ALP-001, a ransomware threat actor, claims to have compromised lacor.es in Spain and left a taunting note: ‘Guys, i just want to have SOME fun About this Corp, i know its small, but i like the files they have LOL,’ setting a deadline of 2026-04-08 00:09:29. The operation reportedly generated $9 million in revenue and exfiltrated 182.71 GB of data from lacor.es, affecting Spain #Spain
Category: Ransom Monitor
The ALP-001 claim targets polsat.pl in Poland, citing 75.71 GB of data and revenue of $148.5 million. The description notes Polsat as Poland’s first independent TV station, with programming that blends in-house productions and feature films. #Poland
A ransomware claim targets the victim D**o*s** Fr**e* *A, attributed to the threat actor nightspire. Data is not available now #Unknown
The European Commission (europa.eu) is claimed to have been breached by the ShinyHunters threat actor, with over 350 GB+ of data compromised, including mail server and database dumps, confidential documents, contracts, and other sensitive material. The claim notes an uncompressed size of 350GB+ (uncompressed), updated 28 Mar 2026, and a SHA256 hash of 697c5cfbc64fa5cfbe3dd59a5cb4a2ee10ade8c53ef4c36f3ab3c7e1e35ff66e. #EuropeanUnion
The ransomware claim targets Terix (terix.com) in the United States, attributed to threat actor ALP-001 with connections to Canada, and cites $26.5 million revenue and 251GB of storage. Terix is described as TERiX International, a data center maintenance and multi-vendor support services provider founded in 1997, with a deadline of 2026-04-07 12:11:01. #UnitedStates #Canada
The claim alleges that Genobank, a US-based blockchain-driven genomic data platform, was targeted by the threat actor coinbasecartel, who purportedly demanded a ransom to prevent the release or encryption of sensitive genetic information. Genobank’s privacy-centric model, which gives users control over who can access their DNA data, would face severe privacy implications if the ransom claim is true #UnitedStates
Kerjaya Prospek Group reports a ransomware incident attributed to the threat actor qilin, resulting in encryption of key systems and potential data exposure. The attackers claim to have gained unauthorized access to internal networks and are demanding a ransom to restore operations. #Malaysia
The ransomware claim lists ITWAL as the victim in the United States, with the threat actor identified as qilin. Details are N/A. #UnitedStates
A ransomware claim targets A A Al Moosa Enterprises (ARENCO Group), a Dubai-based conglomerate. The incident is attributed to the threat actor payload. #UnitedArabEmirates
Ransomware group akira claims to have breached Sheladia Associates, Inc., a US-based multidisciplinary consulting firm, and threatens to release stolen corporate data. The data reportedly includes a large volume of employee personal documents (passports, driver licenses, credit cards, immigration docs), project files, medical and financial information, contracts and NDAs, client files, and internal confidential files, with a warning that data will be uploaded soon #UnitedStates
Quality Carton and Converting, LLC in the United States is the victim of a ransomware claim by the threat actor akira, alleging a data breach and imminent data release. The claim states that attackers threaten to upload or leak a broad range of corporate data, including employee personal documents, HR files, project files, financials, payment details, contracts and agreements, client files, confidential files, and NDAs. #UnitedStates
Threat actor akira claims a ransomware attack against GeoMechanics Technologies, based in the United States and formerly known as Terralog Technologies. They threaten to upload corporate data soon, including employee personal documents (passports, driver licenses, SSNs and so on), project files, medical information, financials, contracts and NDAs, client files, and other sensitive information #UnitedStates
A ransomware claim attributes the attack on Fondation Boghossian to the threat actor qilin, describing encryption of files and potential data exfiltration. The claim indicates the operation targeted Belgium, with Fondation Boghossian identified as the victim. #Belgium
Worldleaks claims to have breached CIM, a Germany-based real estate and infrastructure investment firm, deploying ransomware to encrypt systems and exfiltrate data. The claim emphasizes CIM’s diverse portfolio—hotels, retail, residential properties, and renewable energy infrastructure—and asserts that the attack would disrupt operations and affect stakeholders across Germany #Germany
Worldleaks claims to have compromised the Sheraton Hotel in the United States in a ransomware incident. The message threatens data exfiltration and the public release of sensitive information unless a ransom is paid. #countryunitedstates