Search Results for "Ransomware"

Multiple organizations with exposed MongoDB databases January 30, 2026 • [ MongoDB, data breach, ransomware ] A threat actor actively accessed, queried, and ransacked more than 1400 publicly exposed MongoDB application servers, exfiltrating data and leaving ransom notes demanding payment in exchange for deletion or non-disclosure of the stolen information.

SmarterTools January 29, 2026 • [ ransomware, network intrusion, vulnerability ] SmarterTools confirmed that the Warlock ransomware gang breached its network after compromising a single SmarterMail virtual machine set up by an employee and not kept updated. The company said the intrusion began January 29, 2026 and that the attackers waited about a week before attempting encryption, but security controls reportedly prevented encryption, impacted systems were isolated, and data was restored from backups. SmarterTools stated business applications and customer account data were not impacted.

City of New Britain January 28, 2026 • [ ransomware, cyberattack, infrastructure disruption ] City of New Britain municipal systems were taken offline following a ransomware attack that disrupted internal networks and communications, prompting coordination with federal and state authorities to restore services.

Atlas Air January 27, 2026 • [ ransomware, data leak, aircraft maintenance ] Cybernews reported that the Everest ransomware group claimed it siphoned 1.2TB of data from cargo airline Atlas Air, including aircraft maintenance documents and repair reports and information related to Boeing aircraft. Cybernews said the attackers did not attach direct data samples, only screenshots, and noted that Atlas Air explicitly denied its systems were breached.

Concello de Sanxenxo (Spanish Municipality) January 26, 2026 • [ ransomware, data encryption, bitcoin ] A ransomware attack encrypted thousands of administrative documents at the Concello de Sanxenxo, prompting a $5,000 Bitcoin ransom demand. The city refused to pay and is restoring systems from backups; the incident disrupted internal municipal operations and required a formal complaint to the Guardia Civil.

Enviro-Hub Holdings Ltd. January 25, 2026 • [ ransomware, server breach ] Enviro-Hub Holdings Ltd. disclosed a ransomware attack targeting group servers; company reported no material operational impact.

HanseMerkur January 24, 2026 • [ data leak, ransomware, financial documents ] DragonForce claimed it stole 97 GB of internal data from German insurer HanseMerkur and released sample financial documents; the company had not confirmed the breach at the time of reporting.

Winona County January 23, 2026 • [ ransomware, forensics, emergency services ] Winona County, Minnesota reported responding to a ransomware incident that impacted its computer network. The county engaged third-party cybersecurity and forensics specialists and coordinated with local, state, and federal law enforcement. While emergency services such as 911, fire, and emergency response operations were reported to remain operational, the incident was significant enough that county leadership declared a local emergency. Further technical details, including the ransomware variant, extent of disruption across departments, and whether data was stolen, were not provided in the brief public update.

Nike January 22, 2026 • [ ransomware, data leak, exfiltration ] A ransomware group calling itself WorldLeaks (reported as a rebrand of Hunters International) claimed it breached Nike and began leaking data online. The groups leak-site posting dated January 22, 2026 alleged exfiltration of more than 1.4TB of files. A review of the leaked directory names suggested the exposed material primarily relates to product development and manufacturing operations, including design specifications and supplier-related operational documents, along with internal presentations and collaboration materials. Nike stated it was investigating the claims.

Sociedad Hipotecaria Federal January 21, 2026 • [ ransomware, data leak, encryption ] Sociedad Hipotecaria Federal was listed by LockBit, which claimed to have stolen 277 GB of data and published it after a ransom deadline expired; reporting also cited encryption of critical systems and operational disruption.

At least one Iranian consumer January 20, 2026 • [ Android banking trojan, Remote-access trojan (RAT), Ransomware ] Cyble Research and Intelligence Labs (CRIL) reported discovering deVixor, an advanced Android banking trojan that has remote-access (RAT) capabilities and can also deploy a ransomware-style device lock screen. The campaign explicitly targets Iranian users, distributing malicious APKs via phishing websites posing as legitimate automotive businesses and luring victims with heavily discounted vehicle offers. Once installed, deVixor prompts victims to grant high-risk permissions (contacts, SMS, media files, accessibility service), then harvests SMS data to extract banking information such as account balances, OTPs, bank alerts, credit card details, and crypto transaction data. It also uses WebView-based JavaScript injection to load real banking sites inside a hidden WebView and steal login credentials during authentication. In some cases, operators activate a ransom overlay that locks the device and demands payment to a cryptocurrency wallet. Cyble said it identified 700+ deVixor samples since October 2025 and observed indicators (Persian artifacts, targeted-app lists, Telegram infrastructure) suggesting strong familiarity with Irans financial ecosystem.

McDonald's India January 20, 2026 • [ ransomware, data leak, data exfiltration ] HackRead reported that on January 20, 2026 the Everest ransomware group claimed it breached McDonalds India and exfiltrated 861 GB of customer data and internal documents. The report described screenshots purportedly showing internal financial reports (20232026), audit trails, cost tracking, ERP migration files, pricing data, and other internal communications, as well as a Contact Database spreadsheet with investor/business-partner contact details and store-level manager contact information. Everest reportedly issued a short deadline and threatened to leak data; the article noted the claim was unverified at the time.

Hyatt January 19, 2026 • [ ransomware, data leak, double-extortion ] A ransomware group calling itself NightSpire publicly claimed on January 19, 2026 that it attacked Hyatt and exfiltrated 48.5GB of data originating from the Hyatt Place Chelsea New York hotel. The actors published samples that appeared to include internal company documents such as invoices, expense reports containing employee names, contact information, signatures, and partner company data, and researchers noted the sample list suggested possible exposure of employee credentials for internal tools (raising risk of further compromise). The posting indicated a free download link, consistent with double-extortion tactics where stolen data is leaked if negotiations fail. At the time of reporting, Hyatt had not publicly confirmed the breach and the claims remained unverified by the company.

Kyowon Group January 14, 2026 • [ ransomware, service outage, data exfiltration ] Kyowon Group, a large South Korean conglomerate with major education/publishing and digital services operations, confirmed a ransomware incident after initially describing a suspected attack that caused service outages. In a follow-up update, the company stated the incident occurred in January around 10 a.m. and that an attacker exfiltrated data from its systems. Reporting cited Korean media indicating the event may have impacted a substantial portion of Kyowons infrastructure (roughly 600 of 800 servers) and that there are millions of registered accounts, though Kyowon said it was still determining whether stolen data included customer information. The company said it notified relevant authorities (including KISA), engaged security experts, and worked to restore services while conducting a detailed investigation into scope and data exposure.

Undisclosed Taiwanese healthcare organization #5 January 12, 2026 • [ ransomware, cyber intrusion, data exfiltration ] The CrazyHunter ransomware group conducted a cyber intrusion against a healthcare organization in Taiwan by exploiting application-layer access, resulting in unauthorized access and data exfiltration. Security reporting confirms the victim as one of multiple Taiwanese healthcare entities affected, though specific organizational details were not publicly disclosed.

Nissan Motor Corporation (Nissan Motor Co., Ltd.) January 10, 2026 • [ ransomware, data leak, extortion ] HackRead reported that the Everest ransomware group claimed it breached Nissan Motor Corporation and stole about 900GB of internal data. The article said the group posted the allegation on its leak site on January 10, 2026 and shared screenshots and directory listings suggesting access to internal operational documents, data extracts, and dealership-related records. Everest reportedly threatened to publish the data if Nissan did not respond within a set timeframe. Nissan had not publicly confirmed the claim at the time of reporting.

Cressi January 8, 2026 • [ ransomware, data leak, leak site ] Cybernews reported that the ransomware group Qilin claimed responsibility for an attack on Cressi, an Italian diving equipment manufacturer, by posting a ransom entry on its leak site on January 8, 2026. The report notes that at that stage it was unclear what data (if any) had been accessed or exfiltrated and that the group had not published data samples or set a countdown timer. As reported, the main confirmed indicator is the groups claim and listing on the leak site; independent confirmation of encryption, downtime, or data theft was not provided in the article.

Panera Bread January 7, 2026 • [ ransomware, data leak ] In January 2026, Panera Bread suffered a data breach that exposed 14M records. After an attempted extortion failed, the attackers published the data publicly, which included 5.1M unique email addresses along with associated account information such as names, phone numbers and physical addresses. Panera Bread subsequently confirmed that "the data involved is contact information" and that authorities were notified.

Metro Pet Vet January 7, 2026 • [ ransomware, data breach, technical difficulties ] A Lancaster County veterinary practice (Metro Pet Vet) reported it was hit by a ransomware attack after several days of technical issues. The office said Monday and Tuesday it experienced major technical difficulties, including its router stopping, and by Wednesday morning ransomware was detected and the practice lost access to its server. Staff reported they could not access pet vaccine and medication histories and had to operate like 40 years ago using paper while continuing to treat animals and relying on an app for scheduling. The practice stated no credit card or Social Security information was stored on the affected server, but client phone numbers and addresses were stored there, and it expected recovery work to continue into the following week.

Veenkoloniaal Museum (Veendam) January 7, 2026 • [ ransomware, unauthorized access, data theft ] The Veenkoloniaal Museum in Veendam experienced a ransomware incident discovered on January 7, 2026, in which the LockBit group gained unauthorized access to systems. Data was stolen and files were rendered inaccessible, affecting digital records and image archives. Individuals whose personal data was involved were notified. The museum restored systems from backups and declined to negotiate with the attackers.

Search Results (Ransomware)