ITO EN North America
December 6, 2024
•[ ransomware, malware, manufacturing ]
The Japanese corporation Ito En confirms that its U.S. subsidiary was hit with ransomware. The company is the largest producer of green tea in Japan and has subsidiaries in the U.S., Australia, China and Indonesia.
BT Group
December 4, 2024
•[ ransomware, technology ]
BT Group confirmed that its BT Conferencing services were impacted in a ransomware incident by Black Basta.
Muswellbrook Shire Council
December 4, 2024
•[ ransomware, data leak ]
On December 4 2024, Muswellbrook Shire Council (NSW, Australia) detected a ransomware attack by the SafePay group. The attack encrypted portions of internal servers and resulted in theft and dark-web publication of sensitive employee and resident information. Council systems were progressively restored; investigation ongoing as of February 2025.
Pembina Trails School Division
December 2, 2024
•[ ransomware, financial, leak ]
Canadian school division compromised by Rhysida ransomware Dec 2, 2024. Attack disrupted thousands of devices and exposed ~35,000+ student records and staff payroll/financial data. Group attempted $1.7M ransom before leaking stolen data on the dark web.
PIH Health
December 1, 2024
•[ ransomware, malware, healthcare ]
Threat actors claim they stole 17 million patient records from PIH Health, a southern California regional healthcare provider that is still struggling with IT and phone systems outages that have been disrupting patient care since the organization was hit by a ransomware attack on Dec. 1.
Sayanmoloko / Semyonishna Dairy Plant
December 1, 2024
•[ ransomware ]
The Sayanmoloko Semyonishna dairy plant in Khakassia, Russia, experienced a ransomware attack in December 2024 attributed to a LockBit variant. The attack encrypted labeling and tracking systems, hijacked printers to output anti-war leaflets, and disabled the company website while milk processing continued. Operations were restored within several days.
Port of Rijeka
November 30, 2024
•[ ransomware, financial, leak ]
The 8Base ransomware group hits Croatias Port of Rijeka, stealing sensitive data, including contracts and accounting info.
Krispy Kreme
November 29, 2024
•[ ransomware, malware, retail ]
US doughnut chain Krispy Kreme reveals it suffered a cyberattack in November that impacted portions of its business operations, including placing online orders. The Play ransomware gang claims responsibility for the attack.
Kurita America
November 29, 2024
•[ ransomware, malware, manufacturing ]
The U.S. subsidiary of Kurita Water, a Japanese water treatment company says ransomware actors have stolen data from systems and encrypted some servers.
Bologna Football Club 1909
November 29, 2024
•[ ransomware, leak ]
Bologna Football Club 1909 confirms it suffered a ransomware attack after its stolen data is leaked online by the RansomHub extortion group.
Stoli Group USA
November 29, 2024
•[ ransomware, malware, manufacturing ]
Stoli Group's U.S. companies file for bankruptcy following an August ransomware attack and Russian authorities seizing the company's remaining distilleries in the country.
Alder Hey Children’s Hospital
November 28, 2024
•[ ransomware, malware, healthcare ]
Alder Hey Childrens Hospital says it is investigating claims that its systems may have been breached and that patient records and other information was stolen, after the ransomware group INC Ransom adds Alder Hey to its leak site.
Alder Hey Children’s Hospital
November 28, 2024
•[ ransomware, data leak, healthcare ]
Alder Hey Childrens Hospital says it is investigating claims that its systems may have been breached and that patient records and other information was stolen, after the ransomware group INC Ransom adds Alder Hey to its leak site.
Refinadora Costarricense de Petróleo
November 27, 2024
•[ ransomware, malware, energy ]
Refinadora Costarricense de Petrleo (RECOPE), the state-owned energy provider for Costa Rica is hit with a ransomware attack, requiring the company to shift to manual operations and call in help from abroad.
City of Hoboken
November 27, 2024
•[ ransomware, malware, government ]
The city of Hoboken shuts down its government offices after an early morning ransomware attack caused widespread issues.
Fourlis Group (IKEA franchise operator)
November 27, 2024
•[ ransomware, data leak ]
A ransomware attack on November 27 2024 disrupted Fourlis Groups IT infrastructure supporting IKEA operations in Greece and other regional markets. The company reported that forensic investigators did not prove the leakage of personal data, confirming no verified exfiltration. The attack caused significant operational disruption, with reported recovery costs of approximately 20 million ( US $23 million) but no ransom payment.
Refinadora Costarricense de Petróleo
November 27, 2024
•[ ransomware, energy, critical infrastructure ]
Refinadora Costarricense de Petrleo (RECOPE), the state-owned energy provider for Costa Rica is hit with a ransomware attack, requiring the company to shift to manual operations and call in help from abroad.
Douglasville-Douglas County Water & Sewer Authority
November 26, 2024
•[ ransomware, data leak ]
The DouglasvilleDouglas County Water & Sewer Authority was targeted by the Lynx ransomware group on November 26 2024. Attackers claimed responsibility on a leak site on January 14 2025, later removed. The authority rebuilt and restored its systems with minimal data loss and reported no evidence of customer or employee data theft. Data exfiltration remains unconfirmed.
ENGlobal Corporation
November 25, 2024
•[ ransomware, malware, energy ]
ENGlobal Corporation, a major contractor for the energy industry confirms in a notice to regulators that it is dealing with a ransomware attack that has hindered operations.
Artivion
November 21, 2024
•[ ransomware, malware, manufacturing ]
Artivion, a leading manufacturer of heart surgery medical devices, discloses q ransomware attack that disrupted its operations and forced it to take some systems offline.
