< ciso
brief />
Tag Banner

All news with #ransomware incident tag

135 articles · page 3 of 7

Step Finance: Executive Device Compromise Leads to $40M Theft

🚨 Step Finance announced on January 31 that attackers compromised devices belonging to several executives, resulting in the theft of roughly $40 million in digital assets. The Solana-based DeFi analytics and execution platform engaged external cybersecurity researchers and law enforcement and has recovered about $4.7 million so far through Token22 protections and partner coordination. Some operations are paused to strengthen security. Users are advised not to interact with the STEP token while a pre-exploit snapshot and remediation plan are processed.
read more →

Marquis Links Ransomware Breach to SonicWall Cloud Backup

🔒 Marquis Software Solutions says a ransomware attack in August 2025 that disrupted systems serving dozens of U.S. banks and credit unions was enabled by a breach at SonicWall's cloud backup service. Rather than exploiting an unpatched firewall, attackers used configuration data taken from backup files accessed after unauthorized access to the MySonicWall portal, according to Marquis and a third-party investigation. Marquis is evaluating options including seeking recoupment of response costs for itself and affected customers. SonicWall has acknowledged the MySonicWall breach and said a Mandiant probe linked the incident to state-sponsored actors.
read more →

Ransomware Hits Verkehrsgesellschaft Main-Tauber Operations

🔒 The office and mobility centre of Verkehrsgesellschaft Main-Tauber (VGMT) are closed and offline after a confirmed cyberattack that encrypted the organisation’s servers and data. It is unclear whether sensitive information was stolen; investigations are ongoing with support from the Baden-Württemberg state cybersecurity agency, local police, district IT specialists and an external vendor. VGMT says public local transport remains unaffected while teams work to restore limited services under heightened security precautions.
read more →

Ransomware Disrupts Conceptnet, Affecting Around 500 Clients

🔒 Conceptnet reported a ransomware attack that encrypted central systems, including web and email servers, after perpetrators gained access around 13 January 2026. The incident was detected, isolated and reported to authorities, and external forensics teams are assisting with recovery. The provider—supporting roughly 500 customers—has set up temporary websites for affected clients, which include REWAG, Stadtwerk Regensburg and SSV Jahn Regensburg, while a possible ransom demand and reports of AI use in the attack are under consideration.
read more →

Ingram Micro: 42,000 Employee Records Exposed Globally

🔓 In July 2025, Ingram Micro confirmed a ransomware incident that resulted in the exposure of data for more than 42,000 people. The company told US regulators that attackers accessed records for current and former employees and job applicants, including names, contact details, birth dates, ID numbers and Social Security numbers, plus application materials and employee evaluations. The gang Safepay, active since September 2024, claimed to have stolen about 3.5 terabytes of files. The attack also paralyzed logistics for a week at the global IT distributor, which employs roughly 23,500 people.
read more →

Ransomware and Data Theft Hit Ingram Micro, 42K Affected

🔒 In July 2025 a ransomware attack on distributor Ingram Micro disrupted the company's logistics for about a week, impacting its U.S. headquarters and a German site. The company notified U.S. authorities that more than 42,000 people—current and former employees and job applicants—had personal data stolen, including names, contact details, dates of birth, identity document numbers and Social Security numbers. Documents from hiring processes and employee performance reviews were also exfiltrated, and the ransomware group Safepay, active since September 2024, claimed roughly 3.5 terabytes of data.
read more →

Ingram Micro: Ransomware Breach Exposed 42,000 People

🛡️ Ingram Micro disclosed a ransomware incident detected on July 3, 2025, that resulted in the theft of files affecting more than 42,000 individuals. The company said stolen documents included employment and job applicant records with names, contact details, dates of birth and government-issued ID numbers, including Social Security numbers. The attack caused a significant outage that disrupted internal systems and prompted staff to work remotely. While Ingram Micro has not officially confirmed the actor, the SafePay group has claimed responsibility and posted files to its leak site.
read more →

German Authorities Seek Alleged Head of Black Basta Gang

🔎 German federal and Frankfurt internet-crime authorities have issued an arrest warrant for the alleged leader of the Black Basta ransomware group after searching residences in Ukraine and seizing evidence. The gang is accused of compromising networks, stealing sensitive data, encrypting systems and extorting payments from over 100 German victims between March 2022 and February 2025. Authorities say the group obtained more than €20 million in Germany and targeted companies, hospitals and public bodies.
read more →

Kyowon Confirms Customer Data Theft in Ransomware Attack

🔒 Kyowon Group confirmed a ransomware incident in January that disrupted services and resulted in the theft of customer data. The company says roughly 9.6 million accounts (about 5.5 million people) may be affected and that approximately 600 of its 800 servers were impacted. Kyowon is working with authorities and security experts to investigate, restore services, and will disclose confirmed details to customers.
read more →

Belgian Hospital AZ Monica Shuts Down Servers Amid Outage

🔒 Belgian hospital AZ Monica disconnected all servers at 6:32 AM after a cyberattack that forced the cancellation of scheduled procedures and slowed emergency operations. The Emergency Department is operating at reduced capacity and MUG and PIT services are currently offline; seven critical patients were transferred to other hospitals. The hospital has notified authorities and is monitoring the situation while staff rely on paper records; officials have not confirmed whether ransomware was involved.
read more →

University of Hawaii Cancer Center Hit by Ransomware

🔒 The University of Hawaii System says a ransomware gang breached a single research project at the UH Cancer Center on August 31, 2025, and exfiltrated study data that included historical files containing Social Security numbers. Upon discovery, affected systems were disconnected, external cybersecurity experts were engaged, and the university said it negotiated with the threat actors to secure a decryption tool. UH reported arranging for the secure destruction of the illegally obtained data and said it will notify individuals once contact information is confirmed. The institution has installed endpoint protection, replaced compromised systems, reset credentials, updated firewall software, and initiated third-party security audits.
read more →

Endpoint Breaches: Up to Two Weeks to Recover, Study

🔒 Endpoint disruption following serious breaches can take up to two weeks to remediate, and most US and UK organizations report recovery costs in the millions. In a survey of 750 CISOs compiled for an e-book, Absolute Security found 55% had experienced incidents that disabled mobile, remote or hybrid endpoints in the past 12 months. A majority (57%) required 3–6 days for full endpoint remediation, while 19% needed 7–14 days. The report places the average cost per incident at $2.5m, with 98% of respondents spending between $1m and $5m on recovery.
read more →

Jaguar Land Rover Q3 wholesale down 43% after attack

🚗 Jaguar Land Rover (JLR) says a September 2025 cyberattack forced production shutdowns and resulted in a 43.3% year‑on‑year decline in third‑quarter wholesale volumes. Production only returned to normal by mid‑November and global distribution delays further reduced sales. JLR booked a £196 million hit, confirmed data theft, and said the incident was claimed by the Scattered Lapsus$ Hunters. The U.K. government later approved a £1.5 billion loan guarantee to help stabilise supply chains while tariffs and the planned discontinuation of legacy Jaguar models also weighed on performance.
read more →

Jaguar Land Rover Q3 Sales Plummet After Cyber-Attack

🚗 Jaguar Land Rover is still reeling from a late‑August cyber-attack that disrupted production from September through mid-November, Tata Motors reported. Retail sales in Q3 2025 fell 25.1% year‑on‑year to 79,600 vehicles, while wholesale shipments plunged 43% to 59,200 units. Tata said the incident "significantly disrupted operations," forcing factory stoppages and ongoing distribution delays, compounded by US tariffs and model phase-outs.
read more →

Covenant Health: May data breach impacts 478,188 patients

🚨 Covenant Health disclosed that a May intrusion exposed sensitive patient data for 478,188 individuals after a broader analysis revised the initial July estimate of 7,864. The organization says the breach occurred on May 18 and was discovered on May 26; the ransomware group Qilin later claimed responsibility and said 852 GB of data was taken. Exposed elements may include names, addresses, dates of birth, Social Security numbers, medical record and insurance details, and treatment information. Covenant Health engaged third‑party forensics, reports ongoing review, has strengthened security, and is offering affected patients 12 months of free identity protection.
read more →

Romanian Energy Provider Hit by Gentlemen Ransomware

🔒 Oltenia Energy Complex, Romania's largest coal-based energy producer, suffered a ransomware attack on the second day of Christmas that disrupted its IT infrastructure. Some documents were encrypted and key applications — including ERP, document management, email, and the corporate website — became temporarily unavailable. The company said operations were only partially affected and the National Energy System was not jeopardized while teams rebuild systems from backups and cooperate with authorities.
read more →

INTERPOL Nets 574 Arrests Across Africa, Ransomware Case

🛡️ INTERPOL coordinated Operation Sentinel between Oct. 27 and Nov. 27, 2025, recovering $3 million and prompting the arrest of 574 suspects across 19 African countries. The campaign targeted business email compromise, digital extortion and ransomware, taking down over 6,000 malicious links and decrypting six ransomware variants. Authorities disrupted fraud rings that stole more than $400,000 and seized devices and servers. Separately, a Ukrainian national pleaded guilty for his role as a Nefilim ransomware affiliate.
read more →

Interpol Operation Sentinel Leads to 574 Arrests in Africa

🔍 Operation Sentinel, coordinated by Interpol, resulted in 574 arrests across Africa during the month-long campaign from 27 October to 27 November. Authorities recovered $3m in alleged cybercrime proceeds, decrypted six ransomware variants and removed around 6,000 malicious links and domains. Key interventions included halting a $7.9m fraudulent wire transfer in Senegal and recovering 30TB of data encrypted in an attack on a Ghanaian financial institution. The operation involved national forces and industry partners such as Team Cymru and Trend Micro.
read more →

Romanian National Water Authority Hit by Ransomware

🔒 Romanian Waters (Administrația Națională Apele Române) reported a ransomware incident over the weekend that affected roughly 1,000 computer systems across the national authority and 10 of its 11 regional offices. Investigators said servers running GIS, databases, email, web services, Windows workstations and DNS were impacted, while operational technology and water infrastructure controls remained operational. Authorities reported attackers used the built-in Windows BitLocker feature to lock files and left a ransom note demanding contact within seven days; the investigation is ongoing.
read more →

Ukrainian Affiliate Pleads Guilty in Nefilim Attacks

🔒A Ukrainian national has pleaded guilty to participating as an affiliate in the Nefilim ransomware operation after being extradited from Barcelona following his June 2024 arrest. He joined the group in June 2021, received an account for a 20% cut and used databases such as ZoomInfo to identify large corporate victims in the US, Canada and Australia. Operators exfiltrated data, encrypted networks and threatened publication on a 'corporate leaks' site; the defendant faces up to 10 years and will be sentenced in May 2026. A known co-conspirator, Volodymyr Tymoshchuk, remains at large and is subject to an up-to-$11m reward.
read more →