VirtualExpo Group reports a ransomware incident attributed to the threat actor qilin. Details on the attack vector and data impact are not publicly available #France
Category: Ransom Monitor
Threat actor Akira claims a ransomware-style breach against Madesmart and threatens to upload 31GB of the company’s corporate data. The data reportedly includes employee personal information, HR files, financials, client files, contracts and NDAs, among other sensitive documents. #UnitedStates
WorldLeaks claims to have breached Winmate Inc., a Taiwan-based technology company, and to have deployed ransomware against its industrial display and embedded automation systems. The claim suggests disruptions to Winmate’s rugged hardware used in maritime, medical, military, and transportation sectors. #Taiwan
Dragonforce has claimed a ransomware intrusion against Oriska Insurance, a US-based insurer that serves small and minority-owned businesses with multi-policy solutions, including surety bonding, workers’ compensation, health, and disability coverage. The attackers threaten to exfiltrate and publish sensitive client data and disrupt claims processing unless a ransom is paid, potentially undermining Oriska’s commitment to reliability and timely claim payments. #UnitedStates
Victim Berkadia Commercial Mortgage LLC, US, reports a ransomware incident attributed to shinyhunters, with over 5 million Salesforce records containing PII and other internal corporate data compromised. The attackers issue a final warning, demanding contact by 22 Mar 2026 to prevent leaks and related digital disruption. #UnitedStates
Ransomware claim identifies BITS Business Information Technology Solutions in Germany as the victim and attributes the incident to the threat actor thegentlemen. The claim offers limited technical details beyond the attribution. #Germany
A ransomware claim states that Mercedes-Benz of Arlington in the United States was targeted by the threat actor dragonforce, disrupting dealership operations. The claim alleges encryption of critical systems and data exfiltration with extortion demands against the dealership. #UnitedStates
Tecnocad Group, an Italian engineering services provider, reports a ransomware incident attributed to the threat actor coinbasecartel. The attack reportedly encrypted critical project data and disrupted operations in Italy #Italy
A ransomware claim targets Career Adventures, Inc., a staffing agency in Shreveport and Bossier City, Louisiana, with threat actor Akira promising to upload 8 GB of corporate data, including employee personal information (passports, DLs, and so on), HR data, financials, client data, projects, and NDAs. The message threatens public release of the exfiltrated data unless a ransom is paid, signaling a data breach affecting the United States #UnitedStates
The Akira threat actor is claiming to have compromised The Decorative Paving Company and threatens to upload 20 GB of corporate data, including employee personal information (passports, DLs and other HR files), projects, and financial records. The claim states that the data will be publicly released soon unless a payment is made, signaling an imminent data leak that could impact employees, customers, and operations. #Unknown
Qilin claims responsibility for a ransomware incident targeting Arca Service in Italy. The disclosure provides limited details beyond attribution #Italy
The ransomware claim targets hollu Systemhygiene in Austria, attributed to threat actor qilin. No additional details are provided (N/A) about the ransom demand, encryption scope, or data impact. #Austria
Insomnia claimed a ransomware incident against Valley Family Health Care, a US-based community health center offering medical, dental, behavioral health, and nutrition services. The organization operates 12 locations (including a mobile unit), accepts major insurances, and provides income-based sliding fees to ensure accessible care. #UnitedStates
Bonheure is the victim of a ransomware claim attributed to the spacebears threat actor, linking the incident to a network of karaoke venues and related hospitality services. The claim outlines operations across Karaoke Business, Izakaya-style Restaurant management, Real Estate, and Internet Cafe Management, with details tied to https://bonheure.co.jp/. #Japan
The ransomware claim against Hartmann Bau GmbH in Germany alleges that the threat actor dragonforce encrypted critical project data and demanded a ransom. The incident purportedly disrupted planning, construction, and handover workflows across Hartmann Bau’s service areas in Paderborn, HΓΆxter, and Kassel, potentially impacting residential, commercial, agricultural, and civil engineering projects #Germany