Otjiwarongo Municipality
July 17, 2025
•[ ransomware ]
Namibian Sun reports Otjiwarongo Municipality was hit by a cyberattack and a ransom was demanded, impacting services.
Cookeville Regional Medical Center (CRMC)
July 16, 2025
•[ ransomware ]
Local paper confirms ransomware at CRMC; hospital switched to downtime procedures while responding to the incident.
Albemarle County, Virginia
July 15, 2025
•[ ransomware, data leak ]
Albemarle County said a specific ransomware group was responsible for a July attack that disrupted services and potentially accessed internal records.
Crenshaw Community Hospital
July 14, 2025
•[ ransomware, data leak ]
Ransomware group PayoutsKing claimed responsibility for a July 14 2025 attack on Crenshaw Community Hospital, exfiltrating approximately 53 GB of data; encryption was not confirmed.
WineLab (Novabev Group)
July 14, 2025
•[ ransomware ]
Ransomware attack shutdown 2041 WineLab stores and online services across Russia.
Seoul Guarantee Insurance (SGI)
July 14, 2025
•[ ransomware ]
Ransomware attack began early Monday; joint investigation confirmed ransomware; SGI core systems offline for third day, causing widespread confusion.
Nymburk Hospital
July 8, 2025
•[ ransomware, extortion ]
Czech police investigating a cyberattack on Nymburk Hospital including extortion elements; disruption reported.
Woodlawn Health
July 5, 2025
•[ ransomware, malware, healthcare ]
Woodlawn Health in Rochester, Indiana suffered a ransomware attack starting July 5, 2025, which encrypted systems and disrupted clinical and administrative operations. Systems were gradually restored, and officials confirmed that some patient care was impacted. Investigations continue into whether personal or medical data was exfiltrated.
Avantic Medical Lab
July 3, 2025
•[ ransomware, data leak ]
Everest listed the lab June 10 and leaked 31 GB of patient files on July 3; contents include PHI, EOB files, and some financial details.
Ingram Micro
July 3, 2025
•[ ransomware ]
SafePay ransomware attack on Ingram Micro shut down internal systems, website, and online ordering systems.
Deutsche Welthungerhilfe (WHH)
July 2, 2025
•[ ransomware, data leak ]
RaaS group listed WHH and offered stolen data for sale; WHH shut down affected systems, involved police and DPA, and refused to pay.
Accu Reference Medical Laboratory
July 1, 2025
•[ ransomware, data leak ]
Qilin listed Accu Reference on July 10 claiming they acquired data on July 1; screenshots display unredacted PHI; encryption not indicated.
MPOWERHealth
June 29, 2025
•[ ransomware, leak, hack ]
WorldLeaks, a criminal ransomware group, claimed responsibility for a June 29, 2025 cyberattack on MPOWERHealth in Addison, Texas. The attackers exfiltrated roughly 1.5 TB of data (over 1.6 million files), including PHI, insurance claims, internal documents, login credentials, and cyber-insurance records. While negotiations began, the company ceased responding, after which WorldLeaks leaked the stolen files. Reports indicate data theft and exposure but no confirmed operational outage.
Radix (Swiss government IT service provider)
June 25, 2025
•[ ransomware, data leak ]
Swiss IT provider Radix suffered a ransomware intrusion by the Sarcoma group around June 25 2025; attackers exfiltrated ~1.3 TB of Swiss federal data, encrypted internal systems, and leaked the files online; NCSC confirmed no direct intrusion into federal networks.
United Australia Party (and Trumpet of Patriots)
June 23, 2025
•[ ransomware, data leak ]
Political parties confirmed ransomware on June 23 with possible exfiltration of all emails and documents; parties stated it is impracticable to notify individuals.
Operation Endgame 2.0
June 23, 2025
•[ ransomware, malware, government ]
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.
Netstar
June 23, 2025
•[ leak, ransomware ]
Data details undisclosed publicly; breach confirmed as involving data leak following refusal to pay ransom.
Compumedics Limited
June 18, 2025
•[ ransomware, data leak ]
Australian med-tech firm Compumedics reported a ransomware attack that resulted in exfiltration of data affecting approximately 318,000 individuals.
Ministry of Health (Tonga)
June 15, 2025
•[ ransomware, data leak ]
Ransomware attack beginning June 15 2025 by INC exploited an unpatched web-facing application server in Tongas National Health Information System, enabling data exfiltration and subsequent encryption of Ministry servers. About 70,000 patient records and 300 GB of data were leaked; operations restored by July 18 2025 with international assistance.
Siloking Mayer Maschinenbau GmbH
June 15, 2025
•[ ransomware, production halt, emergency mode ]
Siloking Mayer Maschinenbau GmbH was affected by a ransomware attack by Qilin that halted production for several days and forced systems onto emergency mode before restoration.
