Search Results for "ransomware"

Wagon Mound Public Schools February 27, 2026 • [ ransomware, virus, extortion ] Wagon Mound Public Schools said a virus infected its systems and shut down access across the network, and later outside reporting tied the incident to an Interlock ransomware extortion claim alleging theft of 80 GB of staff and student data.

Wilhelmsen Ship Management (Norway) AS February 27, 2026 • [ ransomware, data leak, operational disruption ] A ransomware incident affected systems on a single Wilhelmsen-managed ship and disrupted that vessels operations. Later reporting said passport and next-of-kin information relating to personnel on that ship was also compromised.

Peak Software Systems February 26, 2026 • [ ransomware, service outage, payment processing ] Peak Software Systems said attackers encrypted parts of its infrastructure and disrupted the Sportsman recreation-registration platform, causing outages in online signups, rentals, and some payment processing for customer cities.

Ngong Ping 360 February 26, 2026 • [ ransomware, data breach, internal network compromise ] Ngong Ping 360 said an attacker stole personal data from its internal network and made a ransom demand. The company said the affected network was separate from cable car operations and electronic payment systems.

An undisclosed U.S. healthcare organization February 24, 2026 • [ ransomware, healthcare, encryption ] Beazley Security and Halcyon reported that Pay2Key maintained access to a compromised administrative account at an undisclosed U.S. healthcare organization for several days before deploying ransomware in late February 2026 and encrypting the environment within three hours; no data exfiltration or ransom demand was reported.

Local 100 chapter of the Transport Workers Union of America February 24, 2026 • [ ransomware, data leak, identity theft ] SC Media reported that Qilin claimed to have breached TWU Local 100 (NYC transit union) and published stolen data on its leak site, putting over 41,000 active transit workers and 26,000 retirees at risk of identity theft. The report notes Qilin did not specify how much data was taken, but highlighted that the union retains sensitive employee information such as contact details, salary information, job titles, medical and insurance benefits, and retirement/pension planning information. The report frames the incident as a ransomware groups breach claim with a presumed data-theft/extortion outcome.

Undisclosed Middle East entity February 24, 2026 • [ ransomware, cyberattack, data breach ] Symantec and Carbon Black linked Lazarus to a Medusa ransomware attack against an undisclosed Middle East entity; the same reporting noted an unsuccessful attempt against a U.S. healthcare organization, which is not coded here as a successful event.

Scholengemeenschap Bonaire (SGB) February 20, 2026 • [ ransomware, phishing, data theft ] Antilliaans Dagblad reported that Scholengemeenschap Bonaire (SGB) was hit by an international ransomware attack, discovered internally after multiple servers failed to start. Europol reportedly informed police about the broader international attack around the same time. Initial analysis indicated one data server used mainly for archive files was infected, and a relatively small portion of data on that server was stolen; investigators were assessing whether the stolen archive files included personal data. SGB said regular education operations were not impacted because key systems ran in a secured cloud environment (including student/admin platforms and Microsoft Office), and it stated usernames/passwords were not stolen. The school reported filing a police report and notifying the BES data protection oversight body, and required staff and students to change passwords and remain vigilant for phishing.

University of Mississippi Medical Center (UMMC) February 20, 2026 • [ ransomware, operational disruption, healthcare ] UMMC reported a ransomware attack triggered its emergency operations plan and forced it to cancel all clinic appointments and elective procedures at locations statewide while it assessed the intrusion and worked to restore systems. Public reporting described broad impacts to phone and electronic systems and significant disruption to patient care workflows, with staff reverting to manual processes. UMMC stated it was working with federal authorities (including the FBI) and external experts to investigate scope and recover operations; reporting at the time did not confirm whether patient data was exfiltrated, but the primary confirmed effect was major operational disruption across the health system.

Fundação Getúlio Vargas February 19, 2026 • [ ransomware, data-extortion, data leak ] TecMundo reported that ransomware/data-extortion group Dragonforce listed Fundao Getulio Vargas (FGV) as a purported victim and claimed a compromise of 1.52 TB of data, posting images of documents as proof and setting a countdown (typical extortion deadline) for publication if ransom is not paid. TecMundo said it reviewed sample documents that appeared to include internship registration forms, personnel/event records, and project proposals. FGV responded that it had experienced service/provider instability that was resolved and that it had no confirmation of system intrusion or data exfiltration, stating that anonymous dark web postings were not proof.

Advantest Corporation February 19, 2026 • [ ransomware, unauthorized access, incident response ] Advantest disclosed it detected unusual activity in its IT environment on February 15, 2026 (JST) and activated incident response, isolating affected systems and engaging external cybersecurity experts. Preliminary findings indicated an unauthorized third party may have accessed parts of the companys network and deployed ransomware. Advantest stated the investigation was ongoing and it had not yet confirmed whether customer or employee data was affected; it said it would notify impacted persons if data exposure is confirmed. The public reporting focused on containment and restoration actions and did not describe prolonged manufacturing shutdowns or downstream customer impacts.

Telecare Corporation February 19, 2026 • [ ransomware, data leak, healthcare ] Qilin claimed responsibility for an attack on Telecare Corporation on February 19, 2026 and threatened to release sensitive healthcare data unless negotiations began. DataBreach indexed 275,644 rows and listed exposed fields including Social Security numbers, dates of birth, email addresses, phone numbers, names, and street addresses. Public reporting did not confirm encryption, data destruction, attacker-caused operational disruption, or the exact intrusion vector.

Del Monte Foods February 19, 2026 • [ ransomware, data leak ] PayoutsKING claimed responsibility for an attack on Del Monte Foods, with Ransomware.live listing an estimated attack date of February 19, 2026 and discovery on April 30, 2026. Breachsense reported a 1.2TB leak size, while DataBreach indexed approximately 143,000 rows. Public reporting did not confirm encryption, data destruction, attacker-caused operational disruption, or the exact exposed data fields.

North Ferry Company February 18, 2026 • [ ransomware, operational disruption, payment system ] An editorial in the Riverhead News-Review stated that North Ferry Companys payment system froze under a ransomware attack the prior week, preventing customers from paying online while the FBI and U.S. Secret Service investigated. The piece uses the incident to argue local governments and businesses on Long Islands North Fork should treat ransomware as a recurring risk, referencing earlier attacks such as Southold Towns pre-Thanksgiving ransomware disruption. The editorial does not provide the exact attack date, ransomware group, access vector, or whether any data was stolen, but it describes a confirmed operational disruption to the ferry companys payment system consistent with ransomware.

Mercer Advisors February 16, 2026 • [ cybersecurity breach, ransomware, data leak ] Wealth Management reported a class action lawsuit alleging Mercer Advisors suffered a cybersecurity breach around Feb. 16, 2026 carried out by ShinyHunters. The complaint said ShinyHunters demanded ransom within 48 hours and threatened to leak roughly 5.7 million client records; after Mercer refused to pay, the group published the stolen information. The article states the leaked data includes names, Social Security numbers, and other personal information, raising risks of identity theft, fraud, and highly targeted phishing/social engineering. The report also mentions ShinyHunters targeting other wealth firms, but the primary record is the Mercer breach and alleged publication of client data.

BridgePay Network Solutions (vendor) impacting City of Marietta online payments February 15, 2026 • [ ransomware, third-party risk, payment processing outage ] City officials said Mariettas inability to process some online credit card payments was caused by a nationwide ransomware incident at BridgePay Network Solutions, one of the citys online payment gateway providers. The city stated its own systems and data were not compromised, but the vendor outage disrupted payment processing for municipal services. Officials worked to stand up a secure alternative solution while the vendor coordinated response with federal authorities and incident-response partners.

Washington Hotel chain (Fujita Kanko) February 13, 2026 • [ ransomware, unauthorized access, point-of-sale system issues ] A ransomware incident impacted the Washington Hotel chain in Japan, with Fujita Kanko reporting that unauthorized access to some servers was detected on February 13, 2026. The company said it took protective measures to cut off attacker access, formed an internal task force, and engaged police and outside cybersecurity experts. The company confirmed unauthorized access to business data on servers, while stating customer information tied to the external Washington Net system was believed unaffected at the time. Some hotels experienced point-of-sale system issues, but the company reported no major business disruption overall.

Werkstatt Bremen February 12, 2026 • [ ransomware, cyberattack ] Following a cyberattack on a municipal company in Bremen , the IT systems of the police evidence unit were also affected. The public prosecutor's office is investigating, a spokesperson said, confirming reports from Radio Bremen and the "Weser Kurier." The attack involved ransomware.

An undislosed organization February 11, 2026 • [ ransomware, persistence, evasion ] BleepingComputer reported that a member of the Crazy ransomware gang abused legitimate employee monitoring software and the SimpleHelp remote support tool to maintain persistence, evade detection, and prepare for ransomware deployment in victim networks.

York City February 10, 2026 • [ ransomware, cyberattack, ransom payment ] Reporting summarized in secondary coverage stated that York Citys cyberattack (described as a major incident that crippled the citys digital infrastructure) led to a $500,000 ransom payment made by the citys insurance company to overseas hackers, according to a former mayor. The report described the payment as roughly half of the initial demand and framed it as necessary to regain control of systems.

Search Results (ransomware)