MathWorks
May 18, 2025
•[ ransomware ]
MathWorks confirmed a ransomware attack starting May 18 that disrupted customer-facing services; the firm reported containment, FBI notification, and restoration of services by early June.
Union County (Ohio) government / county systems
May 18, 2025
•[ ransomware, malware, government ]
A ransomware attack on Union County, Ohios public administration systems led to both encryption and data exfiltration. Data was stolen from internal government databases containing personal, financial, and biometric records of 45,487 individuals. Approximately 12 systems were encrypted, causing partial disruption for several days. No ransomware group has claimed responsibility.
PDI Health
May 14, 2025
•[ ransomware, leak, malware ]
On May 14, 2025, PDI Health discovered a cyberattack when the Everest ransomware group infiltrated its internal systems and exfiltrated sensitive patient records. The group leaked samples and claimed responsibility on the dark web, revealing more than 373,000 records stolen. No evidence of encryption or service disruption was confirmed.
US Mortgage
May 13, 2025
•[ ransomware, unauthorized access, data breach ]
US Mortgage disclosed that an unauthorized third party gained access to a portion of its computer network in May 2025 in a ransomware event, and outside reporting tied the incident to SAFEPAY.
LockBit ransomware operation
May 7, 2025
•[ ransomware, data leak, deface ]
LockBits dark-web panels were defaced and a MySQL database dump with internal operational data was posted by an unknown actor.
WDEF-TV
May 6, 2025
•[ ransomware, data leak ]
WDEF Chattanooga TV station was listed by the Lynx ransomware group; actors posted sample HR/contract files while the station assessed impact.
West Lothian Council, Education Network
May 6, 2025
•[ ransomware, education ]
West Lothian Council reported a ransomware cyberattack affecting the education network; contingency plans kept schools open while systems were restored.
Zumpano Patricios (law firm)
May 6, 2025
•[ ransomware, data leak ]
SecurityWeek: HHS tracker shows >232k impacted at Cierant (Cleo file transfer/Cl0p) and ~280k at law firm Zumpano Patricios after May 6 intrusion with possible exfiltration.
Infinite Services (New York)
May 5, 2025
•[ ransomware, data leak ]
Employees could not log in on May 5; ransomware encryption interrupted by disconnecting power; investigation found one server accessed containing patient and employee PII/PHI; broad notifications sent out of caution.
Peruvian Government portal
May 5, 2025
•[ ransomware, data leak ]
Rhysida posted claims and alleged documents and demanded 5 BTC, but Perus government denied compromise of the federal platform; officials say only Piuras tax website had a separate March 29 cyber incident restored within 48 hours.
Liberty Township (Butler County)
May 5, 2025
•[ ransomware, data leak ]
The Liberty Township government in Butler County, Ohio, experienced a ransomware incident beginning May 5 2025 that encrypted internal systems and disrupted email and phone services. The SafePay ransomware group later claimed responsibility and said it had stolen and leaked about 48 GB of administrative and personnel information. Approximately 600 individuals were notified, and an FBI investigation remains ongoing.
R.C. Manubhai
May 1, 2025
•[ ransomware, data leak ]
Qilin ransomware listed Fijian hardware chain R.C. Manubhai on its leak site, sharing samples (passport scans, salary/loan data) and claiming broader exfiltration; victim confirmation not published at time of report.
Undisclosed financial institution (Asia)
May 1, 2025
•[ ransomware ]
Fog ransomware executed a May 2025 attack against an undisclosed financial institution in Asia, using Syteca (formerly Ekran) and open-source tools GC2, Adaptix, and Stowaway prior to encryption. Symantec confirmed operational disruption but did not report data theft or quantify downtime.
Doctors Hospital Cayman Islands
April 28, 2025
•[ ransomware ]
On April 28 2025, Doctors Hospital in the Cayman Islands contained a ransomware incident that encrypted portions of its administrative IT environment. The hospital reported that its patient-record platform, hosted on a separate proprietary system, was unaffected. Operations continued with minimal disruption, and no evidence of data exfiltration was found.
Pike County (via Ohio Valley Technologies)
April 28, 2025
•[ ransomware, malware, government ]
Third-party ransomware attack via OVT disclosed April 28 2025. Resulted in unauthorized access and exfiltration of Pike Countys sensitive data for over 33,000 individuals. No encryption of county systems was reported.
Epicentr K
April 28, 2025
•[ ransomware ]
On April 28 2025, Ukraines largest home improvement retailer Epicentr K suffered a ransomware attack that fully encrypted servers and back-office systems, taking down cash registers, accounting, and logistics across its nationwide network. Operations were halted for at least 24 hours before gradual restoration began. No data theft has been confirmed, and the attacker remains unidentified.
Iowa County Government
April 28, 2025
•[ ransomware ]
Iowa County detected ransomware on April 28, 2025 and took systems offline; officials confirmed ransomware and issued public notices during recovery.
Biopharma Company, Hinjewadi (Pune)
April 27, 2025
•[ ransomware, data leak ]
A ransomware attack discovered on April 27 2025 disrupted a biopharmaceutical company in Hinjewadi (Pune) after an unknown actor accessed internal servers, exfiltrated and encrypted data, and demanded USD 80,000 for decryption; the incident affected 15 on-premises research systems and is under investigation by Pune Cyber Cell.
Juan F. Luis Hospital
April 26, 2025
•[ ransomware, vulnerability ]
Ransomware accessed two local servers via an overlooked vulnerability and forced the hospital into prolonged downtime, manual workflows, and a wholesale technology rebuild. CEO reports weekly cash flow impact of $750k$800k due to delayed electronic billing yet maintains no patient or staff data was stolen; operations gradually restored as systems returned.
