Loading....

Explore the Halcyon Attacks Lookout

The Halcyon Attacks Lookout (or ‘HAL’ for short) is a recent ransomware attacks watchtower, built to provide tracking of attacks, groups and their victims. Given threat actors' overarching, lucrative success from ransomware attacks, they’ve become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

Recent Attack News

Visit All Attack News
NEW
January 7, 2025

Critical Infrastructure Ransomware Tracker Surpasses 2,000 Attacks

RaaS platforms provide tools that automate attack sequences, making it relatively simple for less skilled attackers to conduct ransomware operations...

Read More
NEW
January 7, 2025

Ransomware on the Move: Space Bears, LockBit, Cl0p, Rhysida

Halcyon publishes a quarterly RaaS and data extortion group guide, Power Rankings: Ransomware Malicious Quartile. Here's the ransomware gangs on the move last week: Space Bears, LockBit, Cl0p, and Rhysida...

Read More
NEW
January 6, 2025

Hunters International Claims 761.8GB Exfiltrated in Nikki-Universal Ransomware Attack

Hunters International has refined its targeting to focus on sectors with high ransom potential, including healthcare, financial services, and critical infrastructure...

Read More
NEW
January 6, 2025

Ransomware Attack Spurs Lawsuits Against PIH Health

Stolen data — including medical histories, diagnoses, treatments, and personal details — become leverage for extortion against both organizations and vulnerable individuals...

Read More
NEW
January 2, 2025

Ransomware on the Move: FunkSec, Fog, BlackBasta, Play

Halcyon publishes a quarterly RaaS and data extortion group reference guide, Power Rankings: Ransomware Malicious Quartile. Here's the ransomware gangs on the move last week: FunkSec, Fog, BlackBasta, and Play...

Read More
NEW
January 2, 2025

French IT Giant Atos Investigating Reported Ransomware Attack

Space Bears, a ransomware group linked to Phobos Ransomware as a Service (RaaS), emerged in April 2023 and has attacked at least 34 victims globally...

Read More

Explore the Ransomware Attacks Database

Dive into each Attack to read the full incident details. View Attacks by Group, Industry, and Country, using filters.

Attacks by Industry
Attacks by Groups
Attacks by Locations
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Tag
Showing 0 of 100
Healthcare ServicesHealthcare ServicesHealthcare ServicesHealthcare Services
Biodimed Faces Major Ransomware Breach by Stormous Group
Read more
Biodimed Faces Major Ransomware Breach by Stormous Group
Read More
Date
December 15, 2024
Ransomware group
Stormous
Location

Guayaquil,

Guayaquil, Ecuador

Ecuador
Industry
Healthcare Services
Victim
Biodimed
Healthcare ServicesHealthcare ServicesHealthcare ServicesHealthcare Services
Medusa Ransomware Strikes North Los Angeles County Regional Center
Read more
Medusa Ransomware Strikes North Los Angeles County Regional Center
Read More
Date
December 15, 2024
Ransomware group
Medusa
Location

Chatsworth, California

Chatsworth, USA

USA
Industry
Healthcare Services
Victim
North Los Angeles County Regional Center
GovernmentGovernmentGovernmentGovernment
Medusa Ransomware Strikes Westfield Fire Department NJ
Read more
Medusa Ransomware Strikes Westfield Fire Department NJ
Read More
Date
December 15, 2024
Ransomware group
Medusa
Location

Westfield, New Jersey

Westfield, USA

USA
Industry
Government
Victim
Westfield Fire Department
InsuranceInsuranceInsuranceInsurance
Medusa Ransomware Strikes R.H. Clarkson Insurance Group
Read more
Medusa Ransomware Strikes R.H. Clarkson Insurance Group
Read More
Date
December 15, 2024
Ransomware group
Medusa
Location

Louisville, Kentucky

Louisville, USA

USA
Industry
Insurance
Victim
RH Clarkson Insurance Group
FinanceFinanceFinanceFinance
Tumeny Payments Targeted by KillSec Ransomware Attack
Read more
Tumeny Payments Targeted by KillSec Ransomware Attack
Read More
Date
December 15, 2024
Ransomware group
Killsec
Location

Lusaka,

Lusaka, Zambia

Zambia
Industry
Finance
Victim
Tumeny Payments Limited
TransportationTransportationTransportationTransportation
KillSec Ransomware Targets JSSR Options in Thailand
Read more
KillSec Ransomware Targets JSSR Options in Thailand
Read More
Date
December 15, 2024
Ransomware group
Killsec
Location

Bang Bo District,

Bang Bo District, Thailand

Thailand
Industry
Transportation
Victim
JSSR Options Co., Ltd. (JSSR)
OrganizationsOrganizationsOrganizationsOrganizations
Funksec Ransomware Breach Exposes GSTPAM Data Vulnerabilities
Read more
Funksec Ransomware Breach Exposes GSTPAM Data Vulnerabilities
Read More
Date
December 15, 2024
Ransomware group
Funksec
Location

Mumbai,

Mumbai, India

India
Industry
Organizations
Victim
The Goods & Services Tax Practitioners' Association of Maharashtra
GovernmentGovernmentGovernmentGovernment
Funksec Ransomware Targets Ekiti State Government Systems
Read more
Funksec Ransomware Targets Ekiti State Government Systems
Read More
Date
December 15, 2024
Ransomware group
Funksec
Location

Ado Ekiti,

Ado Ekiti, Nigeria

Nigeria
Industry
Government
Victim
Ekiti State Government
Business ServicesBusiness ServicesBusiness ServicesBusiness Services
Ako Business Development Center Targeted by Funksec Ransomware
Read more
Ako Business Development Center Targeted by Funksec Ransomware
Read More
Date
December 15, 2024
Ransomware group
Funksec
Location

Lahijan,

Lahijan, Iran

Iran
Industry
Business Services
Victim
Ako Business Development Center
GovernmentGovernmentGovernmentGovernment
Rangia Municipal Board Faces Funksec Ransomware Breach
Read more
Rangia Municipal Board Faces Funksec Ransomware Breach
Read More
Date
December 15, 2024
Ransomware group
Funksec
Location

Rangia,

Rangia, India

India
Industry
Government
Victim
Rangia Municipal Board
EducationEducationEducationEducation
Funksec Ransomware Targets Arka Jain University Data
Read more
Funksec Ransomware Targets Arka Jain University Data
Read More
Date
December 15, 2024
Ransomware group
Funksec
Location

GAMHARIA,

GAMHARIA, India

India
Industry
Education
Victim
Arka Jain University
GovernmentGovernmentGovernmentGovernment
Pathsala Municipal Board Targeted by Funksec Ransomware Attack
Read more
Pathsala Municipal Board Targeted by Funksec Ransomware Attack
Read More
Date
December 15, 2024
Ransomware group
Funksec
Location

Pathsala,

Pathsala, India

India
Industry
Government
Victim
Pathsala Municipal Board
EducationEducationEducationEducation
BlackLock Ransomware Strikes First Baptist Church High Springs
Read more
BlackLock Ransomware Strikes First Baptist Church High Springs
Read More
Date
December 14, 2024
Ransomware group
ElDorado
Location

High Springs, Florida

High Springs, USA

USA
Industry
Education
Victim
First Baptist Church High Springs
GovernmentGovernmentGovernmentGovernment
Muswellbrook Shire Council Faces Ransomware Threat from SafePay
Read more
Muswellbrook Shire Council Faces Ransomware Threat from SafePay
Read More
Date
December 14, 2024
Ransomware group
SafePay
Location

Muswellbrook,

Muswellbrook, Australia

Australia
Industry
Government
Victim
Muswellbrook Shire Council
Law Firms & Legal ServicesLaw Firms & Legal ServicesLaw Firms & Legal ServicesLaw Firms & Legal Services
Levin Papantonio Rafferty Faces RansomHub Ransomware Threat
Read more
Levin Papantonio Rafferty Faces RansomHub Ransomware Threat
Read More
Date
December 14, 2024
Ransomware group
Ransomhub
Location

Pensacola, Florida

Pensacola, USA

USA
Industry
Law Firms & Legal Services
Victim
Levin Papantonio Rafferty
EducationEducationEducationEducation
Zetech University Hit by Funksec Ransomware Attack
Read more
Zetech University Hit by Funksec Ransomware Attack
Read More
Date
December 14, 2024
Ransomware group
Funksec
Location

Starehe,

Starehe, Kenya

Kenya
Industry
Education
Victim
Zetech University
GovernmentGovernmentGovernmentGovernment
Funksec Ransomware Breach Targets City of Skopje
Read more
Funksec Ransomware Breach Targets City of Skopje
Read More
Date
December 14, 2024
Ransomware group
Funksec
Location

Skopje,

Skopje, North Macedonia

North Macedonia
Industry
Government
Victim
City of Skopje
ConstructionConstructionConstructionConstruction
Kandelaar Elektrotechniek Faces Eldorado Ransomware Threat
Read more
Kandelaar Elektrotechniek Faces Eldorado Ransomware Threat
Read More
Date
December 14, 2024
Ransomware group
ElDorado
Location

De Kwakel,

De Kwakel, Netherlands

Netherlands
Industry
Construction
Victim
Kandelaar Electrotechniek
Media & InternetMedia & InternetMedia & InternetMedia & Internet
Lightspeed Design Faces Ransomware Threat from Eldorado Group
Read more
Lightspeed Design Faces Ransomware Threat from Eldorado Group
Read More
Date
December 14, 2024
Ransomware group
ElDorado
Location

Bellevue, Washington

Bellevue, USA

USA
Industry
Media & Internet
Victim
Light Speed Design
ManufacturingManufacturingManufacturingManufacturing
Midland Turbo Faces Ransomware Threat from BlackLock Group
Read more
Midland Turbo Faces Ransomware Threat from BlackLock Group
Read More
Date
December 14, 2024
Ransomware group
ElDorado
Location

Nottingham,

Nottingham, United Kingdom

United Kingdom
Industry
Manufacturing
Victim
Midland Turbo
Healthcare ServicesHealthcare ServicesHealthcare ServicesHealthcare Services
BianLian Ransomware Strikes Mid Florida Primary Care
Read more
BianLian Ransomware Strikes Mid Florida Primary Care
Read More
Date
December 14, 2024
Ransomware group
Bianlian
Location

Leesburg, Florida

Leesburg, USA

USA
Industry
Healthcare Services
Victim
Mid Florida Primary Care
InsuranceInsuranceInsuranceInsurance
BianLian Ransomware Strikes American Computer Estimating
Read more
BianLian Ransomware Strikes American Computer Estimating
Read More
Date
December 14, 2024
Ransomware group
Bianlian
Location

West Chester, Pennsylvania

West Chester, USA

USA
Industry
Insurance
Victim
American Computer Estimating Inc
Healthcare ServicesHealthcare ServicesHealthcare ServicesHealthcare Services
MedRevenu Faces Major Data Breach by BianLian Ransomware
Read more
MedRevenu Faces Major Data Breach by BianLian Ransomware
Read More
Date
December 14, 2024
Ransomware group
Bianlian
Location

Upland, California

Upland, USA

USA
Industry
Healthcare Services
Victim
MedRevenu Inc
ConstructionConstructionConstructionConstruction
RansomHub Hits Hashem Contracting in Major Saudi Cyberattack
Read more
RansomHub Hits Hashem Contracting in Major Saudi Cyberattack
Read More
Date
December 13, 2024
Ransomware group
Ransomhub
Location

Riyadh,

Riyadh, Saudi Arabia

Saudi Arabia
Industry
Construction
Victim
Hashem Contracting
RetailRetailRetailRetail
Kazyon Faces Ransomware Breach by Money Message Group
Read more
Kazyon Faces Ransomware Breach by Money Message Group
Read More
Date
December 13, 2024
Ransomware group
Money Message
Location

Cairo,

Cairo, Egypt

Egypt
Industry
Retail
Victim
Kazyon
EducationEducationEducationEducation
Archdiocese of Louisville Targeted by Kairos Ransomware Group
Read more
Archdiocese of Louisville Targeted by Kairos Ransomware Group
Read More
Date
December 13, 2024
Ransomware group
Kairos
Location

Louisville, Kentucky

Louisville, USA

USA
Industry
Education
Victim
Archdiocese of Louisville
Real EstateReal EstateReal EstateReal Estate
Tri County Property Management Breached by Kairos Ransomware
Read more
Tri County Property Management Breached by Kairos Ransomware
Read More
Date
December 13, 2024
Ransomware group
Kairos
Location

Sandwich, Illinois

Sandwich, USA

USA
Industry
Real Estate
Victim
Tri County Property Management
Healthcare ServicesHealthcare ServicesHealthcare ServicesHealthcare Services
AneticAid Targeted by Kairos Ransomware in Major Data Breach
Read more
AneticAid Targeted by Kairos Ransomware in Major Data Breach
Read More
Date
December 13, 2024
Ransomware group
Kairos
Location

Baildon,

Baildon, United Kingdom

United Kingdom
Industry
Healthcare Services
Victim
AneticAid
InsuranceInsuranceInsuranceInsurance
Funksec Ransomware Breach at Bee Insurance Corp
Read more
Funksec Ransomware Breach at Bee Insurance Corp
Read More
Date
December 13, 2024
Ransomware group
Funksec
Location

Lighthouse Point, Florida

Lighthouse Point, USA

USA
Industry
Insurance
Victim
Bee Insurance
InsuranceInsuranceInsuranceInsurance
Funksec Ransomware Breaches La Mundial de Seguros Data
Read more
Funksec Ransomware Breaches La Mundial de Seguros Data
Read More
Date
December 13, 2024
Ransomware group
Funksec
Location

Caracas,

Caracas, Venezuela

Venezuela
Industry
Insurance
Victim
La Mundial de Seguros
SoftwareSoftwareSoftwareSoftware
Funksec Cyberattack Exposes Fuse.io Blockchain Vulnerabilities
Read more
Funksec Cyberattack Exposes Fuse.io Blockchain Vulnerabilities
Read More
Date
December 13, 2024
Ransomware group
Funksec
Location

Tel Aviv-Yafo,

Tel Aviv-Yafo, Israel

Israel
Industry
Software
Victim
Fuse.io
Business ServicesBusiness ServicesBusiness ServicesBusiness Services
CiphBit Ransomware Strikes António Belém & Gonçalves SROC
Read more
CiphBit Ransomware Strikes António Belém & Gonçalves SROC
Read More
Date
December 13, 2024
Ransomware group
Ciphbit
Location

Lisboa,

Lisboa, Portugal

Portugal
Industry
Business Services
Victim
António Belém & António Gonçalves
No results found.
There are no results with this criteria. Try changing your search.
Load More

Ready to Get Resilient Against Ransomware?

An endpoint resiliency platform is a critical part of a strong security strategy to protect your business and continuity. Setup a meeting to learn more with a Halcyon expert today.
Learn More

Request removal

To submit a takedown request, please provide a clear identification of the content in question, including the URL(s) or page title, along with a brief description of what should be removed or revised. Clarify your relationship to the content in question. State the reason for your request, such as inaccuracy, privacy violation, intellectual property infringement, or defamation, and provide any supporting evidence. Include your full name, position (if relevant), and preferred contact details.

While Halcyon will comply with valid takedown requests, please note that our reporting conforms to fair use principles, and all information is sourced from publicly available data leak aggregator websites and public news sources.

Submit your request to [insert email] with the subject line: “Takedown Request – [Content/Entity Name].”Input the contact email where you would like the request to go to.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.