All news with #ransomware incident tag

🔒 Advantest Corporation reported that its corporate network experienced a ransomware intrusion detected on February 15, prompting immediate isolation of affected systems and the engagement of third-party cybersecurity specialists. Preliminary findings indicate an unauthorized party may have deployed ransomware in portions of the network, though no data theft has been confirmed. The company says it will notify and advise any customers or employees if their information is determined to be impacted. The investigation is ongoing and, to date, no ransomware group has claimed responsibility.

🔒 The University of Mississippi Medical Center (UMMC) closed all clinic locations statewide after a ransomware attack disrupted multiple IT systems and blocked access to the Epic electronic medical record. Outpatient and ambulatory surgeries, procedures, and imaging appointments were canceled while inpatient and emergency care continue using established downtime procedures. UMMC said it has taken network systems offline, is working with the FBI and CISA, and that attackers have communicated and may be negotiating an extortion demand.

🛡️ Polish police have detained a 47-year-old suspect alleged to have ties to the Phobos ransomware group and seized computers and mobile phones containing credentials, credit card numbers, and server access data. The arrest in Małopolska was carried out by the Central Bureau of Cybercrime Control as part of Operation Aether, an international Europol-coordinated disruption. Authorities say the suspect used encrypted messaging to communicate with Phobos and now faces charges under Article 269b of Poland’s Criminal Code.

🔒 Washington Hotel, a business brand of Fujita Kanko Inc., disclosed a ransomware infection after an intrusion on Friday, February 13, 2026 at 22:00 local time. The company says it immediately disconnected affected servers, formed an internal task force, and engaged external cybersecurity experts to assess impact and coordinate recovery; preliminary findings indicate attackers accessed various business data. Customer records are unlikely to have been exposed because those are held by a separate vendor, but some properties experienced operational effects such as temporarily unavailable credit-card terminals.

🔒Conpet S.A., Romania's national oil pipeline operator, confirmed that the Qilin ransomware gang exfiltrated company data following a breach of its corporate IT environment. The company said operational systems remained unaffected and it is cooperating with the Romanian National Cyber Security Directorate (DNSC) as investigators assess the incident. Qilin claims nearly 1TB of documents and published a proof sample of 16 images containing internal financial records and passport scans; some files are marked confidential and dated as recently as November 2025. Conpet warned that compromised data may be used for fraud and advised potentially impacted individuals to verify any urgent contact using official channels.

🔒 BridgePay Network Solutions has confirmed a ransomware attack triggered a system-wide IT outage, according to security alerts published on February 6. Initial forensic work indicates no payment card data appears to have been compromised and that any accessed files were encrypted. The company said it is working with cybersecurity specialists, the FBI and the US Secret Service and that recovery may be lengthy; it will provide regular updates to affected customers and partners.

🔒 BridgePay Network Solutions confirmed a ransomware incident that took multiple payment systems offline, triggering a nationwide outage. The company says it has engaged federal law enforcement, including the FBI and U.S. Secret Service, and retained external forensic and recovery teams. Initial forensics report no payment card data compromised, files were encrypted, and restoration is ongoing with no ETA.

🔒 Rome’s La Sapienza University has taken its IT systems offline after a cyberattack that prompted an immediate shutdown of network systems to protect data integrity. The university, Europe’s largest in‑campus institution with over 112,500 students, said authorities were notified and a technical task force is working on restoration. The campus website remains offline and temporary on‑site infopoints are in place while recovery continues. Italian reporting links the incident to Rorschach (Femwar02) ransomware; backups are reported intact.

🔐 The Akira ransomware group claims it breached Bremen-based steel trader Buhlmann Group and exfiltrated roughly 55 gigabytes of sensitive data, according to a darknet post. Buhlmann has not issued an official corporate statement; a company spokeswoman told local outlet buten un binnen that a U.S. subsidiary's IT system was compromised. The company says its German and EU operations are not affected.

🔒 CISA confirmed ransomware gangs are exploiting a high-severity VMware ESXi sandbox escape (CVE-2025-22225) patched by Broadcom in March 2025 alongside related fixes. The vulnerability permits an attacker with privileges in the VMX process to trigger an arbitrary kernel write and escape the virtual machine sandbox. Organizations are urged to apply vendor mitigations, follow BOD 22-01 guidance for cloud services, or discontinue affected products if mitigations are unavailable.

⚠️ Romina Mineralbrunnen, producer of Eiszeitquell and Silberbrunnen, is facing a cyberattack that has brought production at its Reutlingen-Rommelsbach bottling sites to a standstill. The company reports that phones and email are currently unreachable, and local reporting indicates production has stopped. Reutlingen police have opened an investigation, but the method of attack and whether data was exfiltrated remain unknown. Operations and deliveries are impacted while the company assesses the situation.

🚨 Step Finance announced on January 31 that attackers compromised devices belonging to several executives, resulting in the theft of roughly $40 million in digital assets. The Solana-based DeFi analytics and execution platform engaged external cybersecurity researchers and law enforcement and has recovered about $4.7 million so far through Token22 protections and partner coordination. Some operations are paused to strengthen security. Users are advised not to interact with the STEP token while a pre-exploit snapshot and remediation plan are processed.

🔒 Marquis Software Solutions says a ransomware attack in August 2025 that disrupted systems serving dozens of U.S. banks and credit unions was enabled by a breach at SonicWall's cloud backup service. Rather than exploiting an unpatched firewall, attackers used configuration data taken from backup files accessed after unauthorized access to the MySonicWall portal, according to Marquis and a third-party investigation. Marquis is evaluating options including seeking recoupment of response costs for itself and affected customers. SonicWall has acknowledged the MySonicWall breach and said a Mandiant probe linked the incident to state-sponsored actors.

🔒 The office and mobility centre of Verkehrsgesellschaft Main-Tauber (VGMT) are closed and offline after a confirmed cyberattack that encrypted the organisation’s servers and data. It is unclear whether sensitive information was stolen; investigations are ongoing with support from the Baden-Württemberg state cybersecurity agency, local police, district IT specialists and an external vendor. VGMT says public local transport remains unaffected while teams work to restore limited services under heightened security precautions.

🔒 Conceptnet reported a ransomware attack that encrypted central systems, including web and email servers, after perpetrators gained access around 13 January 2026. The incident was detected, isolated and reported to authorities, and external forensics teams are assisting with recovery. The provider—supporting roughly 500 customers—has set up temporary websites for affected clients, which include REWAG, Stadtwerk Regensburg and SSV Jahn Regensburg, while a possible ransom demand and reports of AI use in the attack are under consideration.

🔓 In July 2025, Ingram Micro confirmed a ransomware incident that resulted in the exposure of data for more than 42,000 people. The company told US regulators that attackers accessed records for current and former employees and job applicants, including names, contact details, birth dates, ID numbers and Social Security numbers, plus application materials and employee evaluations. The gang Safepay, active since September 2024, claimed to have stolen about 3.5 terabytes of files. The attack also paralyzed logistics for a week at the global IT distributor, which employs roughly 23,500 people.

🔒 In July 2025 a ransomware attack on distributor Ingram Micro disrupted the company's logistics for about a week, impacting its U.S. headquarters and a German site. The company notified U.S. authorities that more than 42,000 people—current and former employees and job applicants—had personal data stolen, including names, contact details, dates of birth, identity document numbers and Social Security numbers. Documents from hiring processes and employee performance reviews were also exfiltrated, and the ransomware group Safepay, active since September 2024, claimed roughly 3.5 terabytes of data.

🛡️ Ingram Micro disclosed a ransomware incident detected on July 3, 2025, that resulted in the theft of files affecting more than 42,000 individuals. The company said stolen documents included employment and job applicant records with names, contact details, dates of birth and government-issued ID numbers, including Social Security numbers. The attack caused a significant outage that disrupted internal systems and prompted staff to work remotely. While Ingram Micro has not officially confirmed the actor, the SafePay group has claimed responsibility and posted files to its leak site.

🔎 German federal and Frankfurt internet-crime authorities have issued an arrest warrant for the alleged leader of the Black Basta ransomware group after searching residences in Ukraine and seizing evidence. The gang is accused of compromising networks, stealing sensitive data, encrypting systems and extorting payments from over 100 German victims between March 2022 and February 2025. Authorities say the group obtained more than €20 million in Germany and targeted companies, hospitals and public bodies.

🔒 Kyowon Group confirmed a ransomware incident in January that disrupted services and resulted in the theft of customer data. The company says roughly 9.6 million accounts (about 5.5 million people) may be affected and that approximately 600 of its 800 servers were impacted. Kyowon is working with authorities and security experts to investigate, restore services, and will disclose confirmed details to customers.