Institute Ruđer Bošković (administrative/professional services IT)
July 31, 2025
•[ ransomware, education ]
IRB was hit by a ransomware attack on July 31, 2025 via Microsoft SharePoint ToolShell vulnerabilities; administrative/professional services systems were encrypted. IRB refused to pay, isolated affected segments, and restored from backups by Aug 8; later updates confirmed full service restoration and no evidence of data exfiltration.
Undisclosed Russian pharmacy chains
July 31, 2025
•[ ransomware ]
The Record reports multiple Russian pharmacies were shut down due to a cyberattack disrupting operations and payment/services.
Mailchimp
July 31, 2025
•[ ransomware, data leak ]
Everest ransomware group claimed a small breach of Mailchimp systems, sharing limited details; no disruption reported.
Herbapol Lublin S.A.
July 31, 2025
•[ ransomware ]
Polish trade press reports cyberattack on Herbapol Lublin with a ransom demand; operational interruptions mentioned.
99 Cents Only Stores (data linked to Dollar Tree acquisition context)
July 30, 2025
•[ ransomware, data leak ]
HackRead reports INC claimed 1.2TB of Dollar Tree data; company statements elsewhere indicate samples match data tied to defunct 99 Cents Only Stores.
Belk, Inc.
July 29, 2025
•[ ransomware ]
Ransomware group INC claimed an attack on Belk; the retailer's confirmation and scope had not been disclosed at report time.
Albavision (Albavisión)
July 28, 2025
•[ ransomware, data leak, business disruption ]
GlobalGroup ransomware group alleged breach and data theft at media giant Albavision affecting broadcast operations, with data samples posted.
Gloucester County, Virginia
July 27, 2025
•[ ransomware ]
Gloucester County reported responding to a ransomware attack that impacted county systems and public access to some services.
Curaçao Tax & Customs Administration
July 24, 2025
•[ ransomware, malware, government ]
Ransomware attack on July 24, 2025 encrypted and paralyzed systems of Curaaos Tax & Customs Administration, disabling counters, phone lines, and internal operations. Online tax filing remained active. Services restored by August 4. No perpetrator identified; no data exfiltration reported.
Curaçao Tax & Customs Administration
July 24, 2025
•[ ransomware, operational disruption, government ]
Ransomware attack on July 24, 2025 encrypted and paralyzed systems of Curaaos Tax & Customs Administration, disabling counters, phone lines, and internal operations. Online tax filing remained active. Services restored by August 4. No perpetrator identified; no data exfiltration reported.
Schools in Shropshire (11 schools)
July 21, 2025
•[ ransomware ]
Local council committee informed that a ransomware cyberattack impacted 11 schools in Shropshire.
Palo Alto Networks (investigator)
July 17, 2025
•[ ransomware, malware, technology ]
Ransomware deployment (4L4MD4R) via exploitation of Microsoft SharePoint ToolShell vulnerabilities; attackers disabled defenses, bypassed certificate validation, and encrypted files; ransom note threatened deletion upon decryption attempts.
Mower County (Minnesota)
July 17, 2025
•[ ransomware ]
Mower County reported restoration progress following a ransomware incident that disrupted county services for roughly two weeks.
Otjiwarongo Municipality
July 17, 2025
•[ ransomware ]
Namibian Sun reports Otjiwarongo Municipality was hit by a cyberattack and a ransom was demanded, impacting services.
Cookeville Regional Medical Center (CRMC)
July 16, 2025
•[ ransomware ]
Local paper confirms ransomware at CRMC; hospital switched to downtime procedures while responding to the incident.
Albemarle County, Virginia
July 15, 2025
•[ ransomware, data leak ]
Albemarle County said a specific ransomware group was responsible for a July attack that disrupted services and potentially accessed internal records.
WineLab (Novabev Group)
July 14, 2025
•[ ransomware ]
Ransomware attack shutdown 2041 WineLab stores and online services across Russia.
Seoul Guarantee Insurance (SGI)
July 14, 2025
•[ ransomware ]
Ransomware attack began early Monday; joint investigation confirmed ransomware; SGI core systems offline for third day, causing widespread confusion.
Crenshaw Community Hospital
July 14, 2025
•[ ransomware, data leak ]
Ransomware group PayoutsKing claimed responsibility for a July 14 2025 attack on Crenshaw Community Hospital, exfiltrating approximately 53 GB of data; encryption was not confirmed.
Nymburk Hospital
July 8, 2025
•[ ransomware, extortion ]
Czech police investigating a cyberattack on Nymburk Hospital including extortion elements; disruption reported.
