All news with #ransomware incident tag

🔒 Kantsu, a midsize Japanese logistics firm, was hit by ransomware on Sept. 12, 2024 that encrypted servers, cut communications, and halted shipping operations for hundreds of clients. The company refused to pay a ransom, shut down networks, replaced PCs, and rebuilt its cloud WMS Cloud Thomas on AWS while using analog processes to maintain critical shipments. Executives prioritized speed, cash availability, and employee welfare during an expensive recovery process that exposed gaps in cyber insurance.

🔒 The Qilin ransomware group has added Japanese brewer Asahi to its data leak site, claiming exfiltration of over 9,300 files totaling 27GB and publishing 29 images of internal financial documents, employee IDs, contracts, and reports. Asahi suspended operations at six facilities after a September 29 cyberattack and confirmed a ransomware-caused disruption with evidence of data theft. The company says production of its flagship Super Dry has resumed via a temporary manual ordering system, though full operations are not yet restored and new product launches are postponed.

🔒 Jaguar Land Rover has reported a 25% drop in volume sales in the three months to 30 September after a cyber incident severely disrupted production and sales. Wholesales in Q2 FY2026 were 66,165 units, down 24.2% year-on-year, while retail sales fell 17.1%. The company began a controlled, phased restart of UK manufacturing from 8 October and launched a supplier financing scheme to ease cashflow during the restart.

🔒 Two teenage boys were arrested in Bishop's Stortford on suspicion of computer misuse and blackmail following a ransomware attack on the Kido nursery group, the Metropolitan Police said. Referred to the Met by Action Fraud on 25 September, investigators allege attackers demanded £600,000 in Bitcoin after stealing names, addresses, contact details and photos of around 8,000 children via a Famly account. The group, which called itself "Radiant," reportedly contacted parents directly and posted some images on the dark web before blurring and later claiming deletion; the app provider says its infrastructure was not breached. The Met described the arrests as a significant step while inquiries continue alongside partner agencies.

🔒 The Qilin ransomware group has claimed responsibility for a cyber-attack on Japan's Asahi Group, asserting it exfiltrated about 27 GB of files containing employee personal data and sensitive business documents. Consumer site Comparitech listed the data on Qilin's leak site on October 7, and Asahi has confirmed an earlier ransomware incident involving an 'unauthorized transfer of data'. The breach disrupted order, shipment and call-centre operations as the brewer implemented manual processes while investigating.

🔒 A Russian-linked ransomware group, Qilin, has claimed responsibility for a September 2, 2025 attack that disrupted Mecklenburg County Public Schools and said it exfiltrated 305 GB of data, including financial records, grant documents, budgets and children’s medical files. The attack forced teachers offline for about a week while internet systems were restored. Superintendent Scott Worner said the district does not currently intend to pay the ransom and is still assessing the scope, urging other districts to review cyber-insurance and preparedness.

🔒 Microsoft Threat Intelligence warns of active exploitation of a critical deserialization vulnerability in GoAnywhere MFT License Servlet (CVE-2025-10035, CVSS 10.0) that can allow forged license responses to trigger arbitrary object deserialization and potential remote code execution. Activity attributed to Storm-1175 included initial access via this flaw, deployment of RMM tools (SimpleHelp, MeshAgent), and at least one Medusa ransomware incident. Customers should upgrade per Fortra guidance, run EDR in block mode, restrict outbound connections, and use the provided Defender detections and IoCs for hunting and response.

🛡️Threat actors tied to Cl0p exploited a critical Oracle E-Business Suite zero-day (CVE-2025-61882, CVSS 9.8) to steal large volumes of data, with multiple flaws abused across patched and unpatched systems. The week also spotlights a new espionage actor, Phantom Taurus, plus diverse campaigns from WordPress-based loaders to self-spreading WhatsApp malware. Prioritize patching, strengthen pre-boot authentication for BitLocker, and increase monitoring for the indicators associated with these campaigns.

🛡️ Asahi has confirmed a ransomware attack that resulted in an "unauthorized transfer of data" from its servers. The Tokyo-based brewer said it isolated affected systems and established an Emergency Response Headquarters to investigate, working with external cybersecurity experts. Operational impacts in Japan include suspended system-based ordering, shipments and call centers, with partial manual processing underway. The company has not disclosed whether a ransom demand was made.

🍺 A ransomware attack has forced Asahi Group Holdings to suspend production at nearly all of its 30 domestic breweries after ordering, delivery and call‑centre systems were disabled. The disruption has prompted the postponement of 12 new product launches and suspension of multiple beverage lines, with retailers warning that popular Asahi Super Dry could run out in days. Asahi reports no evidence so far of personal data leakage while investigations and recovery continue.

🔒 Asahi Group Holdings has confirmed a ransomware attack caused IT disruptions that forced shutdowns at its Japanese factories and prompted a switch to manual order and shipment processing. The company says investigations found evidence suggesting potential unauthorized data transfer from compromised devices. Asahi has established an Emergency Response Headquarters and is working with external cybersecurity experts; no cybercriminal group has publicly claimed responsibility.

🔒 A ransomware attack on Motility Software Solutions on August 19, 2025, encrypted portions of its systems and may have exposed personal information for approximately 766,000 customers. The DMS vendor supports about 7,000 dealerships and stores data including names, emails, phone numbers, dates of birth, Social Security numbers, and driver’s license numbers. Motility restored systems from backups, implemented additional security measures, and is offering one year of identity monitoring through LifeLock to affected individuals.

🚨 A ransomware group calling itself Randiant claims to have attacked UK childcare operator Kido, publishing names, photos, addresses and family contact details for ten children from one of Kido's London nurseries and threatening to release further data unless a ransom is paid. The attackers' leak page alleges data on more than 8,000 children was exfiltrated. Kido has not yet issued a public statement; London police say an investigation is ongoing. Kido also operates sites in the United States, India and China.

🔒 Asahi has halted order, shipment and call center operations across its Japanese group companies after reporting a system failure caused by a cyber-attack in a September 29 press release. The company said the outage is confined to Japan, offered no estimated recovery timeline and apologized to customers and business partners. It also stated there has been no confirmed leakage of personal or customer data at this time, while security experts caution that positions on compromised data may change as investigations continue.

🔁 JLR has begun a controlled, phased restart of digital and operational systems after the cyber-attack that halted production in early September. The company has increased IT processing capacity for invoicing and restored its financial wholesale system, allowing it to clear payment backlogs and resume sales and vehicle registrations. The Global Parts Logistics Centre is also returning to full operation as recovery work continues with support from the UK National Cyber Security Centre and law enforcement.

🔒 In its latest half-year report the Co-operative Group said it expects to lose about £120 million in profits this financial year after a cyberattack forced temporary shutdowns of parts of its IT estate. The company reported that personal data for roughly 6.5 million members was stolen, prompting operational disruption across its supermarkets as well as its financial and funeral services. The identity of the attackers remains unclear and investigations are ongoing.

🔒 The Co-operative Group reported an £80 million operating profit loss in H1 2025 after an April cyberattack disrupted systems and trading. Management attributed the shortfall to £20 million of one‑off remediation costs and £60 million in lost sales while systems were offline, and said revenue fell by £206 million. The breach, linked to DragonForce and affiliates of Scattered Spider, exposed personal data for all 6.5 million members; four suspects have since been arrested. Despite the impact, Co-op reported £800 million of available liquidity and no immediate funding concerns.

🛒 The Co-op revealed a £206m revenue shortfall resulting from a “malicious” cyber-attack in April after it temporarily shut down multiple systems to contain the threat. The retailer recorded an overall six-month loss of £80m to 5 July 2025 and said sales disruption is likely to continue into H2 2025. No remediation breakdown was provided, although a one-off non-underlying cost of £20m was logged. The intrusion has been linked to Scattered Spider, and UK authorities have made several arrests related to this and similar retail attacks.

🛫 The UK's National Crime Agency arrested a man in his forties in West Sussex on suspicion of Computer Misuse Act offences linked to a ransomware attack that disrupted airports across Europe. RTX Corporation confirmed the incident affected its Collins Aerospace MUSE passenger processing software, first detected on September 19. The suspect has been released on conditional bail while the probe, supported by the South East ROCU and other agencies, remains in its early stages. Affected customers shifted to backup and manual processes while RTX and external cybersecurity experts work to contain and remediate the impact.

🔒 KNP Logistics Group, a 158-year-old UK transport firm, collapsed after the Akira ransomware group accessed an employee account by guessing a weak password. Attackers bypassed protections by targeting an internet-facing account without MFA, deployed ransomware across the estate, and destroyed backups, halting operations across 500 trucks and precipitating administration and 700 job losses. The incident underscores the urgent need for strong password policies, MFA, and isolated, tested backups.