Akira claims to have breached Mh Soluciones, a Mexico-based outsourcing and management services firm, and threatens to upload 85 GB of its corporate data. The exposed data reportedly includes scanned employee documents (passports and driver’s licenses), project records (hazardous waste management and government contracts), agreements, and client information. #Mexico
Category: Ransom Monitor
Dragonforce claims to have compromised Advanced Rehabilitation Technology (ART), a US-based provider of no-dig solutions for rehabilitating water and wastewater infrastructure, and demands a ransom to prevent release of sensitive project data. The group threatens public data leaks and potential disruption to ART’s municipal and industrial customers, signaling a direct impact on critical infrastructure. #UnitedStates
Allegedly, the ransomware claim targets Raz Zimmt, head of the Iran Desk at Israeli security institutes, with the threat actor Handala taunting him over his commentary on Iran. The message asserts that the attackers did more than breach his inbox, claiming they unlocked his entire world and warning that the hunter has become the hunted.
#Israel
Fortress Systems reports a ransomware incident attributed to the threat actor qilin, affecting systems in the United States. The claim describes encryption of files and potential data exfiltration, with ransom demands reportedly issued to Fortress Systems in the United States #UnitedStates
AiLock claims to have compromised England Hockey, the national governing body for hockey in England, threatening ransomware encryption and potential data exfiltration. The claim asserts disruption to England Hockey’s services, including competitions, events, coaching, and officiating programs, and threatens to leak stolen data unless a ransom is paid. #UnitedKingdom
The ransomware claim by spacebears alleges that AbelZeta Pharma, a global cell therapy leader, exposed 170,000+ files and 670+ separate archives containing experiments on candidates such as CAR032, CAR39, CAR66, CAR168, TIL, CD, and Tcell. The data are described as confidential and highly valuable for competitive research, spanning studies across hematologic malignancies, inflammatory and immunological diseases, and solid tumors, and involving partnerships with AstraZeneca, Janssen (J&J), and Novartis. #BosniaandHerzegovina
The ShinyHunters ransomware claim states that Aura Group, Inc. in the United States has had over 2 million records containing PII and other internal corporate data compromised. They issue a final warning to contact them by 14 March 2026 to prevent the leak and the associated digital problems #UnitedStates
The claim alleges ransomware targeting NIXVAL IT Infrastructure in Spain, attributed to the threat actor nightspire. Data related to the incident is not available now. #Spain
A ransomware claim alleges that Arimex Importadora in Brazil was targeted by the threat actor qilin. Details beyond the victim and actor are not provided in the claim. #brazil
The ransomware claim involves the victim E-Fci in the United States, attributed to nightspire. Data regarding the incident is not available at this time. #UnitedStates
Powers HVAC reports a ransomware incident attributed to the threat actor qilin. The impacted country is not specified in the report. #Unknown
A ransomware claim targets Special Shapes Refractory in the United States and is attributed to threat actor qilin. Details beyond the attribution are listed as N/A. #UnitedStates
The coinbasecartel threat actor claims to have exfiltrated 3TB of data from JBS Brazil, with pictures added to the leak. JBS Brazil is a multinational meat processing company with global operations, and the claim highlights a ransomware incident affecting Brazil #Brazil
Since 1905, Elliott-Lewis Corporate has provided comprehensive solutions for maintenance, repair and operations, engineering, design, installation, and energy consumption, and the interlock ransomware claim alleges this US-based firm suffered a breach exposing a large database of confidential contracts, projects, and personal customer and employee data. It further notes that Elliott-Lewis’ Facilities Management team provides on-site operations management but does not deliver security to its customers, contributing to the data exposure.
#UnitedStates
A ransomware claim targets Docaret in France, attributed to threat actor thegentlemen, referencing docaret.com and the ZoomInfo profile at zoominfo.com/c/docaret/363588396. The material highlights Docaret’s service offerings rather than detailing ransomware tactics, with no disclosed ransom demand or data exfiltration specifics. #France