.
Accu Reference Medical Laboratory
July 1, 2025
•[ ransomware, data leak ]
Qilin listed Accu Reference on July 10 claiming they acquired data on July 1; screenshots display unredacted PHI; encryption not indicated.
