< ciso
brief />
Tag Banner

All news with #ransomware incident tag

135 articles

Coca‑Cola reports Fairlife ransomware halts US production

📰 Coca‑Cola disclosed a ransomware incident affecting its Fairlife dairy subsidiary that led to temporary suspension of U.S. production. The company reported unauthorized access to production-related systems, activated incident response and engaged outside cybersecurity advisors while notifying law enforcement. Product safety remains unaffected and Canadian operations are not impacted. An investigation is ongoing and no claim of data theft or extortion has been confirmed.
read more →

Dutch police dismantle large investment fraud ring

🔍 The Dutch Police announced arrests tied to an international investment fraud operation that ran multiple call centers and posed as financial advisers. Authorities say the organization generated over €100 million per month at its peak, targeted victims with fake trading dashboards, and persuaded them to transfer cryptocurrencies. The main suspect, a 46-year-old Israeli-Polish national with an alleged history of hacking, was arrested in Poland and extradited to the Netherlands. Additional arrests took place in Cyprus, Greece, and Belgium as investigations continue.
read more →

Mount Royal University confirms data breach incident

🔒 Mount Royal University in Calgary reported a cyberattack on June 17 that disrupted online services and internal systems, and led to theft and deletion of files from university storage drives. External cybersecurity experts have been engaged to investigate and assist recovery efforts. The attackers claimed responsibility as CMD Organization, posted samples of stolen documents, and demanded a 30 BTC ransom. MRU is notifying affected individuals and offering credit monitoring for certain employees.
read more →

UK Firms Face Rising Ransomware Incidents in 2025–26

🔒 Report Fraud received 323 ransomware reports from UK organisations between April 2025 and March 2026, with SMEs accounting for over half of victims. Financial losses rose about 50% year-on-year to approximately £270,000 per incident, though police warned this likely understates the true cost. Authorities and experts urge firms to adopt proactive measures like regular backups and strong access controls to reduce risk and impact.
read more →

Two Teens Linked to Scattered Spider Plead Guilty

🔒 Two British teenagers have pleaded guilty after hacking Transport for London (TfL) between 31 August and 3 September 2024, the National Crime Agency (NCA) reports. Members of the Scattered Spider collective, Thalha Jubair, 20, and Owen Flowers, 18, caused £29m in losses and disruption to TfL systems, including customer refunds and Oyster photocard services. Flowers was arrested early September 2024 with digital evidence linking him to TfL and US healthcare breaches; Jubair faces broader charges alleging dozens of intrusions and extortion schemes. Both admitted guilt at Woolwich Crown Court on 22 June and will be sentenced on 16 July.
read more →

Anubis Ransomware Targets Adriatic Port Authority

🔒 New analysis from Resecurity details a ransomware attack by the Anubis group that targeted the Adriatic Port Authority, operator of Ancona port. The breach, traced to December 11, 2025 and publicly claimed by Anubis in January 2026, reportedly affected about 2% of the authority's data while backups preserved most records. Resecurity says the incident disrupted operations, forced vessel rerouting, and involved a reported $10m Bitcoin ransom demand, with sensitive safety and security plans among the stolen files.
read more →

Former school IT worker jailed for prolonged hacks

🔒 A former senior IT support specialist for the Saydel Community School District in Iowa was sentenced to 21 months in prison for repeatedly accessing and sabotaging his former employer’s systems after his April 2023 departure. Prosecutors say he deleted the district’s Facebook page, stripped employees of access to educational platforms, and erased Apple School Manager and Gmail accounts, disrupting classes and causing tens of thousands in remediation costs. He pleaded guilty in January 2026 and must pay $59,668.81 in restitution and serve three years of supervised release with monitoring conditions.
read more →

Why schools remain favourite cybercriminal targets

🔒 Recent ransomware incidents have shown that schools are year-round targets for cybercriminals. Evanston Township High School closed after an attack disrupted critical systems, while Powys County Council in Wales confirmed student and staff data were accessed at multiple schools. Districts are engaging external experts and notifying authorities, highlighting schools' limited budgets and reliance on networked systems.
read more →

WeedHack campaign infects over 116,000 Minecraft systems

🛡️ McAfee researchers report that a large-scale malware campaign named WeedHack has infected more than 116,000 systems by distributing malicious Minecraft mods, clients, cheats, and utilities via YouTube links and SEO poisoning. The operation provides a free, clear-net MaaS dashboard and a paid premium tier that adds remote control, keylogging, and webcam access, targeting session IDs, browsers, wallets, and gaming credentials. Victims are concentrated in the US, Germany, India, and the UK, and the campaign uses hundreds of distribution URLs and thousands of malicious JARs. Players are urged to only download from official sources and use the in-game Marketplace for safety.
read more →

MyPillow and Play gang dispute over alleged breach

🛏️ The Play ransomware group claims to have stolen confidential MyPillow data and threatened a public dump, while CEO Mike Lindell denies any breach and calls the allegations politically motivated. Lindell says MyPillow stores no sensitive data internally and has received no ransom demands, attributing data handling to third parties. The Play group's leak portal set a deadline for release, leaving the truth pending until the deadline passes. The article warns that third-party handling of data still exposes organisations and individuals to meaningful risk.
read more →

Foxconn Confirms Cyberattack at North American Sites

🔒 Foxconn confirmed a cyberattack affected some of its North American factories and says impacted sites are resuming normal production. The company said its cybersecurity team activated response measures to maintain continuity of operations and deliveries. Nitrogen ransomware operators claimed 8 TB of data and over 11 million documents were stolen, allegedly including files from Apple, Nvidia, Intel and Google. Foxconn has faced prior ransomware incidents.
read more →

ShinyHunters Escalates Canvas Extortion Against Schools

🔒 A ShinyHunters “pay or leak” extortion campaign has targeted the education sector after the compromise of Instructure, operator of the Canvas LMS. The April 25 breach reportedly exposed around 275 million records and more than 3.65 TB of data via a vulnerability in the Free‑For‑Teacher Canvas version. After an initial ransom demand and a May 8 deadline, the group extended its timeline and began school‑by‑school extortion, defacing roughly 330 institutional login pages. Affected organizations are urged to change Canvas‑related passwords, enable multi‑factor authentication and heighten phishing awareness.
read more →

cPanel Auth Bypass CVE-2026-41940 Exploited Widely Now

🚨 An emergency update for cPanel and WHM addresses a critical authentication bypass (CVE-2026-41940) that has been actively exploited to access control panels. Security researchers report attackers have breached thousands of servers and deployed a Go-based Linux encryptor tied to the "Sorry" ransomware, which appends the .sorry extension. The encryptor uses ChaCha20 for file encryption with the symmetric key protected by an embedded RSA-2048 public key, and victims receive a README.md ransom note directing contact via a fixed Tox ID. Administrators should install the update and verify backups immediately.
read more →

Police dismantle €50M crypto investment fraud ring

🔍 Austrian and Albanian authorities, supported by Europol and Eurojust, dismantled a large-scale cryptocurrency investment fraud operation responsible for estimated losses of €50 million. The coordinated action, which began in June 2023 and culminated in raids on April 17, resulted in 10 arrests and seizures of cash, hundreds of computers and mobile devices for forensic analysis. The ring operated professional call centres with up to 450 employees, using fake trading platforms and "retention agents" who used remote-access tools and psychological pressure to extract funds and later re-scam victims with bogus recovery fees.
read more →

Former Ransomware Negotiator Pleads Guilty in ALPHV Attacks

🔒 41-year-old Angelo Martino, a former negotiator at DigitalMint, pleaded guilty to participating in BlackCat (ALPHV) ransomware operations that targeted U.S. companies in 2023. Prosecutors say Martino shared confidential victim negotiation positions and insurance limits with the operators, enabling larger extortion demands, and worked with accomplices Ryan Goldberg and Kevin Martin. The trio operated as affiliates, paying administrators a 20% cut, and targeted at least five U.S. organizations, including firms and nonprofits that paid multimillion-dollar ransoms. DigitalMint condemned the conduct and said the employees were fired when the activity was discovered.
read more →

Cookeville Medical Center: 337,917 Patients Exposed

🔒 Cookeville Regional Medical Center has notified 337,917 patients that personal and medical data were accessed during a July 11–14, 2025 intrusion tied to the ransomware group Rhysida. The hospital began mailing breach letters in April 2026, roughly nine months after detection, and said files may include Social Security numbers, driver’s license data, treatment and insurance information. Rhysida claimed the attack in August 2025 and posted sample files; it demanded 10 Bitcoin. CRMC is offering 12 months of identity protection through Experian and reports additional security measures are in place.
read more →

Dutch EHR Vendor ChipSoft Disrupts Services After Ransomware

🔒 Dutch healthcare software vendor ChipSoft has confirmed a ransomware incident that forced it to take its website and patient-facing digital services offline. The provider of the HiX EHR platform warned of "possible unauthorized access" and advised customers to disconnect affected systems while it investigates. The national healthcare CERT, Z-CERT, is coordinating response efforts with ChipSoft and impacted hospitals.
read more →

Die Linke Confirms Data Stolen by Qilin Ransomware

🔒 Die Linke, a German democratic socialist party, has confirmed that the Russian-speaking ransomware group Qilin stole data from its network and is threatening to leak it. The party stated its membership database was not impacted, but attackers sought sensitive internal documents and employee personal information. Die Linke notified German authorities, filed a criminal complaint, and retained independent IT experts to restore affected systems. Qilin added the party to its leak site on April 1 but had not published any data samples.
read more →

Qilin Ransomware Surge in Japan 2025: Detection Insights

🔍 In 2025 Japan reported 134 ransomware incidents—a 17.5% increase from 2024—with Qilin responsible for 22 cases (16.4%). Talos highlights Qilin’s growing automation, credential‑based access, and use of an EDR‑killer that targets 300+ drivers and employs locale-based geo‑fencing. The blog focuses on detecting activity during the pre‑ransomware phase (average six days to execution) and shares Sigma/YARA rules plus correlation guidance to reduce false positives.
read more →

Bearlyfy Uses GenieLocker to Hit 70+ Russian Firms

🔒Bearlyfy, a pro-Ukrainian group also tracked as Labubu, has been linked to more than 70 attacks on Russian companies and began deploying a proprietary Windows ransomware called GenieLocker in March 2026. The group combines extortion and sabotage, often gaining initial access via vulnerable external services and deploying remote tools like MeshAgent. According to vendor F6, about one in five victims pay ransoms, and demand amounts have grown substantially.
read more →