Pinnacle reports a ransomware claim attributed to the threat actor ‘play’ operating in the United States. The incident involves Pinnacle as the victim, with the United States identified as the impacted country #countryUnitedStates
Category: Ransom Monitor
Roxiticus Golf Club reported a ransomware incident attributed to the Play threat actor based in the United States. The claim describes a ransomware attack linked to the Play group. #UnitedStates
Threat actor ‘play’ claims to have compromised All Real Estate Title Solutions in the United States and intends to encrypt systems and exfiltrate data. The claim describes ransomware-style extortion against US-based real estate title services, with potential public data leakage and operational disruption. #UnitedStates
The ransomware claim targets the Jennings School District (jenningsk12.org) and is attributed to the threat actor incransom, affecting operations in the United States. No ransom amount or extent of data exfiltration has been disclosed, and authorities along with the district are investigating. #UnitedStates
The ransomware claim identifies PWNA Plains in the United States as the victim, with claims of data encryption and a ransom demand attributed to the actor incransom. The claim also describes Partnership With Native Americans as a 501(c)(3) nonprofit dedicated to championing hope for Native Americans living on remote, isolated, and impoverished reservations. #UnitedStates
A ransomware claim targets cerboniservices.com, a US-based provider of bookkeeping, tax, and CFO services for restaurants and hospitality, with incransom identified as the threat actor. The claim alleges data exfiltration and a looming public release unless a ransom is paid, leveraging Cerboni’s focus on profitability and strengthening financial controls to pressure the victim. #UnitedStates
ShinyHunters claims to have compromised Salesforce records containing PII and other internal corporate data from Berkadia Commercial Mortgage, LLC (berkadia.com) in the United States. They state Berkadia failed to reach an agreement despite all chances and offers, and the data dump amounts to 27GB (compressed) | Updated: 25 Mar 2026 | SHA256: 2ae1c2804c01f5894143620518ec41fceb98e330f408c7f38e3d6ef93ebe8f21. #UnitedStates
Ransomware claim attributes the attack to the threat actor qilin targeting Retail Centenario, with minimal operational details provided. The country of impact is not specified in the report. #unknown
Qilin is identified as the threat actor behind a ransomware claim affecting Aroostook Mental Health Services in the United States. The disclosure offers limited context beyond the actor and victim, with no details on impact, encryption, or ransom payments. #UnitedStates
The threat actor akira claims it will upload 138 GB of Mooers Immigration’s data, including sensitive client documents such as passports, visas, NDAs, and financial records. This ransomware claim targets Mooers Immigration, a US-based firm, and threatens to publicly release confidential information to pressure compliance #UnitedStates
Akira claims to have exfiltrated approximately 17 GB of data from Concord Components, Wefapress, Environment Masters, Fairmont Hot Springs Resort, and Road America. The compromised data allegedly includes hundreds of employee SSNs, medical information, client data, numerous project files, confidential documents, and accounting and financial records. #Canada #UnitedStates
Threat actor Akira claims they will soon upload 72 GB of French Engineering’s corporate data, including extensive employee records, financials, confidential documents, and NDAs. The breach allegedly targets French Engineering’s services across Pennsylvania, West Virginia, and Maryland, with a threat to publicly release the data unless extortion demands are met. #France
Dragonforce claims ransomware against M3 Group in Luxembourg, encrypting files and threatening data release. M3 Group, a Lansing-founded agency offering integrated branding, marketing and advertising services, could be disrupted by the attack #Luxembourg
Alleged ransomware claim targets Omikenshi Co., Ltd., a Japan-based company involved in textiles, lifestyle products, cosmetics, and software development, with the threat actor thegentlemen purportedly behind the attack. The claim states that the attackers demanded payment in exchange for decrypting data and assurances not to leak or publicly release sensitive information #Japan
Estudio O’Farrell, a prestigious law firm based in Buenos Aires, Argentina, reportedly faced a ransomware incident attributed to the threat actor crypto24. The attack allegedly disrupted operations and threatened sensitive client data as part of a crypto24-led extortion campaign. #Argentina