All news with #ransomware incident tag

🔒 Belgian hospital AZ Monica disconnected all servers at 6:32 AM after a cyberattack that forced the cancellation of scheduled procedures and slowed emergency operations. The Emergency Department is operating at reduced capacity and MUG and PIT services are currently offline; seven critical patients were transferred to other hospitals. The hospital has notified authorities and is monitoring the situation while staff rely on paper records; officials have not confirmed whether ransomware was involved.

🔒 The University of Hawaii System says a ransomware gang breached a single research project at the UH Cancer Center on August 31, 2025, and exfiltrated study data that included historical files containing Social Security numbers. Upon discovery, affected systems were disconnected, external cybersecurity experts were engaged, and the university said it negotiated with the threat actors to secure a decryption tool. UH reported arranging for the secure destruction of the illegally obtained data and said it will notify individuals once contact information is confirmed. The institution has installed endpoint protection, replaced compromised systems, reset credentials, updated firewall software, and initiated third-party security audits.

🔒 Endpoint disruption following serious breaches can take up to two weeks to remediate, and most US and UK organizations report recovery costs in the millions. In a survey of 750 CISOs compiled for an e-book, Absolute Security found 55% had experienced incidents that disabled mobile, remote or hybrid endpoints in the past 12 months. A majority (57%) required 3–6 days for full endpoint remediation, while 19% needed 7–14 days. The report places the average cost per incident at $2.5m, with 98% of respondents spending between $1m and $5m on recovery.

🚗 Jaguar Land Rover (JLR) says a September 2025 cyberattack forced production shutdowns and resulted in a 43.3% year‑on‑year decline in third‑quarter wholesale volumes. Production only returned to normal by mid‑November and global distribution delays further reduced sales. JLR booked a £196 million hit, confirmed data theft, and said the incident was claimed by the Scattered Lapsus$ Hunters. The U.K. government later approved a £1.5 billion loan guarantee to help stabilise supply chains while tariffs and the planned discontinuation of legacy Jaguar models also weighed on performance.

🚗 Jaguar Land Rover is still reeling from a late‑August cyber-attack that disrupted production from September through mid-November, Tata Motors reported. Retail sales in Q3 2025 fell 25.1% year‑on‑year to 79,600 vehicles, while wholesale shipments plunged 43% to 59,200 units. Tata said the incident "significantly disrupted operations," forcing factory stoppages and ongoing distribution delays, compounded by US tariffs and model phase-outs.

🚨 Covenant Health disclosed that a May intrusion exposed sensitive patient data for 478,188 individuals after a broader analysis revised the initial July estimate of 7,864. The organization says the breach occurred on May 18 and was discovered on May 26; the ransomware group Qilin later claimed responsibility and said 852 GB of data was taken. Exposed elements may include names, addresses, dates of birth, Social Security numbers, medical record and insurance details, and treatment information. Covenant Health engaged third‑party forensics, reports ongoing review, has strengthened security, and is offering affected patients 12 months of free identity protection.

🔒 Oltenia Energy Complex, Romania's largest coal-based energy producer, suffered a ransomware attack on the second day of Christmas that disrupted its IT infrastructure. Some documents were encrypted and key applications — including ERP, document management, email, and the corporate website — became temporarily unavailable. The company said operations were only partially affected and the National Energy System was not jeopardized while teams rebuild systems from backups and cooperate with authorities.

🛡️ INTERPOL coordinated Operation Sentinel between Oct. 27 and Nov. 27, 2025, recovering $3 million and prompting the arrest of 574 suspects across 19 African countries. The campaign targeted business email compromise, digital extortion and ransomware, taking down over 6,000 malicious links and decrypting six ransomware variants. Authorities disrupted fraud rings that stole more than $400,000 and seized devices and servers. Separately, a Ukrainian national pleaded guilty for his role as a Nefilim ransomware affiliate.

🔍 Operation Sentinel, coordinated by Interpol, resulted in 574 arrests across Africa during the month-long campaign from 27 October to 27 November. Authorities recovered $3m in alleged cybercrime proceeds, decrypted six ransomware variants and removed around 6,000 malicious links and domains. Key interventions included halting a $7.9m fraudulent wire transfer in Senegal and recovering 30TB of data encrypted in an attack on a Ghanaian financial institution. The operation involved national forces and industry partners such as Team Cymru and Trend Micro.

🔒 Romanian Waters (Administrația Națională Apele Române) reported a ransomware incident over the weekend that affected roughly 1,000 computer systems across the national authority and 10 of its 11 regional offices. Investigators said servers running GIS, databases, email, web services, Windows workstations and DNS were impacted, while operational technology and water infrastructure controls remained operational. Authorities reported attackers used the built-in Windows BitLocker feature to lock files and left a ransom note demanding contact within seven days; the investigation is ongoing.

🔒A Ukrainian national has pleaded guilty to participating as an affiliate in the Nefilim ransomware operation after being extradited from Barcelona following his June 2024 arrest. He joined the group in June 2021, received an account for a 20% cut and used databases such as ZoomInfo to identify large corporate victims in the US, Canada and Australia. Operators exfiltrated data, encrypted networks and threatened publication on a 'corporate leaks' site; the defendant faces up to 10 years and will be sentenced in May 2026. A known co-conspirator, Volodymyr Tymoshchuk, remains at large and is subject to an up-to-$11m reward.

🛡️Ukrainian national Artem Aleksandrovych Stryzhak, 35, pleaded guilty to participating as an affiliate in the Nefilim ransomware operation, admitting he obtained access to the ransomware code in June 2021 in exchange for a 20% share of ransom proceeds. He targeted high-revenue corporations across the United States, Canada, Australia and several European countries using custom-tailored malware and coordinating data-exfiltration and leak threats to coerce payment. Arrested in Spain in June 2024 and extradited to the U.S. in April 2025, Stryzhak faces up to 10 years in prison; sentencing is scheduled for May 6, 2026.

🔒 Askul Corporation confirmed that the RansomHouse extortion group stole approximately 740,000 customer and partner records during an October ransomware incident. Compromised data types include business and individual customer service records, partner data, and employee information. Askul says attackers likely used compromised administrator credentials for an outsourced partner that lacked MFA, disabled EDR, moved laterally, deployed multiple ransomware variants, and wiped backups. The company has isolated affected networks, enforced MFA, reset admin passwords, begun individual notifications and established long-term monitoring.

🔒 Ideal Group has reported a cyberattack that forced several systems offline as a precaution, leaving business operations running in a limited capacity. The group's affiliate Ahorn AG is affected while subsidiary myLife Lebensversicherung reportedly remains unaffected. The ransomware group Akira is blamed; investigators and external specialists, together with law enforcement, are analysing the incident and currently report no indications of customer data misuse.

🔒 In mid-October the Untereisesheim town hall was hit by a cyberattack that encrypted IT systems and led to data theft from servers. Investigations indicate portions of the stolen material, including older personnel files and employee image drives, have appeared on the darknet, while the municipality stresses that sensitive citizen data and central document systems were not affected. No ransom was paid; the town is working with Cybersecurity Agency Baden-Württemberg (CSBW) and the State Criminal Police Office, has rebuilt and secured systems, and informed supervisory and data protection authorities.

🔒 The Health Service Executive (HSE) has offered €750 to individuals whose personal data was exposed in the May 2021 Conti ransomware attack, plus an additional €650 toward legal costs. The intrusion began with a malicious Microsoft Excel file that bypassed outdated anti‑malware defenses, forcing a full IT shutdown and widespread disruption to hospital services. A later PwC review criticised the HSE's unpatched systems and frail infrastructure, while the organisation says it has found no evidence of fraud stemming from the breach after more than four years.

📊 A FinCEN analysis of 4,194 Bank Secrecy Act filings found organizations paid more than $2.1 billion in ransom between January 2022 and December 2024. Ransomware incidents peaked in 2023 before falling in 2024 after law enforcement actions disrupted ALPHV/BlackCat and LockBit. Most ransom payments were under $250,000 and roughly 97% were made in Bitcoin. Manufacturing, financial services, and healthcare were the most targeted industries.

🔒 Inotiv, an Indiana-based contract research organization, disclosed an August ransomware attack that disrupted operations after networks, databases, and internal applications were taken offline. The company says it has 'restored availability and access' to impacted systems and is notifying 9,542 individuals whose information was stolen. The incident, dated to approximately August 5–8, 2025, was claimed by the Qilin ransomware group, which published alleged samples and asserted it exfiltrated roughly 162,000 files totaling about 176 GB, though Inotiv has not confirmed the specific data types or publicly attributed the attack.

🔒 Asahi Group Holdings confirmed that a ransomware attack on 29 September, attributed to the Qilin group, resulted in a major data breach affecting over 1.5 million customers and roughly 275,000 employees and family members. The incident disrupted ordering, shipping and production systems across Japan and caused widespread product shortages. Asahi says it did not pay a ransom, has found no evidence the data has been posted publicly, and is strengthening its cybersecurity while notifying those impacted.

🔒 Asahi Group Holdings has confirmed that personal data for approximately 1.914 million people, including 1.525 million customers, may have been exposed after a September ransomware incident that forced temporary suspension of operations. The company spent two months on containment, integrity checks and system restoration, and says credit card details were not affected. Qilin has claimed responsibility; Asahi warns customers to monitor for unsolicited communications and anticipates ongoing operational impacts.