The Map is Being Updated with Attacks

Explore the Halcyon Attacks Lookout

The Halcyon Attacks Lookout (or ‘HAL’ for short) is a recent ransomware attacks watchtower, built to provide tracking of attacks, groups and their victims. Given threat actors' overarching, lucrative success from ransomware attacks, they’ve become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

Recent Attack News

Visit All Attack News
NEW
November 18, 2024

Oklahoma Medical Center Ransomware Attack Exposes Data for 133,000

The attack highlights a disturbing trend: cybercriminals now aim not only to paralyze healthcare systems but also to weaponize stolen data to extort individuals and institutions...

Read More
NEW
November 18, 2024

Ransomware on the Move: Helldown, Lynx, Medusa, RansomHub

Halcyon publishes a quarterly RaaS and data extortion group reference guide, Power Rankings: Ransomware Malicious Quartile. Here's the #ransomware gangs on the move last week: Helldown, Lynx, Medusa, and RansomHub...

Read More
NEW
November 18, 2024

Embargo Ransomware Group Disrupts American Associated Pharmacies

Embargo deploys MDeployer, a specialized loader, and MS4Killer, an endpoint detection and response (EDR) killer, allowing the attackers to bypass defenses with remarkable precision...

Read More
NEW
November 18, 2024

RansomHub Claims Attack on Government of Mexico

Strategic target selection has been a hallmark of RansomHub’s approach, initially focusing on healthcare due to the sensitive and lucrative nature of its data...

Read More
NEW
November 13, 2024

January Ransomware Attack on BBS Financial Included Data Breach

Targeted organizations are not only victimized by ransomware operators, they may be revictimized by an over-zealous legal and regulatory environment...

Read More
NEW
November 12, 2024

Ransomware on the Move: 3AM, Play, Qilin, RansomHub

Halcyon publishes a quarterly RaaS and data extortion group reference guide, Power Rankings: Ransomware Malicious Quartile. Here's the ransomware gangs on the move last week: 3AM, Play, Qilin, and RansomHub…

Read More

Explore the Ransomware Attacks Database

Dive into each Attack to read the full incident details. View Attacks by Group, Industry, and Country, using filters.

Attacks by Industry
Attacks by Groups
Attacks by Locations
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Tag
Showing 0 of 100
Healthcare ServicesHealthcare ServicesHealthcare ServicesHealthcare Services
OxyHealth Ransomware Breach: KillSec Targets Healthcare Data
Read more
OxyHealth Ransomware Breach: KillSec Targets Healthcare Data
Read More
Date
November 10, 2024
Ransomware group
Killsec
Location

Santa Fe Springs, California

Santa Fe Springs, USA

USA
Industry
Healthcare Services
Victim
OxyHealth
Healthcare ServicesHealthcare ServicesHealthcare ServicesHealthcare Services
BianLian Ransomware Hits Immuno Laboratories in Data Breach
Read more
BianLian Ransomware Hits Immuno Laboratories in Data Breach
Read More
Date
November 10, 2024
Ransomware group
Bianlian
Location

Fort Lauderdale, Florida

Fort Lauderdale, USA

USA
Industry
Healthcare Services
Victim
Immuno Laboratories, Inc
RetailRetailRetailRetail
Nebraskaland Hit by Lynx Ransomware Disrupting Operations
Read more
Nebraskaland Hit by Lynx Ransomware Disrupting Operations
Read More
Date
November 9, 2024
Ransomware group
Lynx
Location

Bronx, New York

Bronx, USA

USA
Industry
Retail
Victim
Nebraskaland
Law Firms & Legal ServicesLaw Firms & Legal ServicesLaw Firms & Legal ServicesLaw Firms & Legal Services
BianLian Ransomware Hits Palmisano & Goodman Law Firm
Read more
BianLian Ransomware Hits Palmisano & Goodman Law Firm
Read More
Date
November 9, 2024
Ransomware group
Bianlian
Location

Woodbridge, New Jersey

Woodbridge, USA

USA
Industry
Law Firms & Legal Services
Victim
Palmisano & Goodman, P.A.
Healthcare ServicesHealthcare ServicesHealthcare ServicesHealthcare Services
Emefarma Group Hit by APT73 Ransomware Attack in Brazil
Read more
Emefarma Group Hit by APT73 Ransomware Attack in Brazil
Read More
Date
November 9, 2024
Ransomware group
APT73
Location

Rio de Janeiro,

Rio de Janeiro, Brazil

Brazil
Industry
Healthcare Services
Victim
Emefarma Group
ManufacturingManufacturingManufacturingManufacturing
Siltech Corporation Hit by Lynx Ransomware: Key Details
Read more
Siltech Corporation Hit by Lynx Ransomware: Key Details
Read More
Date
November 9, 2024
Ransomware group
Lynx
Location

East York,

East York, Canada

Canada
Industry
Manufacturing
Victim
Siltech Corporation
TransportationTransportationTransportationTransportation
BianLian Ransomware Hits Air Transport Services Group
Read more
BianLian Ransomware Hits Air Transport Services Group
Read More
Date
November 9, 2024
Ransomware group
Bianlian
Location

New York, New York

New York, USA

USA
Industry
Transportation
Victim
ATSG, Inc
ConstructionConstructionConstructionConstruction
Meow Ransomware Hits Finger Beton Unternehmensgruppe in Germany
Read more
Meow Ransomware Hits Finger Beton Unternehmensgruppe in Germany
Read More
Date
November 9, 2024
Ransomware group
Meow
Location

Idar-Oberstein,

Idar-Oberstein, Germany

Germany
Industry
Construction
Victim
Finger Beton Unternehmensgruppe
ManufacturingManufacturingManufacturingManufacturing
Karman Inc. Hit by Meow Ransomware, 148GB Data Compromised
Read more
Karman Inc. Hit by Meow Ransomware, 148GB Data Compromised
Read More
Date
November 9, 2024
Ransomware group
Meow
Location

Aurora, Colorado

Aurora, USA

USA
Industry
Manufacturing
Victim
Karman Inc
ManufacturingManufacturingManufacturingManufacturing
BianLian Ransomware Hits Mizuno USA Exposing Sensitive Data
Read more
BianLian Ransomware Hits Mizuno USA Exposing Sensitive Data
Read More
Date
November 9, 2024
Ransomware group
Bianlian
Location

Norcross, Georgia

Norcross, USA

USA
Industry
Manufacturing
Victim
Mizuno (USA)
ConstructionConstructionConstructionConstruction
WIMCO Corp Hit by Lynx Ransomware: Cybersecurity Lessons
Read more
WIMCO Corp Hit by Lynx Ransomware: Cybersecurity Lessons
Read More
Date
November 9, 2024
Ransomware group
Lynx
Location

Washington, North Carolina

Washington, USA

USA
Industry
Construction
Victim
WimCoCorp
EducationEducationEducationEducation
Rhysida Ransomware Hits Granite School District in Utah
Read more
Rhysida Ransomware Hits Granite School District in Utah
Read More
Date
November 9, 2024
Ransomware group
Rhysida
Location

South Salt Lake, Utah

South Salt Lake, USA

USA
Industry
Education
Victim
Granite School District
SoftwareSoftwareSoftwareSoftware
RansomHub Strikes BitQuail: Major Data Breach in Poland
Read more
RansomHub Strikes BitQuail: Major Data Breach in Poland
Read More
Date
November 9, 2024
Ransomware group
Ransomhub
Location

Rzeszów,

Rzeszów, Poland

Poland
Industry
Software
Victim
BitQuail
Healthcare ServicesHealthcare ServicesHealthcare ServicesHealthcare Services
BianLian Ransomware Hits Healthcare Management Systems
Read more
BianLian Ransomware Hits Healthcare Management Systems
Read More
Date
November 8, 2024
Ransomware group
Bianlian
Location

Richmond, Virginia

Richmond, USA

USA
Industry
Healthcare Services
Victim
Healthcare Management Systems
Real EstateReal EstateReal EstateReal Estate
Assurified Hit by APT73 Ransomware: Real Estate Sector Alert
Read more
Assurified Hit by APT73 Ransomware: Real Estate Sector Alert
Read More
Date
November 8, 2024
Ransomware group
APT73
Location

Wilmington, Delaware

Wilmington, USA

USA
Industry
Real Estate
Victim
Assurified
RetailRetailRetailRetail
Ransomware Attack on Lift Kits 4 Less by APT73 Exposes Data
Read more
Ransomware Attack on Lift Kits 4 Less by APT73 Exposes Data
Read More
Date
November 8, 2024
Ransomware group
APT73
Location

Las Vegas, Nevada

Las Vegas, USA

USA
Industry
Retail
Victim
Lift Kits 4 Less
RetailRetailRetailRetail
APT73 Ransomware Attack Disrupts Botiga's Operations in Uruguay
Read more
APT73 Ransomware Attack Disrupts Botiga's Operations in Uruguay
Read More
Date
November 8, 2024
Ransomware group
APT73
Location

Montevideo,

Montevideo, Uruguay

Uruguay
Industry
Retail
Victim
Botiga
RetailRetailRetailRetail
Otto Simon Hit by Cactus Ransomware Group in Major Data Breach
Read more
Otto Simon Hit by Cactus Ransomware Group in Major Data Breach
Read More
Date
November 8, 2024
Ransomware group
Cactus
Location

Cheadle,

Cheadle, United Kingdom

United Kingdom
Industry
Retail
Victim
Otto Simon
Business ServicesBusiness ServicesBusiness ServicesBusiness Services
VBÜ Zrt Hit by INC Ransom: Major Ransomware Breach in Hungary
Read more
VBÜ Zrt Hit by INC Ransom: Major Ransomware Breach in Hungary
Read More
Date
November 8, 2024
Ransomware group
Inc Ransom
Location

Budapest,

Budapest, Hungary

Hungary
Industry
Business Services
Victim
VBÜ Zrt
Hospitals & Physicians ClinicsHospitals & Physicians ClinicsHospitals & Physicians ClinicsHospitals & Physicians Clinics
SpaceBears Ransomware Hits Intermed Hospital in Mongolia
Read more
SpaceBears Ransomware Hits Intermed Hospital in Mongolia
Read More
Date
November 8, 2024
Ransomware group
SpaceBears
Location

Ulaanbaatar,

Ulaanbaatar, Mongolia

Mongolia
Industry
Hospitals & Physicians Clinics
Victim
Intermed Hospital Mongolia
No results found.
There are no results with this criteria. Try changing your search.
Load More

Ready to Get Resilient Against Ransomware?

An endpoint resiliency platform is a critical part of a strong security strategy to protect your business and continuity. Setup a meeting to learn more with a Halcyon expert today.
Learn More

Request removal

To submit a takedown request, please provide a clear identification of the content in question, including the URL(s) or page title, along with a brief description of what should be removed or revised. Clarify your relationship to the content in question. State the reason for your request, such as inaccuracy, privacy violation, intellectual property infringement, or defamation, and provide any supporting evidence. Include your full name, position (if relevant), and preferred contact details.

While Halcyon will comply with valid takedown requests, please note that our reporting conforms to fair use principles, and all information is sourced from publicly available data leak aggregator websites and public news sources.

Submit your request to [insert email] with the subject line: “Takedown Request – [Content/Entity Name].”Input the contact email where you would like the request to go to.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.