All news with #ransomware incident tag

🚗 Jaguar Land Rover has extended a production shutdown until Wednesday 1 October 2025 after a major cyber incident that halted its Solihull, Halewood and Wolverhampton plants. The company said teams are working with cybersecurity specialists, the NCSC and law enforcement while it investigates, and warned the outage has already cost an estimated £120m in profits and £1.7bn in revenue. Unions have called for government-backed support for suppliers facing bankruptcy amid cascading supply-chain risk.

🛫 Over the weekend several major European airports experienced check-in and boarding disruptions after a ransomware attack on the external vendor Collins Aerospace. Attackers targeted the MUSE multi-airline check-in system, forcing manual processing of thousands of passengers and causing delays and cancellations to more than 100 flights. Airports affected included Heathrow, Brussels and Berlin Brandenburg, with only minor impact reported in Cork and Dublin. Authorities and the vendor are investigating while restoration efforts continue.

🔒 Insight Partners is notifying thousands of people after a ransomware incident in which a threat actor gained network access via a sophisticated social engineering attack. The attackers reportedly exfiltrated sensitive data — including banking and tax records, personal information of current and former employees, and details related to limited partners, funds, management companies, and portfolio companies — before encrypting servers on January 16, 2025. The firm says formal notification letters and complimentary credit or identity monitoring are being mailed; if you do not receive a letter by the end of September 2025, your personal data was determined not to be impacted. State filings indicate 12,657 individuals were affected, and no group has publicly claimed responsibility.

🔒 Jaguar Land Rover has extended a pause in production for another week as it continues a forensic investigation into a severe cyberattack disclosed on 2 September 2025. The automaker said operations will remain suspended until Wednesday 24th September 2025 while it prepares a controlled global restart. JLR confirmed some data was stolen but has not attributed the breach to a known group. A group calling itself Scattered Lapsus$ Hunters posted screenshots and claimed to have deployed ransomware.

🔒 Jaguar Land Rover (JLR) has extended its production pause until at least 24 September after a cyber-attack earlier this month. The outage is causing cascading disruption across its supply chain, with some third-party workers reportedly laid off while JLR employees are not facing job losses. Unite has called for government-backed furloughs for affected contractors. A group using the name Scattered Lapsus$ Hunters has claimed responsibility and JLR confirmed some data were affected and regulators have been informed.

🔒 The Panama Ministry of Economy and Finance (MEF) says a workstation may have been infected with malicious software; established security protocols were activated immediately and the incident has been contained. The ministry asserted that central systems and platforms remain unaffected, and that personal and institutional data are protected while preventive measures were reinforced. However, the INC Ransom group added MEF to its leak site on September 5, claiming to have stolen more than 1.5 TB of emails, financial records and budgeting files; MEF had not responded to requests for comment by publication.

🔒 Jaguar Land Rover (JLR) confirmed that attackers stole "some data" during a recent cyberattack that forced system shutdowns and instructed staff not to report to work. The company disclosed the disruption on September 2 and says it is working with the U.K. National Cyber Security Centre and third‑party specialists to restart applications in a controlled manner. JLR has notified relevant regulators and said its forensic investigation is ongoing; it will contact individuals if their data is affected. No definitive attribution or confirmed ransomware claim has been announced.

🔒 Lovesac reported a cybersecurity incident in which unauthorized actors accessed internal systems between February 12, 2025 and March 3, 2025, with the company detecting the activity on February 28, 2025. The notice to impacted individuals states that full names and additional personal information were stolen, although specific data elements and the total number of affected people were not disclosed. Lovesac says it remediated the intrusion within three days and currently has no indication the information has been misused, but it is advising vigilance for phishing and other fraud. The RansomHub ransomware group claimed responsibility and added Lovesac to its extortion portal; affected individuals are being offered 24 months of Experian credit monitoring.

🔒 Wehrle-Werk AG has filed for insolvency after 165 years of operation, citing a damaging cyberattack in May 2024 that severely disrupted production, communications and business processes. A provisional insolvency administrator has been appointed to secure operations, conduct talks with customers and suppliers, and arrange pre-financing of insolvency wages to ensure employee pay for the coming months. The Baden-Württemberg firm, which employs around 250 staff and specializes in environmental technology—thermal waste disposal, sewage sludge combustion for phosphorus recovery and wastewater treatment—reported that its subsidiaries in Switzerland, Spain, the UK, Russia and Malaysia are not affected.

🔒 In 2024 and into 2025, a wide range of German companies — from small and mid-sized enterprises to publicly listed groups and critical-service providers — were struck by ransomware and other intrusions, causing operational disruptions, lost revenue, supply-chain effects and reputational harm. Notable victims include Volkswagen Group, Adidas, Samsung Germany and several defence and manufacturing firms, while IT service providers and regional utilities were also targeted. At least one company (Fasana GmbH) reported insolvency after an attack. The editorial team updates this list regularly, but it is not exhaustive.

🔒 Texas Attorney General Ken Paxton has filed suit against PowerSchool after a December breach exposed personal data for 62.4 million students, including over 880,000 Texans. The attacker used a subcontractor’s stolen credentials to access the PowerSource portal, demanded a $2.85 million ransom, and later extorted individual districts. A 19‑year‑old subsequently pleaded guilty in connection with the attack and extortion efforts.

🔒 Sinqia disclosed an attempted theft of approximately R$710 million (about $130m) from two banking customers processed through its Pix transaction environment on 29 August 2025. The company says attackers leveraged compromised credentials from an IT vendor, halted Pix processing, and engaged forensic teams while cooperating with regulators. A portion of the funds has been recovered and investigations, including law enforcement coordination, are ongoing.

🔒 The AWO Karlsruhe-Land reported a cyberattack on 27 August that briefly caused a full outage of its central IT; affected systems were isolated and external IT specialists were engaged. An extortion letter demanding €200,000 allegedly came from the Lynx ransomware group, linked by local reporting to the Russian milieu. Central services were largely restored within a day, investigations with data protection authorities and the Landeskriminalamt continue, and the organisation says the compromised server held employees' employment contracts, prompting stepped-up security measures and staff briefings.

🔐 Pennsylvania’s Office of Attorney General (OAG) confirmed a ransomware attack in August that encrypted files and disrupted civil and criminal court proceedings, forcing several courts to grant time extensions. The OAG said no ransom has been paid and an active multi-agency investigation is underway; it has not yet indicated whether data was exfiltrated. Most staff — about 1,200 across 17 offices — have regained email, and the main phone line and website are restored while full system recovery continues.

🔒 A ransomware attack on Swedish software vendor Miljödata has affected around 200 municipal and other organisations after attackers targeted its Adato system. Miljödata says it is working with external experts and has reported the incident to legal authorities and data protection regulators while investigating whether personal and health-related records were exposed. Police say extortionists demanded 1.5 bitcoins (about SEK 1.5M / US$165,000) and national agencies are coordinating the response.

🔒 Nevada has confirmed a ransomware attack that resulted in data being exfiltrated from state networks. Tim Galluzi, Nevada's chief information officer, said the incident was first detected on August 24 and was disclosed by the governor's office on August 25; he provided an update in a press conference on August 27. Systems and digital services were taken offline to prevent further intrusion, and a forensic investigation involving third-party specialists, the FBI and CISA is ongoing to determine the nature and scope of the stolen information. No criminal actor had claimed responsibility at the time of reporting.

🔒 Data I/O, a US-based provider of programming solutions for Flash devices, disclosed a ransomware incident on 16 August that forced it to take platforms offline and deploy mitigations. The company said operations including communications, shipping, manufacturing and support functions were temporarily impacted while it restores systems. Costs for remediation and contractor fees are reasonably likely to affect finances. Major customers include Tesla, Panasonic, Amazon, Google and Microsoft.

🔎 INTERPOL coordinated a multi-country crackdown that led to the arrest of 1,209 suspected cybercriminals across 18 African nations, targeting schemes that affected roughly 88,000 victims. The operation, the second phase of Operation Serengeti carried out between June and August 2025, recovered about $97.4 million and dismantled 11,432 malicious infrastructures. Private-sector partners including Group-IB and TRM Labs contributed intelligence on cryptocurrency fraud and ransomware links.

🛡️Unit 42 explains why Muddled Libra receives outsized attention: the group uses a consistent playbook, industry-focused waves of attacks, and unusually convincing English-language vishing that makes attribution and impact more visible. In 2025 cases, about 50% led to DragonForce ransomware deployment and data exfiltration, heightening executive concern. The report highlights practical defenses such as Conditional Access Policies and analytic correlation with tools like Cortex XSIAM to detect and disrupt operations.

⚠ A ransomware attack attributed to the Royal group forced German insurer Einhaus Gruppe into insolvency after encrypted systems and locked servers halted operations. The spring 2023 incident left printers displaying a takeover message, prevented staff access to critical data, and generated a mid-seven-figure business disruption. Einhaus paid a ransom of roughly US $230,000, but prosecutors later seized cryptocurrency allegedly tied to the perpetrators, and the withheld funds impeded restructuring efforts and helped drive the company into bankruptcy.