Loading....

A blue map of the world with a black background.

Explore the Halcyon Attacks Lookout

The Halcyon Attacks Lookout (or ‘HAL’ for short) is a recent ransomware attacks watchtower, built to provide tracking of attacks, groups and their victims. Given threat actors' overarching, lucrative success from ransomware attacks, they’ve become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

Ransomware Attacks Database

Attacks by Industry
Attacks by Groups
Attacks by Locations
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Tag
Showing 0 of 100
ManufacturingManufacturingManufacturingManufacturing
This is some text inside of a div block.
Read more
Inc Ransom Alleges Ransomware Attack on Manufacturing Company
Date
October 26, 2025
Ransomware group
Inc Ransom
Location

Mexico

Mexico
Industry
Manufacturing
ConstructionConstructionConstructionConstruction
This is some text inside of a div block.
Read more
Play Alleges Ransomware Attack on Kansas Construction Company
Date
October 26, 2025
Ransomware group
Play
Location

Kansas

USA

USA
Industry
Construction
TransportationTransportationTransportationTransportation
This is some text inside of a div block.
Read more
Coinbase Cartel Alleges Ransomware Attack on Transportation Company
Date
October 26, 2025
Ransomware group
Coinbase Cartel
Location

Canada

Canada
Industry
Transportation
GovernmentGovernmentGovernmentGovernment
This is some text inside of a div block.
Read more
Qilin Alleges Ransomware Attack on Alabama Government Company
Date
October 26, 2025
Ransomware group
Qilin
Location

Alabama

USA

USA
Industry
Government
This is some text inside of a div block.
Read more
Qilin Alleges Ransomware Attack on Company
Date
October 26, 2025
Ransomware group
Qilin
Location

Sweden

Sweden
Industry
TransportationTransportationTransportationTransportation
This is some text inside of a div block.
Read more
Everest Alleges Ransomware Attack on Transportation Company
Date
October 26, 2025
Ransomware group
Everest
Location

Ireland

Ireland
Industry
Transportation
RetailRetailRetailRetail
This is some text inside of a div block.
Read more
Nova Alleges Ransomware Attack on Retail Company
Date
October 25, 2025
Ransomware group
Nova
Location

France

France
Industry
Retail
Energy, Utilities & WasteEnergy, Utilities & WasteEnergy, Utilities & WasteEnergy, Utilities & Waste
This is some text inside of a div block.
Read more
Qilin Alleges Ransomware Attack on Energy, Utilities & Waste Company
Date
October 25, 2025
Ransomware group
Qilin
Location

Netherlands

Netherlands
Industry
Energy, Utilities & Waste
Energy, Utilities & WasteEnergy, Utilities & WasteEnergy, Utilities & WasteEnergy, Utilities & Waste
This is some text inside of a div block.
Read more
Everest Alleges Ransomware Attack on Energy, Utilities & Waste Company
Date
October 25, 2025
Ransomware group
Everest
Location

Sweden

Sweden
Industry
Energy, Utilities & Waste
Law Firms & Legal ServicesLaw Firms & Legal ServicesLaw Firms & Legal ServicesLaw Firms & Legal Services
This is some text inside of a div block.
Read more
Qilin Alleges Ransomware Attack on Kentucky Law Firms & Legal Services Company
Date
October 25, 2025
Ransomware group
Qilin
Location

Kentucky

USA

USA
Industry
Law Firms & Legal Services
ManufacturingManufacturingManufacturingManufacturing
This is some text inside of a div block.
Read more
Akira Alleges Ransomware Attack on Colorado Manufacturing Company
Date
October 25, 2025
Ransomware group
Akira
Location

Colorado

USA

USA
Industry
Manufacturing
FinanceFinanceFinanceFinance
This is some text inside of a div block.
Read more
Akira Alleges Ransomware Attack on Massachusetts Finance Company
Date
October 25, 2025
Ransomware group
Akira
Location

Massachusetts

USA

USA
Industry
Finance
ManufacturingManufacturingManufacturingManufacturing
This is some text inside of a div block.
Read more
Qilin Alleges Ransomware Attack on Connecticut Manufacturing Company
Date
October 25, 2025
Ransomware group
Qilin
Location

Connecticut

USA

USA
Industry
Manufacturing
ConstructionConstructionConstructionConstruction
This is some text inside of a div block.
Read more
Qilin Alleges Ransomware Attack on Construction Company
Date
October 25, 2025
Ransomware group
Qilin
Location

Denmark

Denmark
Industry
Construction
RetailRetailRetailRetail
This is some text inside of a div block.
Read more
Qilin Alleges Ransomware Attack on Texas Retail Company
Date
October 25, 2025
Ransomware group
Qilin
Location

Texas

USA

USA
Industry
Retail
TransportationTransportationTransportationTransportation
This is some text inside of a div block.
Read more
Everest Alleges Ransomware Attack on Transportation Company
Date
October 25, 2025
Ransomware group
Everest
Location

United Arab Emirates

United Arab Emirates
Industry
Transportation
RetailRetailRetailRetail
This is some text inside of a div block.
Read more
WorldLeaks Alleges Ransomware Attack on Kansas Retail Company
Date
October 24, 2025
Ransomware group
WorldLeaks
Location

Kansas

USA

USA
Industry
Retail
ManufacturingManufacturingManufacturingManufacturing
This is some text inside of a div block.
Read more
WorldLeaks Alleges Ransomware Attack on Texas Manufacturing Company
Date
October 24, 2025
Ransomware group
WorldLeaks
Location

Texas

USA

USA
Industry
Manufacturing
HospitalityHospitalityHospitalityHospitality
This is some text inside of a div block.
Read more
WorldLeaks Alleges Ransomware Attack on Texas Hospitality Company
Date
October 24, 2025
Ransomware group
WorldLeaks
Location

Texas

USA

USA
Industry
Hospitality
Law Firms & Legal ServicesLaw Firms & Legal ServicesLaw Firms & Legal ServicesLaw Firms & Legal Services
This is some text inside of a div block.
Read more
Silent Alleges Ransomware Attack on Oklahoma Law Firms & Legal Services Company
Date
October 24, 2025
Ransomware group
Silent
Location

Oklahoma

USA

USA
Industry
Law Firms & Legal Services
AgricultureAgricultureAgricultureAgriculture
This is some text inside of a div block.
Read more
Tengu Alleges Ransomware Attack on Agriculture Company
Date
October 24, 2025
Ransomware group
Tengu
Location

Morocco

Morocco
Industry
Agriculture
Business ServicesBusiness ServicesBusiness ServicesBusiness Services
This is some text inside of a div block.
Read more
Beast Alleges Ransomware Attack on Business Services Company
Date
October 24, 2025
Ransomware group
Beast
Location

Brazil

Brazil
Industry
Business Services
EducationEducationEducationEducation
This is some text inside of a div block.
Read more
Qilin Alleges Ransomware Attack on Education Company
Date
October 24, 2025
Ransomware group
Qilin
Location

Qatar

Qatar
Industry
Education
Real EstateReal EstateReal EstateReal Estate
This is some text inside of a div block.
Read more
SafePay Alleges Ransomware Attack on Massachusetts Real Estate Company
Date
October 24, 2025
Ransomware group
SafePay
Location

Massachusetts

USA

USA
Industry
Real Estate
HospitalityHospitalityHospitalityHospitality
This is some text inside of a div block.
Read more
SafePay Alleges Ransomware Attack on Hospitality Company
Date
October 24, 2025
Ransomware group
SafePay
Location

United Kingdom

United Kingdom
Industry
Hospitality
ManufacturingManufacturingManufacturingManufacturing
This is some text inside of a div block.
Read more
Lynx Alleges Ransomware Attack on Ohio Manufacturing Company
Date
October 24, 2025
Ransomware group
Lynx
Location

Ohio

USA

USA
Industry
Manufacturing
EducationEducationEducationEducation
This is some text inside of a div block.
Read more
Kryptos Alleges Ransomware Attack on Education Company
Date
October 24, 2025
Ransomware group
Kryptos
Location

India

India
Industry
Education
Business ServicesBusiness ServicesBusiness ServicesBusiness Services
This is some text inside of a div block.
Read more
SafePay Alleges Ransomware Attack on Business Services Company
Date
October 24, 2025
Ransomware group
SafePay
Location

Germany

Germany
Industry
Business Services
ConstructionConstructionConstructionConstruction
This is some text inside of a div block.
Read more
SafePay Alleges Ransomware Attack on Construction Company
Date
October 24, 2025
Ransomware group
SafePay
Location

Canada

Canada
Industry
Construction
Healthcare ServicesHealthcare ServicesHealthcare ServicesHealthcare Services
This is some text inside of a div block.
Read more
Qilin Alleges Ransomware Attack on Healthcare Services Company
Date
October 24, 2025
Ransomware group
Qilin
Location

Canada

Canada
Industry
Healthcare Services
Business ServicesBusiness ServicesBusiness ServicesBusiness Services
This is some text inside of a div block.
Read more
Chaos Alleges Ransomware Attack on Illinois Business Services Company
Date
October 24, 2025
Ransomware group
Chaos
Location

Illinois

USA

USA
Industry
Business Services
ManufacturingManufacturingManufacturingManufacturing
This is some text inside of a div block.
Read more
SafePay Alleges Ransomware Attack on Manufacturing Company
Date
October 24, 2025
Ransomware group
SafePay
Location

Japan

Japan
Industry
Manufacturing
No results found.
There are no results with this criteria. Try changing your search.
Load More

Disclaimer

The Halcyon Attacks Lookout Database is compiled using publicly available information based on the hosting choices of real-world threat actors and data from a variety of trackers. This information is provided in accordance with principles of fair use. Halcyon has made reasonable efforts to sanitize and verify the data; however, we do not guarantee the accuracy, completeness, or reliability of the information provided. Updates to the database are made as new source data becomes available from reputable sources.  By accessing, viewing, or using the information within the Halcyon Attacks Lookout Database, you acknowledge and agree to do so entirely at your own risk. No reliance should be placed upon the information for decision-making, and Halcyon disclaims all liability for any inaccuracies or omissions in the data.

Ready to Get Resilient Against Ransomware?

An endpoint resiliency platform is a critical part of a strong security strategy to protect your business and continuity. Setup a meeting to learn more with a Halcyon expert today.
Learn More

Request removal

To submit a takedown request, please provide a clear identification of the content in question, including the URL(s) or page title, along with a brief description of what should be removed or revised. Clarify your relationship to the content in question. State the reason for your request, such as inaccuracy, privacy violation, intellectual property infringement, or defamation, and provide any supporting evidence. Include your full name, position (if relevant), and preferred contact details.

While Halcyon will comply with valid takedown requests, please note that our reporting conforms to fair use principles, and all information is sourced from publicly available data leak aggregator websites and public news sources.

Submit your request to [insert email] with the subject line: “Takedown Request – [Content/Entity Name].”Input the contact email where you would like the request to go to.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.