Leduc County
December 25, 2025
•[ ransomware, cybersecurity incident, IT systems outage ]
Leduc County in Alberta reported that it became aware on December 25, 2025 of a deliberate cybersecurity incident later identified as a ransomware attack. The county said the activity disabled some of its IT systems, and that other systems were proactively taken offline during an ongoing forensic investigation and recovery. Reporting noted that law enforcement and key stakeholders (including insurance and banking providers) were notified. Public reporting did not specify confirmed data theft, the number of affected endpoints, or a restoration date.
Romanian Waters (Administrația Națională Apele Române)
December 20, 2025
•[ ransomware ]
Romanias national water authority, Romanian Waters, suffered a ransomware incident that began on December 20, 2025 and disrupted IT services across the organization. Romanias National Cyber Security Directorate (DNSC) reported the event affected approximately 1,000 computer systems, including workstations, email services, and web servers, and spread from the main office to 10 of 11 regional river management branches. The disruption took down key digital tools such as domain services and GIS mapping, and the agencys public website remained offline while updates were shared through other channels. Authorities stated that operational technology supporting dams and flood defenses remained safe and that field staff continued critical functions manually.
Romanian Waters (Administrația Națională Apele Române)
December 20, 2025
•[ ransomware, IT disruption, critical infrastructure ]
Romanias national water authority, Romanian Waters, suffered a ransomware incident that began on December 20, 2025 and disrupted IT services across the organization. Romanias National Cyber Security Directorate (DNSC) reported the event affected approximately 1,000 computer systems, including workstations, email services, and web servers, and spread from the main office to 10 of 11 regional river management branches. The disruption took down key digital tools such as domain services and GIS mapping, and the agencys public website remained offline while updates were shared through other channels. Authorities stated that operational technology supporting dams and flood defenses remained safe and that field staff continued critical functions manually.
Club Atletico River Plate
December 19, 2025
•[ ransomware, data leak ]
On December 19, 2025, Argentine media reported that Club Atltico River Plate was listed on ransomware group Qilins dark web leak site, suggesting the group had gained unauthorized access to the clubs IT environment. The report described a significant compromise of sensitive information and access to the institutions digital infrastructure, with screenshots posted as evidence and indications the club used Microsoft 365 services. The attackers posted metrics referenced data for 4,042 users, one directly compromised employee, and 13 credentials belonging to employees of third parties
Undisclosed Ghana financial institution
December 19, 2025
•[ ransomware, data leak ]
A ransomware attack targeted a Ghanaian financial institution, encrypting large volumes of data and resulting in a financial loss of approximately USD 120,000, with authorities later assisting in partial data recovery.
Dainichiseika Color & Chemicals Mfg. (Vietnam subsidiary)
December 15, 2025
•[ ransomware, unauthorized access, data leak ]
Dainichiseika Color & Chemicals Manufacturing reported that its consolidated subsidiary in Vietnam (DAINICHI COLOR VIETNAM CO., LTD.) suffered unauthorized access that resulted in ransomware infection of internal servers and related systems. On December 15, 2025, the company confirmed that files on servers and PCs had been encrypted and rendered unreadable, consistent with a ransomware data attack. Affected devices were disconnected from internal networks and the internet to prevent spread, and IT specialists were dispatched to support recovery and forensic analysis. The company stated that key subsidiary operations such as manufacturing and shipping continued as usual and that the extent of information leakage, if any, was still being assessed.
Petroleos de Venezuela (PDVSA)
December 15, 2025
•[ ransomware, state-sponsored, service disruption ]
PDVSA confirmed a cyberattack impacted its administrative system and publicly blamed the United States, though outside experts had not substantiated that attribution. Reporting cited by the outlet said the incident was more damaging than PDVSA described, with the company website down and oil cargo deliveries suspended; company sources characterized it as a ransomware attack and described systems being down and deliveries halted for days.
Pell City School System
December 15, 2025
•[ ransomware, security incident, data leak ]
Pell City School System reported that some of its technology systems were affected by a security incident. The superintendent told families that the student information system was not affected, but that a third party copied some files. The district said it was working to resolve the incident and restore services and stated it would not pay. A separate report stated that the SafePay ransomware group claimed responsibility in December 2025, but the school district had not publicly verified the claim or provided details about exactly what data was taken or how systems were accessed at the time of reporting.
Danish Booksellers' Commission Foundation
December 15, 2025
•[ ransomware, data leak, IT disruption ]
A Danish business foundation that distributes books to many bookstores reported being hit by ransomware during the busy Christmas period. The incident disrupted IT operations and prompted an investigation. The organization warned that attackers may have accessed internal files, including employee salary information and other personal data related to staff and potentially customers and former employees. Details on the initial access vector, the ransomware strain, and the total number of impacted individuals were not publicly provided.
DXS International
December 14, 2025
•[ ransomware, data leak ]
DXS International disclosed a cyberattack affecting its office servers that it said was discovered on December 14, 2025 and immediately contained in cooperation with NHS England. The company reported minimal impact on services and said front-line clinical services were unaffected. The specific nature of the breach and whether patient medical information was stolen was not confirmed in the report; however, a ransomware group calling itself DevMan claimed credit and alleged theft of 300 GB of data. Regulators and law enforcement were notified and an external cybersecurity firm was engaged to investigate the scope and extent of unauthorized access.
Alpine Lumber
December 14, 2025
•[ ransomware, data leak, personally identifiable information ]
Alpine Lumbers posted notice states that on December 22, 2025 it determined certain network devices were encrypted with ransomware. The companys investigation found that between December 14 and December 22, 2025 an unauthorized actor viewed and obtained files stored on a file server. Alpine completed its file review and determined on February 5, 2026 that the affected files included employment-purpose information such as names, addresses, Social Security numbers, dates of birth, and health insurance plan enrollment information, and may also have included policy numbers, medical information, government IDs, financial account data, and payment card data. Alpine stated it notified law enforcement and began mailing letters and offering credit monitoring.
BarNet
December 12, 2025
•[ ransomware, data leak ]
Insurance Business reported that BarNet, a communications and infrastructure provider serving barristers and legal practices (including hosting, connectivity, file-sharing and a case-tracking platform), appeared on the SafePay ransomware groups leak site. The article states SafePay released material it claims was taken from BarNets systems, and that the leaked files reportedly include financial statements and legal/contract documents as well as sensitive personal records such as passport copies and CVs. The reporting focuses on the alleged data exposure and extortion context rather than confirmed encryption-related downtime, and it does not provide a confirmed initial access vector or a verified count of affected individuals.
Ahome City Hall
December 12, 2025
•[ data leak, ransomware, extortion ]
Article warns that Mexicos government cybersecurity is structurally weak. Experts cite basic misconfigurations, poor maintenance, limited staff training, and lack of an overarching cybersecurity law. Recent incidents, including municipal data leaks and ransomware affecting Guanajuatos attorney general, show risks of extortion, fraud, and weakened public trust.
National Credit Regulator (NCR)
December 12, 2025
•[ cyberattack, ransomware, data exfiltration ]
The South African National Credit Regulator confirmed it was the victim of a cyberattack in December 2025 that disrupted some of its systems. A ransomware group known as DragonForce claimed responsibility and alleged the exfiltration and publication of alleged 42 GB of data, but the regulator stated investigations were ongoing and has not confirmed data exfiltration, encryption, or the attackers identity.
Ahome City Hall
December 12, 2025
•[ ransomware, data leak, extortion ]
Article warns that Mexicos government cybersecurity is structurally weak. Experts cite basic misconfigurations, poor maintenance, limited staff training, and lack of an overarching cybersecurity law. Recent incidents, including municipal data leaks and ransomware affecting Guanajuatos attorney general, show risks of extortion, fraud, and weakened public trust.
Apex Spine and Neurosurgery
December 9, 2025
•[ unauthorized access, malware, ransomware ]
An unauthorized actor accessed part of Apex Spine and Neurosurgerys computer network, copied files, and deployed malware that locked files on computer systems. The practice said the incident affected 2,500 individuals.
Cheyenne and Arapaho Tribes
December 8, 2025
•[ ransomware, network shutdown, operational disruption ]
A ransomware attack forced the Cheyenne and Arapaho Tribes to shut down tribal computer networks, disrupting email and phone service and suspending some operations while systems were restored in phases.
Eanes ISD
December 6, 2025
•[ ransomware, data leak, network outage ]
Eanes ISD experienced a weeklong Wi-Fi outage beginning December 6, 2025 that made tools including Skyward and Google Classroom unavailable and forced paper-based workarounds; later, Qilin claimed the district on a leak site, but no public theft details were confirmed.
Yokosuka Gakuin School Corporation
December 1, 2025
•[ ransomware, data leak ]
Yokosuka Gakuin School Corporation disclosed a ransomware-related cyberattack discovered in early December 2025 involving unauthorized access to a server and external leakage of photos and videos. The school disconnected systems as a precaution and stated that investigations were ongoing; no quantitative details about data volume or affected individuals were publicly released.
Clarksville ISD
November 26, 2025
•[ ransomware, data leak, Social Security numbers ]
Clarksville ISD reported on November 26, 2025 that all district computers and the district network were experiencing significant difficulties and told staff and students not to use district-connected devices while recovery work continued; later, Interlock claimed it stole student and employee information including Social Security numbers and financial records.
