Peruvian Government portal
May 5, 2025
•[ ransomware, data leak ]
Rhysida posted claims and alleged documents and demanded 5 BTC, but Perus government denied compromise of the federal platform; officials say only Piuras tax website had a separate March 29 cyber incident restored within 48 hours.
Liberty Township (Butler County)
May 5, 2025
•[ ransomware, data leak ]
The Liberty Township government in Butler County, Ohio, experienced a ransomware incident beginning May 5 2025 that encrypted internal systems and disrupted email and phone services. The SafePay ransomware group later claimed responsibility and said it had stolen and leaked about 48 GB of administrative and personnel information. Approximately 600 individuals were notified, and an FBI investigation remains ongoing.
Infinite Services (New York)
May 5, 2025
•[ ransomware, data leak ]
Employees could not log in on May 5; ransomware encryption interrupted by disconnecting power; investigation found one server accessed containing patient and employee PII/PHI; broad notifications sent out of caution.
R.C. Manubhai
May 1, 2025
•[ ransomware, data leak ]
Qilin ransomware listed Fijian hardware chain R.C. Manubhai on its leak site, sharing samples (passport scans, salary/loan data) and claiming broader exfiltration; victim confirmation not published at time of report.
Undisclosed financial institution (Asia)
May 1, 2025
•[ ransomware ]
Fog ransomware executed a May 2025 attack against an undisclosed financial institution in Asia, using Syteca (formerly Ekran) and open-source tools GC2, Adaptix, and Stowaway prior to encryption. Symantec confirmed operational disruption but did not report data theft or quantify downtime.
Pike County (via Ohio Valley Technologies)
April 28, 2025
•[ ransomware, malware, government ]
Third-party ransomware attack via OVT disclosed April 28 2025. Resulted in unauthorized access and exfiltration of Pike Countys sensitive data for over 33,000 individuals. No encryption of county systems was reported.
Iowa County Government
April 28, 2025
•[ ransomware ]
Iowa County detected ransomware on April 28, 2025 and took systems offline; officials confirmed ransomware and issued public notices during recovery.
Epicentr K
April 28, 2025
•[ ransomware ]
On April 28 2025, Ukraines largest home improvement retailer Epicentr K suffered a ransomware attack that fully encrypted servers and back-office systems, taking down cash registers, accounting, and logistics across its nationwide network. Operations were halted for at least 24 hours before gradual restoration began. No data theft has been confirmed, and the attacker remains unidentified.
Doctors Hospital Cayman Islands
April 28, 2025
•[ ransomware ]
On April 28 2025, Doctors Hospital in the Cayman Islands contained a ransomware incident that encrypted portions of its administrative IT environment. The hospital reported that its patient-record platform, hosted on a separate proprietary system, was unaffected. Operations continued with minimal disruption, and no evidence of data exfiltration was found.
Biopharma Company, Hinjewadi (Pune)
April 27, 2025
•[ ransomware, data leak ]
A ransomware attack discovered on April 27 2025 disrupted a biopharmaceutical company in Hinjewadi (Pune) after an unknown actor accessed internal servers, exfiltrated and encrypted data, and demanded USD 80,000 for decryption; the incident affected 15 on-premises research systems and is under investigation by Pune Cyber Cell.
Hitachi Vantara
April 26, 2025
•[ ransomware, data leak ]
Akira ransomware infiltrated Hitachi Vantaras internal network, stealing corporate data and encrypting parts of its IT environment, prompting incident response and system restoration efforts.
Juan F. Luis Hospital
April 26, 2025
•[ ransomware, vulnerability ]
Ransomware accessed two local servers via an overlooked vulnerability and forced the hospital into prolonged downtime, manual workflows, and a wholesale technology rebuild. CEO reports weekly cash flow impact of $750k$800k due to delayed electronic billing yet maintains no patient or staff data was stolen; operations gradually restored as systems returned.
Kintetsu World Express
April 23, 2025
•[ ransomware ]
Ransomware attack discovered April 23 2025 disrupted logistics processing across multiple global offices of Kintetsu World Express; several servers and workstations were encrypted, delaying shipments and customs documentation; no data theft confirmed.
Aigües de Mataró
April 21, 2025
•[ ransomware ]
Ransomware encrypted Aiges de Matars corporate servers on April 21 2025, taking the website offline and delaying customer services. The utility reported no evidence of data exfiltration; water service and quality remained unaffected. No actor has claimed responsibility.
Aigües de Mataró
April 21, 2025
•[ ransomware, encryption, service disruption ]
Ransomware encrypted Aiges de Matars corporate servers on April 21 2025, taking the website offline and delaying customer services. The utility reported no evidence of data exfiltration; water service and quality remained unaffected. No actor has claimed responsibility.
City of Abilene
April 18, 2025
•[ ransomware, data leak ]
On April 18 2025, the City of Abilene, Texas, detected unresponsive servers and shut down affected systems. Reports state certain systems were taken offline and none of the card systems at government offices were working; emergency services remained up and running. The Qilin ransomware group later claimed responsibility; roughly 477 GB of data were reported stolen and some data encrypted/deleted.
Pierce County Library System
April 15, 2025
•[ ransomware, data leak, service disruption ]
The Record reported that the Pierce County Library System discovered a cybersecurity incident on April 21, 2025 that forced it to shut down all systems, with an investigation later finding attackers had access between April 15 and April 21. By May 12, the library confirmed hackers breached systems and stole information on both patrons and current/former employees, and later breach notifications indicated more than 340,000 people were impacted. The report stated the INC ransomware gang claimed the attack in May, and the combination of service shutdown and confirmed data theft supports a mixed event involving disruption and data compromise.
Hamilton County Sheriff’s Office
April 14, 2025
•[ ransomware, data leak ]
Ransomware attack by the Qilin group encrypted internal systems and took the Hamilton County (Tennessee) Sheriffs Office website offline; attackers demanded $300,000 and claimed data theft, but no exfiltration has been verified; systems fully restored by early May 2025.
Hamilton County Sheriff’s Office
April 14, 2025
•[ ransomware, data theft, extortion ]
Ransomware attack by the Qilin group encrypted internal systems and took the Hamilton County (Tennessee) Sheriffs Office website offline; attackers demanded $300,000 and claimed data theft, but no exfiltration has been verified; systems fully restored by early May 2025.
CMC Corporation
April 12, 2025
•[ ransomware, data leak ]
Ransomware group Crypto24 carried out a double-extortion attack against Vietnam-based CMC Corporation on April 12, 2025, exfiltrating roughly 2 TB of internal data and encrypting subsidiary servers for less than one day.
