Schools in Shropshire (11 schools)
July 21, 2025
•[ ransomware ]
Local council committee informed that a ransomware cyberattack impacted 11 schools in Shropshire.
Palo Alto Networks (investigator)
July 17, 2025
•[ ransomware, malware, technology ]
Ransomware deployment (4L4MD4R) via exploitation of Microsoft SharePoint ToolShell vulnerabilities; attackers disabled defenses, bypassed certificate validation, and encrypted files; ransom note threatened deletion upon decryption attempts.
Mower County (Minnesota)
July 17, 2025
•[ ransomware ]
Mower County reported restoration progress following a ransomware incident that disrupted county services for roughly two weeks.
Otjiwarongo Municipality
July 17, 2025
•[ ransomware ]
Namibian Sun reports Otjiwarongo Municipality was hit by a cyberattack and a ransom was demanded, impacting services.
Cookeville Regional Medical Center (CRMC)
July 16, 2025
•[ ransomware ]
Local paper confirms ransomware at CRMC; hospital switched to downtime procedures while responding to the incident.
Albemarle County, Virginia
July 15, 2025
•[ ransomware, data leak ]
Albemarle County said a specific ransomware group was responsible for a July attack that disrupted services and potentially accessed internal records.
WineLab (Novabev Group)
July 14, 2025
•[ ransomware ]
Ransomware attack shutdown 2041 WineLab stores and online services across Russia.
Seoul Guarantee Insurance (SGI)
July 14, 2025
•[ ransomware ]
Ransomware attack began early Monday; joint investigation confirmed ransomware; SGI core systems offline for third day, causing widespread confusion.
Crenshaw Community Hospital
July 14, 2025
•[ ransomware, data leak ]
Ransomware group PayoutsKing claimed responsibility for a July 14 2025 attack on Crenshaw Community Hospital, exfiltrating approximately 53 GB of data; encryption was not confirmed.
Nymburk Hospital
July 8, 2025
•[ ransomware, extortion ]
Czech police investigating a cyberattack on Nymburk Hospital including extortion elements; disruption reported.
Woodlawn Health
July 5, 2025
•[ ransomware, malware, healthcare ]
Woodlawn Health in Rochester, Indiana suffered a ransomware attack starting July 5, 2025, which encrypted systems and disrupted clinical and administrative operations. Systems were gradually restored, and officials confirmed that some patient care was impacted. Investigations continue into whether personal or medical data was exfiltrated.
Ingram Micro
July 3, 2025
•[ ransomware ]
SafePay ransomware attack on Ingram Micro shut down internal systems, website, and online ordering systems.
Avantic Medical Lab
July 3, 2025
•[ ransomware, data leak ]
Everest listed the lab June 10 and leaked 31 GB of patient files on July 3; contents include PHI, EOB files, and some financial details.
Deutsche Welthungerhilfe (WHH)
July 2, 2025
•[ ransomware, data leak ]
RaaS group listed WHH and offered stolen data for sale; WHH shut down affected systems, involved police and DPA, and refused to pay.
Accu Reference Medical Laboratory
July 1, 2025
•[ ransomware, data leak ]
Qilin listed Accu Reference on July 10 claiming they acquired data on July 1; screenshots display unredacted PHI; encryption not indicated.
MPOWERHealth
June 29, 2025
•[ ransomware, leak, hack ]
WorldLeaks, a criminal ransomware group, claimed responsibility for a June 29, 2025 cyberattack on MPOWERHealth in Addison, Texas. The attackers exfiltrated roughly 1.5 TB of data (over 1.6 million files), including PHI, insurance claims, internal documents, login credentials, and cyber-insurance records. While negotiations began, the company ceased responding, after which WorldLeaks leaked the stolen files. Reports indicate data theft and exposure but no confirmed operational outage.
Radix (Swiss government IT service provider)
June 25, 2025
•[ ransomware, data leak ]
Swiss IT provider Radix suffered a ransomware intrusion by the Sarcoma group around June 25 2025; attackers exfiltrated ~1.3 TB of Swiss federal data, encrypted internal systems, and leaked the files online; NCSC confirmed no direct intrusion into federal networks.
Operation Endgame 2.0
June 23, 2025
•[ ransomware, malware, government ]
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.
Netstar
June 23, 2025
•[ leak, ransomware ]
Data details undisclosed publicly; breach confirmed as involving data leak following refusal to pay ransom.
United Australia Party (and Trumpet of Patriots)
June 23, 2025
•[ ransomware, data leak ]
Political parties confirmed ransomware on June 23 with possible exfiltration of all emails and documents; parties stated it is impracticable to notify individuals.
