The claim states that the threat actor akira will soon upload 10 GB of CSA SpA’s corporate data, including employees’ personal data, financials, contracts and agreements, client files, and other internal files. CSA SpA is an Italian company in the shipping and logistics sector targeted by this ransomware, and the message emphasizes potential data exposure and extortion if demands are not met. #Italy
Category: Ransom Monitor
A ransomware claim lists gas.mercedes-benz.com.eg in Egypt as the victim and attributes the attack to the threat actor LockBit5 affiliated with Mercedes-Benz. Mercedes-Benz, founded in 1967 and headquartered in Giza, Egypt, is an automobile dealer and motor vehicle company. #Egypt
Indigo Group reports a ransomware claim attributed to the threat actor secpo. The exposed dataset includes over 897,000 unique files (1,707,433 with duplicates) containing sensitive information on more than 27,000 individuals and over 27,000 organizations. #Canada
Secpo claims to have compromised JM Bozeman Enterprises, exfiltrating a dataset of over 100,000 unique files (192,993 with duplicates) containing sensitive information on more than 4,000 individuals and over 4,500 organizations. The claim indicates a broad data exposure with potential impact across multiple stakeholders, and the affected country has not been disclosed. #NotDisclosed
La reclamación de ransomware identifica a GRUPO RONDA como la víctima, un despacho constituido por un equipo de Auditores, Mediadores Concursales, Expertos Contables, Licenciados en Derecho y Licenciados en Administración y Dirección de empresas, debidamente colegiados, en México. El actor de la amenaza atribuido es lamashtu. #Mexico
Threat actor lamashtu claims CNAOC in France is the victim of a ransomware incident, outlining the attack and its purported impact. The message highlights CNAOC’s historic role in championing authentic French viticulture since 1924 and describes the organization as a living collective defending the voice of the French vineyard #France
A ransomware claim targets Gauthier Tissus, a France-based company in the Rhone-Alpes basin, attributed to the threat actor lamashtu. Gauthier Tissus is specialized in the weaving and finishing of multi-risk fabrics for technical usage, fabrics for brand image clothes and uniforms #France
Jersey Fabrication Group LLC in the United States reports a ransomware incident attributed to the threat actor worldleaks. The claim includes [AI generated] N/A, indicating no AI-generated material was involved. #UnitedStates
A ransomware claim attributed to threat actor Lynx targets CW&W Contractors (cwwcontractors.com) in the United Kingdom, potentially disrupting ongoing infrastructure projects. The claim alleges encryption of systems and exfiltration of data with extortion demands to restore access and prevent disclosure. #UnitedKingdom
The threat actor ‘qilin’ claims a ransomware incident against the victim Herth+Buss in Germany. No further impact details or corroborating information are provided (N/A). #Germany
The claim alleges that the threat actor akira breached DeMera DeMera Cameron, a Fresno-based CPA firm, and is threatening to leak sensitive corporate and client data. They claim they will upload 260 GB of data soon, including personal data, financials, international client records, contracts, NDAs, and other confidential documents. #UnitedStates
Travel of America reports a ransomware incident claimed by dragonforce, threatening data exfiltration and disruption to their luxury ocean, river, and expedition cruises and travel services. The attackers demand a ransom for decryption and to prevent the release of sensitive customer and partner information.
#UnitedStates
Threat actor dragonforce claims ransomware activity against edtg.com, associated with the Eldorado Trading Group in the banking sector. The Eldorado Trading Group employs 10 to 19 people, has 1 to 5 million in revenue, and is headquartered in Mountain View, California, United States #UnitedStates
The ransomware claim alleges that threat actor ransomhouse targeted Transaction Packing, Inc. (TPI), a Houston-area freight handling company involved in receiving, packing, crating, locating, and shipping cargo. The claim frames TPI’s Houston-area facilities and its emphasis on durable, dependable packaging as context for the potential impact of the attack. #UnitedStates
Ransomware claim attributes a breach of K Subsea Group, a Norwegian subsea engineering firm, to threat actor Everest, alleging data encryption and a ransom demand. The claim notes disruption to offshore energy projects in the North Sea and international offshore markets. #UnitedKingdom