Ransomware claim attributes a breach of K Subsea Group, a Norwegian subsea engineering firm, to threat actor Everest, alleging data encryption and a ransom demand. The claim notes disruption to offshore energy projects in the North Sea and international offshore markets. #UnitedKingdom
Category: Ransom Monitor
A ransomware claim alleges that Helzberg Diamonds, a US-based jewelry retailer, was targeted by the threat actor coinbasecartel. The claim describes disruptions to Helzberg’s operations across the United States as a result of the attack.
#UnitedStates
BDAC (Bendigo and District Aboriginal Co-operative) in Australia reported a ransomware incident affecting the bdac.com.au domain, attributed to the threat actor incransom. The incident threatens BDAC’s services across health, education, employment and community programs, with about 200 employees and revenue of $19.6 million.
#Australia
Dragonforce claims to have encrypted Affordable Oil’s systems, stating that the ‘goal of Affordable Oil’ is in the company’s name and threatening to leak or publish data unless paid. The message highlights Affordable Oil’s customer-focused operations—its on-site storage facility and 24/7 emergency burner service—to imply disruption of essential services if demands aren’t met. #Unknown
National Railroad Passenger Corporation (Amtrak) in the United States is the victim of a ransomware claim attributed to the threat actor ShinyHunters, with over 9.4 million Salesforce records containing PII and other internal corporate data reportedly compromised. The attackers demand payment or leak and issue a final warning to contact them by 14 April 2026 to prevent leakage and the digital problems they threaten. #UnitedStates
ShinyHunters claim that McGraw Hill, Inc. (mheducation.com) in the United States has compromised over 45 million Salesforce records containing PII, with a ransom demand to pay or leak. This is a final warning to contact by 14 Apr 2026 to prevent leakage and the ensuing digital problems #UnitedStates
ShinyHunters claim that Ryan, LLC has had over 4.8 million Salesforce records containing PII and other internal corporate data compromised, with a demand to pay or face a leak. The message warns of a final deadline to reach out by 14 Apr 2026, threatening leakage and ongoing digital problems if payment is not made. #UnitedStates
Incransom’s ransomware claim targets Straten & Kollegen GmbH, a Nordhorn-based tax advisory firm in Germany, alleging a breach affecting client data and tax records. The attackers threaten to publish or leak the stolen information unless a payment is made.
#Germany
The ransomware claim alleges that the Krybit threat actor targeted Dencom New Zealand Limited, a long-standing IT support and solutions provider in New Zealand. The attackers purportedly encrypted Dencom’s systems and threatened to leak sensitive data unless a ransom was paid, potentially disrupting operations across the country. #NewZealand
ShinyHunters is alleged to have compromised over 13 million Salesforce records containing PII and other Kemper Corporation data in the United States, with a pay-or-leak demand. The message warns to reach out by 14 Apr 2026 to prevent the leak and the ensuing digital problems #UnitedStates
Blackwater claims to have conducted a ransomware attack against Medical Park Hastaneler Grubu, Turkey’s leading healthcare group. Medical Park Hastaneler Grubu operates 36 hospitals across 14 provinces with a workforce of 14,000 employees and provides a wide range of medical services. #Turkey
ShinyHunters claims Marcus & Millichap, Inc. in the United States has had over 30 million Salesforce records containing PII and other internal corporate data compromised. They demand payment or threaten to leak the data, issuing a final deadline of 14 April 2026 and warning of ongoing digital problems if not contacted #UnitedStates
ShinyHunters claim that Abrigo, Inc., in the United States, had over 1.7 million Salesforce records containing PII and other internal corporate data compromised. They warn of a data leak unless payment is made and set a final deadline to contact them by 14 Apr 2026 to avoid further digital problems #UnitedStates
ShinyHunters claim to have compromised Rockstar Games’ Snowflake metrics data via Anodot.com and are demanding payment to prevent its release. In a final warning dated 11 Apr 2026, they threaten to leak the data and cause digital problems unless contacted by 14 Apr 2026, with the incident affecting the United States. #UnitedStates
A ransomware claim targeting morgancountyga.gov in the United States is attributed to threat actor incransom, potentially disrupting local government services and public safety operations. Morgan County delivers public safety through Fire Rescue and the Sheriff’s Office, plus a Public Transit System and recreational facilities for residents and visitors, with about 50 employees and $23 million in revenue, signaling potential disruption to essential services #UnitedStates