The threat actor Killsec claims to have compromised Getly in Nigeria and deployed ransomware to encrypt their systems, threatening data release. The ransom price is not disclosed, with disclosures at 0/1. #Nigeria
Category: Ransom Monitor
Qilin claims to have carried out a ransomware incident targeting AB Data in the United States. Publicly verifiable details about the attack, including encryption status or data exfiltration, are not available (N/A), but the claim remains #UnitedStates
KlearNow.AI, a US-based company, reports a ransomware incident in which the threat actor thegentlemen exfiltrated 3 TB of data, including two years of correspondence, a database dump, and all source code. They claim CBP declarations were filed for major clients such as BASF, Safran, and Sumitomo, while reiterating KlearNow.AI’s mission to simplify global trade with AI- and ML-driven logistics as a service #UnitedStates
AMR PEMCO reported a ransomware claim attributed to the threat actor qilin. The incident is tied to the United States #UnitedStates
A ransomware claim alleges that the threat actor nova compromised Open Retail, exfiltrated data, and threatens to publish it unless a ransom is paid. Open Retail helps businesses grow by finding and selecting the best commercial spaces, and the claim implies a service disruption and potential exposure of client data. #NotSpecified
HAFA, a Swedish firm, is the target of a ransomware claim attributed to the threat actor thegentlemen, who asserts control over its systems. The claim describes encryption of data and potential exfiltration as leverage to extract payment, with the attack branded under HAFA’s name #Sweden
CPQ Ingenieros reports a ransomware claim attributed to the threat actor thegentlemen, alleging that its networks have been encrypted and data may be exposed. This Spain-based firm, which designs process plants across chemical, pharmaceutical, biotechnological, food, and cosmetic industries, is assessing the impact on operations, clients, and compliance. #Spain
The claim states that the Genesis threat actor compromised a U.S.-based healthcare organization, exfiltrated patient data, and disrupted services. The attackers allegedly demanded a ransom and threatened to publicly disclose the stolen data if the demand is not met. #UnitedStates
Everest is alleged to have carried out a ransomware operation against Atlas Air Worldwide Holdings Inc., encrypting systems and disrupting operations. Ransom demands and potential data exfiltration were reported, with the impact focused in the United States. #UnitedStates
The ransomware claim alleges that Akira, a threat actor, is targeting TriPartum in the United Kingdom, a company specializing in clear and engaging customer communications for sectors such as finance, insurance, utilities, telecommunications, retail, and housing. It states that almost 70GB of TriPartum’s corporate data—including employee information, financials, customer data, projects, NDAs, and other sensitive material—will be uploaded #UnitedKingdom
A ransomware claim targets Logility, a US-based provider of supply chain and retail planning solutions, attributed to the threat actor coinbasecartel. The claim indicates operational disruption and potential data exfiltration affecting Logility’s services.
#UnitedStates
dragonforce claims to have compromised Esposito Bros. Construction Ltd., a Bolton, Ontario-based contractor, threatening to leak sensitive data and demand a ransom. Esposito Bros. Construction Ltd. is a leading bridge contractor with four decades of experience, specializing in complex infrastructure projects while prioritizing safety and environmental responsibility. #Canada
The claim alleges that Advent Aircraft Systems, Inc., in the United States, was targeted by the threat actor anubis in a ransomware operation. It describes a data breach on aerospace developments. #UnitedStates
Rhysida claims responsibility for an attack against Leading Edge Speciali, stating they breached systems and exfiltrated data. The claim warns of public release of stolen data or service disruption unless a ransom is paid. #Unknown
Sinobi claims to have breached Penn Fencing, Inc., a US-based fencing, decking, and railing supplier, and threatens to leak or encrypt sensitive data unless a ransom is paid. The operation targets a domestic supplier, with potential disruption to installations and shipments across the United States. #UnitedStates