Undisclosed financial institution (Asia)
May 1, 2025
•[ ransomware ]
Fog ransomware executed a May 2025 attack against an undisclosed financial institution in Asia, using Syteca (formerly Ekran) and open-source tools GC2, Adaptix, and Stowaway prior to encryption. Symantec confirmed operational disruption but did not report data theft or quantify downtime.
Pike County (via Ohio Valley Technologies)
April 28, 2025
•[ ransomware, malware, government ]
Third-party ransomware attack via OVT disclosed April 28 2025. Resulted in unauthorized access and exfiltration of Pike Countys sensitive data for over 33,000 individuals. No encryption of county systems was reported.
Iowa County Government
April 28, 2025
•[ ransomware ]
Iowa County detected ransomware on April 28, 2025 and took systems offline; officials confirmed ransomware and issued public notices during recovery.
Epicentr K
April 28, 2025
•[ ransomware ]
On April 28 2025, Ukraines largest home improvement retailer Epicentr K suffered a ransomware attack that fully encrypted servers and back-office systems, taking down cash registers, accounting, and logistics across its nationwide network. Operations were halted for at least 24 hours before gradual restoration began. No data theft has been confirmed, and the attacker remains unidentified.
Doctors Hospital Cayman Islands
April 28, 2025
•[ ransomware ]
On April 28 2025, Doctors Hospital in the Cayman Islands contained a ransomware incident that encrypted portions of its administrative IT environment. The hospital reported that its patient-record platform, hosted on a separate proprietary system, was unaffected. Operations continued with minimal disruption, and no evidence of data exfiltration was found.
Biopharma Company, Hinjewadi (Pune)
April 27, 2025
•[ ransomware, data leak ]
A ransomware attack discovered on April 27 2025 disrupted a biopharmaceutical company in Hinjewadi (Pune) after an unknown actor accessed internal servers, exfiltrated and encrypted data, and demanded USD 80,000 for decryption; the incident affected 15 on-premises research systems and is under investigation by Pune Cyber Cell.
Hitachi Vantara
April 26, 2025
•[ ransomware, data leak ]
Akira ransomware infiltrated Hitachi Vantaras internal network, stealing corporate data and encrypting parts of its IT environment, prompting incident response and system restoration efforts.
Juan F. Luis Hospital
April 26, 2025
•[ ransomware, vulnerability ]
Ransomware accessed two local servers via an overlooked vulnerability and forced the hospital into prolonged downtime, manual workflows, and a wholesale technology rebuild. CEO reports weekly cash flow impact of $750k$800k due to delayed electronic billing yet maintains no patient or staff data was stolen; operations gradually restored as systems returned.
Kintetsu World Express
April 23, 2025
•[ ransomware ]
Ransomware attack discovered April 23 2025 disrupted logistics processing across multiple global offices of Kintetsu World Express; several servers and workstations were encrypted, delaying shipments and customs documentation; no data theft confirmed.
Aigües de Mataró
April 21, 2025
•[ ransomware ]
Ransomware encrypted Aiges de Matars corporate servers on April 21 2025, taking the website offline and delaying customer services. The utility reported no evidence of data exfiltration; water service and quality remained unaffected. No actor has claimed responsibility.
Aigües de Mataró
April 21, 2025
•[ ransomware, encryption, service disruption ]
Ransomware encrypted Aiges de Matars corporate servers on April 21 2025, taking the website offline and delaying customer services. The utility reported no evidence of data exfiltration; water service and quality remained unaffected. No actor has claimed responsibility.
City of Abilene
April 18, 2025
•[ ransomware, data leak ]
On April 18 2025, the City of Abilene, Texas, detected unresponsive servers and shut down affected systems. Reports state certain systems were taken offline and none of the card systems at government offices were working; emergency services remained up and running. The Qilin ransomware group later claimed responsibility; roughly 477 GB of data were reported stolen and some data encrypted/deleted.
Pierce County Library System
April 15, 2025
•[ ransomware, data leak, service disruption ]
The Record reported that the Pierce County Library System discovered a cybersecurity incident on April 21, 2025 that forced it to shut down all systems, with an investigation later finding attackers had access between April 15 and April 21. By May 12, the library confirmed hackers breached systems and stole information on both patrons and current/former employees, and later breach notifications indicated more than 340,000 people were impacted. The report stated the INC ransomware gang claimed the attack in May, and the combination of service shutdown and confirmed data theft supports a mixed event involving disruption and data compromise.
Hamilton County Sheriff’s Office
April 14, 2025
•[ ransomware, data leak ]
Ransomware attack by the Qilin group encrypted internal systems and took the Hamilton County (Tennessee) Sheriffs Office website offline; attackers demanded $300,000 and claimed data theft, but no exfiltration has been verified; systems fully restored by early May 2025.
Hamilton County Sheriff’s Office
April 14, 2025
•[ ransomware, data theft, extortion ]
Ransomware attack by the Qilin group encrypted internal systems and took the Hamilton County (Tennessee) Sheriffs Office website offline; attackers demanded $300,000 and claimed data theft, but no exfiltration has been verified; systems fully restored by early May 2025.
Ontario Health atHome
April 13, 2025
•[ ransomware, data exfiltration, healthcare ]
Ontario Medical Supply (OMS), a vendor supporting Ontario Health atHomes home care supply operations, experienced a ransomware incident in 2025. Reporting described earliest observed access on March 17, 2025, followed by ransomware payload execution on April 13, 2025, after which OMS systems failed and the organization was locked out of a significant portion of servers. Internal reporting referenced impacts to roughly 200,000 patients and indicated breached data included names, contact information, and medical supplies/equipment ordered. OMS later stated only a limited amount of incomplete data was exfiltrated and said it found no evidence of misuse at the time of its statement.
CMC Corporation
April 12, 2025
•[ ransomware, data leak ]
Ransomware group Crypto24 carried out a double-extortion attack against Vietnam-based CMC Corporation on April 12, 2025, exfiltrating roughly 2 TB of internal data and encrypting subsidiary servers for less than one day.
DaVita Inc.
April 12, 2025
•[ ransomware, data leak ]
On April 12, 2025, DaVita reported a ransomware incident that encrypted elements of its network and disrupted some operations. Subsequent disclosures confirmed theft of personal and medical information impacting over one million individuals.
SK Group (SK Inc.)
April 10, 2025
•[ ransomware, data leak ]
Qilin listed sk.com on its leak site on April 10 2025, claiming it stole approximately 1 TB of SK Group corporate data. SK has not publicly confirmed the breach or the claimed data volume, and no encryption or operational disruption has been reported.
3P Corporation Pty Ltd
April 10, 2025
•[ ransomware, data leak ]
Melbourne-based financial and tax advisory firm 3P Corporation was listed by the Space Bears ransomware group on Apr 10 2025, which claimed to have stolen ~213 GB of corporate and client data; no encryption or service disruption confirmed; breach publicly reported Jun 2 2025.
