Category: Ransom Monitor

City’Pro in France reports a ransomware incident attributed to the threat actor qilin, who claims it encrypted City’Pro’s systems and data. The claim provides no further details beyond the ransom note (N/A). #France

Qilin has claimed a ransomware operation targeting SEL (Safety Engineering Laboratory) in Germany. Public details about the impact or techniques remain unavailable.
#Germany

A ransomware claim accuses the Krybit threat actor of compromising imbriefamilylaw.com, encrypting data, and demanding payment. The incident has been described as affecting operations in the United Kingdom #UnitedKingdom

A ransomware claim attributed to the threat actor Everest targets Citizens Bank in the United States. The AI-generated note depicts Citizens Bank as a major American retail and commercial bank with nationwide reach and a wide range of services, while threats of encryption or data exposure accompany the attack. #UnitedStates

Tokoparts in Indonesia is linked to a ransomware claim attributed to the threat actor Everest, asserting encryption of systems and potential data exposure. The claim is listed as [AI generated] N/A #Indonesia

Everest claims to have breached Umiles Group, a Spain-based drone technology and services company, and to have deployed ransomware that encrypts critical systems. The threat actor threatens operational disruption to Umiles Group’s unmanned aerial vehicle services and data exfiltration unless monetary demands are met #Spain

A ransomware claim alleges that the Everest threat actor compromised NutraBio, a US-based dietary supplement manufacturer, encrypting systems and exfiltrating data. The claim further states Everest is demanding payment for decryption and to prevent publication of stolen information in the United States. #UnitedStates

ShinyHunters claim that 7-Eleven, Inc. has compromised over 600,000 Salesforce records containing PII and other internal corporate data. They issue a final warning to pay or leak, stating contact must be made by 21 Apr 2026 to prevent leakage and several annoying digital problems, with an update on 18 Apr 2026. #UnitedStates

Shinyhunters claim that Pitney Bowes Inc. (pb.com) in the United States has had over 25 million Salesforce records containing PII compromised. They demand payment or threaten to leak the data, issuing a final warning to contact by 21 Apr 2026 and warning of digital problems to come if ignored; updated 18 Apr 2026.
#UnitedStates

Threat actor shinyhunters claims to have breached The Canada Life Assurance Company (canadalife.com) in Canada, exposing over 5.6 million Salesforce records containing PII and threatening a leak if payment is not made. Updated 18 Apr 2026, the message is a final warning to pay by 21 Apr 2026 to prevent leakage and the accompanying digital problems. #Canada

Shinyhunters claims Aman Resorts (aman.com) in Singapore has over 500,000 Salesforce records containing PII that have been compromised in a pay-or-leak extortion attempt. Updated 18 Apr 2026, the note demands contact by 21 Apr 2026 to avoid leaking the data and facing digital disruptions, branding it a final warning. #Singapore

The Great Cookie is identified as the victim of a ransomware claim attributed to the threat actor qilin (N/A). The report provides no country of impact. #Unknown

Millennium Dental Technologies, Inc. faced a ransomware claim from the threat actor ‘termite’, alleging encryption of their systems and data exfiltration. Founded in 1994 and headquartered in Cerritos, California, the company manufactures and distributes dental products, including the PerioLase MVP-7 laser therapy device #UnitedStates