Category: Ransom Monitor

A ransomware claim targets Dow in the United States and is attributed to the threat actor qilin. Ransom notes, encryption details, and other indicators are listed as N/A. #UnitedStates

A ransomware attack against North Country Business Products disabled 2,680 POS terminals nationwide, signaling a harsh awakening for retailers across the US. The operation, attributed to the threat actor handala, disrupted transactions and highlighted the fragility of retail networks. #UnitedStates

The ransomware claim targets Blantyre Capital in the United Kingdom, attributed to the threat actor qilin. Details are N/A. #UnitedKingdom

The ransomware claim from threat actor sarcoma targets GYF and alleges a data breach involving the exfiltration of 1.5 TB, including SQL databases, from a company that designs and develops IT products and services for the financial market. The attack is tied to Argentina as the geo location, and the leak is described as 1.5 TB containing SQL, with the impacted country(s) shown as #Argentina

A ransomware claim from the actor incransom asserts that Conveyors, Inc., a US-based, family-owned manufacturer of bulk material handling equipment, has been breached and that data will be encrypted or released unless a ransom is paid. Conveyors, Inc. supplies screw conveyors, bucket elevators, and drag conveyors to commercial, industrial, oil & gas, and government clients, and the claim warns of significant disruption to this established US manufacturer. #UnitedStates

Threat actor incransom claims to have conducted a ransomware incident against Greenology Products in the United States, threatening data encryption or exposure. The claim frames Greenology’s eco-friendly mission and customer-centric ethos as context for the attack, but provides no independent verification of a breach #UnitedStates

A ransomware claim attributed to the threat actor dragonforce targets Alliance Select Foods International, Inc., alleging data encryption and ransom demands. ASFII is a leading seafood company specializing in tuna canning with a global presence, and it is assessing the incident’s potential impact on operations and stakeholders. #Philippines

The ransomware claim states that nightspire breached S***h***t*** **n**r***e of **v***h-**y A***n***ts, encrypting files and threatening to release the data. Data is not available now, and no country of impact is disclosed. #Unknown

A ransomware claim alleges that the threat actor qilin compromised Doctor.com in the United States.
Details are sparse, with no confirmed ransom amount, encryption method, or data leakage claims.
#UnitedStates

A ransomware claim targets kob.com in the United States, attributed to threat actor ALP-001, reporting $22 million in revenue and 1.127 TB of storage under the KON variant. The description links KON to KOB 4 branding and Eyewitness News 4 content, with a deadline set for 2026-04-02 23:23:40. #UnitedStates

Ming Hwei Energy Co., Ltd., a small private B2B firm (11–50 staff,

ALP-001, a threat actor, claims a ransomware incident against Kyocera Documents Solutions Europe Management BV (kyoceradocumentsolutions.eu), a United Kingdom-based firm in Office Products Retail & Distribution, involving 75GB of storage. The company reportedly has $154.1 million in revenue and a deadline of 2026-04-07 23:54:11 #EuropeanUnion

ALP-001, a ransomware threat actor, claims to have compromised lacor.es in Spain and left a taunting note: ‘Guys, i just want to have SOME fun About this Corp, i know its small, but i like the files they have LOL,’ setting a deadline of 2026-04-08 00:09:29. The operation reportedly generated $9 million in revenue and exfiltrated 182.71 GB of data from lacor.es, affecting Spain #Spain

The ALP-001 claim targets polsat.pl in Poland, citing 75.71 GB of data and revenue of $148.5 million. The description notes Polsat as Poland’s first independent TV station, with programming that blends in-house productions and feature films. #Poland