ALP-001 from China claims to have compromised Hikvision (hikvision.com), with access to 19.9 TB of data and a deadline of 2026-03-30 00:20:04. The threat actor cites revenue of $13.1 Billion and 19.9 TB of data marked as ready for release. #China
Category: Ransom Monitor
The ransomware claim attributes the attack to threat actor qilin and identifies Muffett as the victim in the United Kingdom. Details are sparse, with no further TTPs or ransom demand information disclosed #UnitedKingdom
The ransomware claim targets Fidanque Hermanos e Hijos, S.A. in Panama, with threat actor nightspire claiming access to Financial Documents, Internal Documents, and the MSSQL Database. The incident is attributed to nightspire and involves exfiltration or encryption of sensitive data from the victim’s systems, affecting Panama #Panama
DragonForce claims to have compromised Warden Construction (wardencc.com), a Jacksonville, Florida-based general contractor, in a ransomware incident. Warden Construction serves government and public-sector clients under IDIQ contracts and specializes in design-build, construction management, renovation, and new construction. #UnitedStates
Diese Ransomware-Behauptung richtet sich gegen Resch Maschinenbau in Deutschland und präsentiert Kairos als Angreifer. Sie betont, dass Kairos sich neben hochwertiger Fertigung auch als Berater positioniert und von langjähriger Erfahrung sowie Know-how profitieren will, etwa bei DFMA, um Produkte kostengünstiger zu gestalten und Lieferzeiten zu verkürzen. #Germany
The ransomware claim attributes the attack to dragonforce against theunlimited.co.za, a company based in South Africa. The Unlimited offers a full range of insurance products, including health, auto, legal, and life insurance, designed to provide peace of mind and financial protection to its customers. #SouthAfrica
A ransomware claim attributed to DragonForce targets centreconcrete.com in the United States, alleging encryption of networks and data exfiltration with a demanded payment. The claim implies disruption to Centre Concrete’s seven production sites in central Pennsylvania, threatening ongoing construction projects. #UnitedStates
A ransomware claim targets liverpoolphil.com and is attributed to the DragonForce threat actor. The Liverpool Philharmonic Hall, which hosts a variety of concerts and events, is the affected organization in the United Kingdom #UnitedKingdom
DragonForce claims to have compromised sopower.com, an industrial electrical service provider based in Baton Rouge, LA, founded in 1994 and specializing in electrical testing, commissioning, maintenance, switchgear, transformers, and substation services, serving as a trusted ally for power infrastructure. The incident designates Japan as the impacted country #Japan
Chaos, the ransomware threat actor, claims to have exfiltrated high-value corporate data from Smyth Companies, LLC (smythco.com) and states that private negotiations are now closed. They demand a 24-hour settlement window and threaten full disclosure of 1000 GB of internal data if the deadline is not met #UnknownCountry
A ransomware claim attributes the incident to a payload threat actor targeting TS Lines Philippines, a trusted shipping and logistics partner in the Philippines offering container transport and vessel services. The claim notes the attack affected operations in the Philippines #Philippines
Ransomware claim targets WAL Consultant, attributed to threat actor qilin. Country is listed as N/A, indicating no specific country identified #CountryNotSpecified
dragonforce claims a ransomware intrusion on The Farese Group, a US-based retirement planning and financial advisory firm, encrypting systems and exfiltrating client data. The Farese Group specializes in retirement income planning, investment management, and financial planning, and says it is assessing the incident while continuing to serve clients and uphold commitments #UnitedStates
DragonForce claims to have compromised the systems of Edifice Design + Architecture in the United States and is threatening to encrypt data and leak sensitive client and design files unless a ransom is paid. The claim frames the attack as a disruption to the built environment industry, warning that architectural plans and project information could be exposed if payment is not made. #UnitedStates
Qilin claims to have compromised AGENCAVI SRL, a company based in Italy, exfiltrating data and threatening to publish it unless a ransom is paid. The claim explicitly identifies Italy as the impacted country and attributes the incident to the threat actor Qilin. #Italy