Category: Ransom Monitor

Chickasaw Holding is named as the victim in a ransomware claim attributed to the threat actor qilin. The claim provides no country information. #UnitedStates

The ransomware claim identifies the victim as *d**n*** V**i*l* **s**b***s and attributes the intrusion to threat actor nightspire. No data is available at this time regarding the extent of the impact or ransom details. #Unknown

Nightspire claims to have compromised JT-ATFP, LLC in the United States, alleging access to and potential exfiltration of sensitive data. The data types cited in the claim include Classified Contracts, Employee Information, ATFP Projects, Vulnerability Assessment Docs, FOUO Files, and DOD Projects. #UnitedStates

Beltran & Garcia Financial Investment SLU is the victim of a ransomware claim linked to threat actor nightspire, with data not available now. The incident is associated with Spain. #Spain

Everest claimed to have compromised Parque Eólico Toabré in Panama, encrypting wind-farm control systems and demanding a ransom for decryption keys. The attackers warned that failure to pay would result in the public release of sensitive operational data and could disrupt electricity production at the wind farm. #Panama

CERUMO Co., Ltd in Japan has been hit by ransomware attributed to nightspire, with data currently inaccessible. Data remains unavailable for now #Japan

A ransomware claim against Hallmark Cards, Inc. and Hallmark Plus in the United States reports that over 7.9 million Salesforce records containing PII and other internal corporate data have been compromised by the threat actor shinyhunters. The attackers issued a final warning to reach out by 2 Apr 2026 before they leak the data and cause a range of digital problems, with an update dated 31 Mar 2026 #UnitedStates

A ransomware claim targets millersteelelaw.com, attributed to the threat actor incransom, impacting Miller & Steele Law Firm. The incident involves encrypting sensitive client data and demanding a ransom, with potential exposure to legal files and client information in the United States #UnitedStates

The ransomware claim alleges that incransom compromised domingogarcia.com in the United States, encrypting data and threatening to leak sensitive information unless a ransom is paid. Domingo Garcia, renowned for representing accident victims for over 35 years, is named in the claim as the site owner affected by the breach, highlighting potential client and reputational impacts #unitedstates

Efficy, a Belgian CRM software provider, is the claimed victim in a ransomware incident involving the actor ‘coinbasecartel’ that allegedly leaked 43 GB of data. The claim, described as [AI generated], ties the breach to Belgium and cites data exfiltration as the motive behind the leak. #Belgium

The ransomware claim targets Propertyfinder / PropSpace CRM and is attributed to coinbasecartel, presenting an auction-like scenario that urges victims to place their bids now. The claim does not specify any impacted country. #Unknown

A ransomware claim targets Wm Erath & Son in the United States, attributed to the threat actor qilin. Details regarding ransom amount, encryption method, and impact are listed as N/A. #UnitedStates

A ransomware claim targets Dow in the United States and is attributed to the threat actor qilin. Ransom notes, encryption details, and other indicators are listed as N/A. #UnitedStates

A ransomware attack against North Country Business Products disabled 2,680 POS terminals nationwide, signaling a harsh awakening for retailers across the US. The operation, attributed to the threat actor handala, disrupted transactions and highlighted the fragility of retail networks. #UnitedStates