Search Results for "Ransomware"

Elecq March 7, 2026 • [ ransomware, data breach, cloud security ] Fleet World reported that EV charging solutions provider Elecq suffered a ransomware attack on its AWS cloud platform discovered on March 7, 2026 after unusual activity. A notice to customers said compromised information included customer names, email addresses, phone numbers, home addresses, and location data. The company stated that no payment/financial information was accessed and that the physical charging devices were not affected and remained secure and operational.

Soreco March 5, 2026 • [ ransomware, data theft, extortion ] Swiss business software provider Soreco confirmed it was hit by a ransomware attack. The Bravox group claimed responsibility on its leak site and asserted it stole roughly 118.2 GB of Soreco data while attempting to extort the company. Soreco told media that operational impact was minimal and that it did not intend to pay the ransom. Public reporting did not specify the intrusion vector, affected systems, or whether any data was published at the time of reporting.

AkzoNobel March 3, 2026 • [ ransomware, data leak, internal correspondence ] AkzoNobel confirmed a security incident at one of its U.S. sites after the Anubis ransomware group published a partial leak. AkzoNobel stated the incident was contained and limited to the affected site. The leak samples described in reporting included confidential client agreements, internal email correspondence, technical specification sheets, material testing documents, and contact data such as email addresses and phone numbers, as well as passport scans.

Denmark School District March 1, 2026 • [ ransomware, cyber incident, connectivity outage ] Reporting stated the Denmark School District in Denmark, Wisconsin, lost internet access for five school days due to a cyber incident, forcing paper-based workarounds. DataBreaches noted a ransomware tracking site listed the district domain as a claimed victim by INC Ransom with a discovery date of March 1, 2026, but emphasized that listing alone is not confirmation of ransomware or data theft. The confirmed primary effect described is a weeklong connectivity outage impacting school operations.

Undisclosed Russian company March 1, 2026 • [ ransomware, cyber warfare, pro-Ukrainian group ] A pro-Ukrainian group known as Bearlyfy used GenieLocker ransomware against an undisclosed Russian company as part of a broader campaign targeting Russian firms.

Wilhelmsen Ship Management (Norway) AS February 27, 2026 • [ ransomware, data leak, operational disruption ] A ransomware incident affected systems on a single Wilhelmsen-managed ship and disrupted that vessels operations. Later reporting said passport and next-of-kin information relating to personnel on that ship was also compromised.

Wagon Mound Public Schools February 27, 2026 • [ ransomware, virus, extortion ] Wagon Mound Public Schools said a virus infected its systems and shut down access across the network, and later outside reporting tied the incident to an Interlock ransomware extortion claim alleging theft of 80 GB of staff and student data.

Ngong Ping 360 February 26, 2026 • [ ransomware, data breach, internal network compromise ] Ngong Ping 360 said an attacker stole personal data from its internal network and made a ransom demand. The company said the affected network was separate from cable car operations and electronic payment systems.

Peak Software Systems February 26, 2026 • [ ransomware, service outage, payment processing ] Peak Software Systems said attackers encrypted parts of its infrastructure and disrupted the Sportsman recreation-registration platform, causing outages in online signups, rentals, and some payment processing for customer cities.

Undisclosed Middle East entity February 24, 2026 • [ ransomware, cyberattack, data breach ] Symantec and Carbon Black linked Lazarus to a Medusa ransomware attack against an undisclosed Middle East entity; the same reporting noted an unsuccessful attempt against a U.S. healthcare organization, which is not coded here as a successful event.

Local 100 chapter of the Transport Workers Union of America February 24, 2026 • [ ransomware, data leak, identity theft ] SC Media reported that Qilin claimed to have breached TWU Local 100 (NYC transit union) and published stolen data on its leak site, putting over 41,000 active transit workers and 26,000 retirees at risk of identity theft. The report notes Qilin did not specify how much data was taken, but highlighted that the union retains sensitive employee information such as contact details, salary information, job titles, medical and insurance benefits, and retirement/pension planning information. The report frames the incident as a ransomware groups breach claim with a presumed data-theft/extortion outcome.

An undisclosed U.S. healthcare organization February 24, 2026 • [ ransomware, healthcare, encryption ] Beazley Security and Halcyon reported that Pay2Key maintained access to a compromised administrative account at an undisclosed U.S. healthcare organization for several days before deploying ransomware in late February 2026 and encrypting the environment within three hours; no data exfiltration or ransom demand was reported.

University of Mississippi Medical Center (UMMC) February 20, 2026 • [ ransomware, operational disruption, healthcare ] UMMC reported a ransomware attack triggered its emergency operations plan and forced it to cancel all clinic appointments and elective procedures at locations statewide while it assessed the intrusion and worked to restore systems. Public reporting described broad impacts to phone and electronic systems and significant disruption to patient care workflows, with staff reverting to manual processes. UMMC stated it was working with federal authorities (including the FBI) and external experts to investigate scope and recover operations; reporting at the time did not confirm whether patient data was exfiltrated, but the primary confirmed effect was major operational disruption across the health system.

Scholengemeenschap Bonaire (SGB) February 20, 2026 • [ ransomware, phishing, data theft ] Antilliaans Dagblad reported that Scholengemeenschap Bonaire (SGB) was hit by an international ransomware attack, discovered internally after multiple servers failed to start. Europol reportedly informed police about the broader international attack around the same time. Initial analysis indicated one data server used mainly for archive files was infected, and a relatively small portion of data on that server was stolen; investigators were assessing whether the stolen archive files included personal data. SGB said regular education operations were not impacted because key systems ran in a secured cloud environment (including student/admin platforms and Microsoft Office), and it stated usernames/passwords were not stolen. The school reported filing a police report and notifying the BES data protection oversight body, and required staff and students to change passwords and remain vigilant for phishing.

Advantest Corporation February 19, 2026 • [ ransomware, unauthorized access, incident response ] Advantest disclosed it detected unusual activity in its IT environment on February 15, 2026 (JST) and activated incident response, isolating affected systems and engaging external cybersecurity experts. Preliminary findings indicated an unauthorized third party may have accessed parts of the companys network and deployed ransomware. Advantest stated the investigation was ongoing and it had not yet confirmed whether customer or employee data was affected; it said it would notify impacted persons if data exposure is confirmed. The public reporting focused on containment and restoration actions and did not describe prolonged manufacturing shutdowns or downstream customer impacts.

Fundação Getúlio Vargas February 19, 2026 • [ ransomware, data-extortion, data leak ] TecMundo reported that ransomware/data-extortion group Dragonforce listed Fundao Getulio Vargas (FGV) as a purported victim and claimed a compromise of 1.52 TB of data, posting images of documents as proof and setting a countdown (typical extortion deadline) for publication if ransom is not paid. TecMundo said it reviewed sample documents that appeared to include internship registration forms, personnel/event records, and project proposals. FGV responded that it had experienced service/provider instability that was resolved and that it had no confirmation of system intrusion or data exfiltration, stating that anonymous dark web postings were not proof.

North Ferry Company February 18, 2026 • [ ransomware, operational disruption, payment system ] An editorial in the Riverhead News-Review stated that North Ferry Companys payment system froze under a ransomware attack the prior week, preventing customers from paying online while the FBI and U.S. Secret Service investigated. The piece uses the incident to argue local governments and businesses on Long Islands North Fork should treat ransomware as a recurring risk, referencing earlier attacks such as Southold Towns pre-Thanksgiving ransomware disruption. The editorial does not provide the exact attack date, ransomware group, access vector, or whether any data was stolen, but it describes a confirmed operational disruption to the ferry companys payment system consistent with ransomware.

Mercer Advisors February 16, 2026 • [ cybersecurity breach, ransomware, data leak ] Wealth Management reported a class action lawsuit alleging Mercer Advisors suffered a cybersecurity breach around Feb. 16, 2026 carried out by ShinyHunters. The complaint said ShinyHunters demanded ransom within 48 hours and threatened to leak roughly 5.7 million client records; after Mercer refused to pay, the group published the stolen information. The article states the leaked data includes names, Social Security numbers, and other personal information, raising risks of identity theft, fraud, and highly targeted phishing/social engineering. The report also mentions ShinyHunters targeting other wealth firms, but the primary record is the Mercer breach and alleged publication of client data.

BridgePay Network Solutions (vendor) impacting City of Marietta online payments February 15, 2026 • [ ransomware, third-party risk, payment processing outage ] City officials said Mariettas inability to process some online credit card payments was caused by a nationwide ransomware incident at BridgePay Network Solutions, one of the citys online payment gateway providers. The city stated its own systems and data were not compromised, but the vendor outage disrupted payment processing for municipal services. Officials worked to stand up a secure alternative solution while the vendor coordinated response with federal authorities and incident-response partners.

Washington Hotel chain (Fujita Kanko) February 13, 2026 • [ ransomware, unauthorized access, point-of-sale system issues ] A ransomware incident impacted the Washington Hotel chain in Japan, with Fujita Kanko reporting that unauthorized access to some servers was detected on February 13, 2026. The company said it took protective measures to cut off attacker access, formed an internal task force, and engaged police and outside cybersecurity experts. The company confirmed unauthorized access to business data on servers, while stating customer information tied to the external Washington Net system was believed unaffected at the time. Some hotels experienced point-of-sale system issues, but the company reported no major business disruption overall.

Search Results (Ransomware)