Loading....

Explore the Halcyon Attacks Lookout

The Halcyon Attacks Lookout (or ‘HAL’ for short) is a recent ransomware attacks watchtower, built to provide tracking of attacks, groups and their victims. Given threat actors' overarching, lucrative success from ransomware attacks, they’ve become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

Recent Attack News

Visit All Attack News
NEW
December 18, 2024

Number of Ransomware Operations Disrupted in 2024: Nearly Zero

It is increasingly untenable to leave individual organizations—many of which lack the resources or expertise—to fend for themselves against highly sophisticated adversaries...

Read More
NEW
December 17, 2024

Emerging Threat Actor: Lynx Ransomware

There is speculations that Lynx is a rebranding of INC ransomware, as the similarity in their source code strongly suggests that Lynx has inherited or acquired INC’s malware infrastructure...

Read More
NEW
December 17, 2024

Texas Tech University Health Sciences Center Ransomware Attack Impacts 1.5 Million Patients

Determining the extent of a breach—like the one involving TTUHSC—requires significant time, particularly in sectors like healthcare, where sensitive patient data is at risk...

Read More
NEW
December 16, 2024

Rhode Island Benefits System Down Following Attack on Deloitte

Brain Cipher has shown a diverse targeting strategy, attacking the public sector, critical infrastructure, and industries such as finance and manufacturing...

Read More
NEW
December 11, 2024

US Sanctions Chinese Firm for Exploiting Firewall Vulnerability in Ragnarok Ransomware Attacks

This highlights the overlap of cybercriminal and state-sponsored operations, blurring the lines between financially motivated attacks and geopolitically strategic campaigns...

Read More
NEW
December 10, 2024

Ransomware on the Move: Kairos, Argonauts, RansomHub, Akira

Halcyon publishes a quarterly RaaS and data extortion group reference guide, Power Rankings: Ransomware Malicious Quartile. Here's the ransomware gangs on the move last week: Kairos, Argonauts, RansomHub, and Akira...

Read More

Explore the Ransomware Attacks Database

Dive into each Attack to read the full incident details. View Attacks by Group, Industry, and Country, using filters.

Attacks by Industry
Attacks by Groups
Attacks by Locations
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Tag
Showing 0 of 100
EducationEducationEducationEducation
Funksec Ransomware Breach at National Centre for Financial Education
Read more
Funksec Ransomware Breach at National Centre for Financial Education
Read More
Date
December 8, 2024
Ransomware group
Funksec
Location

Navi Mumbai,

Navi Mumbai, India

India
Industry
Education
Victim
National Centre for Financial Education (NCFE)
Business ServicesBusiness ServicesBusiness ServicesBusiness Services
Securepoint GmbH Breached by Funksec in Major Ransomware Attack
Read more
Securepoint GmbH Breached by Funksec in Major Ransomware Attack
Read More
Date
December 8, 2024
Ransomware group
Funksec
Location

Lüneburg,

Lüneburg, Germany

Germany
Industry
Business Services
Victim
Securepoint GmbH
Energy, Utilities & WasteEnergy, Utilities & WasteEnergy, Utilities & WasteEnergy, Utilities & Waste
Gulf Petrochemical Services Targeted by Sarcoma Ransomware
Read more
Gulf Petrochemical Services Targeted by Sarcoma Ransomware
Read More
Date
December 8, 2024
Ransomware group
Sarcoma
Location

Muscat,

Muscat, Oman

Oman
Industry
Energy, Utilities & Waste
Victim
Gulf Petrochemical Services & Trading
GovernmentGovernmentGovernmentGovernment
Qilin Ransomware Strikes Whitestown Highway Department
Read more
Qilin Ransomware Strikes Whitestown Highway Department
Read More
Date
December 8, 2024
Ransomware group
Qilin
Location

Whitesboro, New York

Whitesboro, USA

USA
Industry
Government
Victim
Town of Whitestown, NY Highway Department
Healthcare ServicesHealthcare ServicesHealthcare ServicesHealthcare Services
Black Creek Health Centre Targeted by INC Ransom Cyberattack
Read more
Black Creek Health Centre Targeted by INC Ransom Cyberattack
Read More
Date
December 7, 2024
Ransomware group
Inc Ransom
Location

North York,

North York, Canada

Canada
Industry
Healthcare Services
Victim
Black Creek Community Health Centre
Energy, Utilities & WasteEnergy, Utilities & WasteEnergy, Utilities & WasteEnergy, Utilities & Waste
Everest Ransomware Strikes CO-VER Power Technology
Read more
Everest Ransomware Strikes CO-VER Power Technology
Read More
Date
December 7, 2024
Ransomware group
Everest
Location

Area Produttiva Stazione Fs VB,

Area Produttiva Stazione Fs VB, Italy

Italy
Industry
Energy, Utilities & Waste
Victim
CO-VER Power Technology SpA
ConstructionConstructionConstructionConstruction
Funksec Ransomware Targets Italian Firm Zero Cinque
Read more
Funksec Ransomware Targets Italian Firm Zero Cinque
Read More
Date
December 7, 2024
Ransomware group
Funksec
Location

Viareggio,

Viareggio, Italy

Italy
Industry
Construction
Victim
Zero Cinque
Healthcare ServicesHealthcare ServicesHealthcare ServicesHealthcare Services
ARC Community Services Targeted by INC Ransom Group
Read more
ARC Community Services Targeted by INC Ransom Group
Read More
Date
December 7, 2024
Ransomware group
Inc Ransom
Location

Madison, Wisconsin

Madison, USA

USA
Industry
Healthcare Services
Victim
Arc Community Services Inc
Business ServicesBusiness ServicesBusiness ServicesBusiness Services
Rhysida Ransomware Strikes Matlock Security Services
Read more
Rhysida Ransomware Strikes Matlock Security Services
Read More
Date
December 7, 2024
Ransomware group
Rhysida
Location

Tulsa, Oklahoma

Tulsa, USA

USA
Industry
Business Services
Victim
Matlock Security Services
FinanceFinanceFinanceFinance
KT Partners LLP Faces Ransomware Breach by SafePay
Read more
KT Partners LLP Faces Ransomware Breach by SafePay
Read More
Date
December 6, 2024
Ransomware group
SafePay
Location

Barrie,

Barrie, Canada

Canada
Industry
Finance
Victim
KT Partners
TransportationTransportationTransportationTransportation
8Base Ransomware Strikes Luka Rijeka Critical Port
Read more
8Base Ransomware Strikes Luka Rijeka Critical Port
Read More
Date
December 6, 2024
Ransomware group
8base
Location

Rijeka,

Rijeka, Croatia

Croatia
Industry
Transportation
Victim
Port of Rijeka
ManufacturingManufacturingManufacturingManufacturing
Pan Gulf Holding Faces Major Ransomware Threat by Sarcoma
Read more
Pan Gulf Holding Faces Major Ransomware Threat by Sarcoma
Read More
Date
December 6, 2024
Ransomware group
Sarcoma
Location

Al Khobar,

Al Khobar, Saudi Arabia

Saudi Arabia
Industry
Manufacturing
Victim
Pan Gulf Holding
SoftwareSoftwareSoftwareSoftware
Originpath Group Targeted by 8Base Ransomware in Major Breach
Read more
Originpath Group Targeted by 8Base Ransomware in Major Breach
Read More
Date
December 6, 2024
Ransomware group
8base
Location

Leganés,

Leganés, Spain

Spain
Industry
Software
Victim
Originpath Group
Consumer ServicesConsumer ServicesConsumer ServicesConsumer Services
PEZ Candy Faces Major Ransomware Threat from Abyss Group
Read more
PEZ Candy Faces Major Ransomware Threat from Abyss Group
Read More
Date
December 6, 2024
Ransomware group
Abyss
Location

Orange, Connecticut

Orange, USA

USA
Industry
Consumer Services
Victim
PEZ
TransportationTransportationTransportationTransportation
BianLian Ransomware Breaches LTI Trucking Services Data
Read more
BianLian Ransomware Breaches LTI Trucking Services Data
Read More
Date
December 6, 2024
Ransomware group
Bianlian
Location

Madison, Illinois

Madison, USA

USA
Industry
Transportation
Victim
LTI Trucking Services
ConstructionConstructionConstructionConstruction
DragonForce Ransomware Breach Exposes Precision Walls Data
Read more
DragonForce Ransomware Breach Exposes Precision Walls Data
Read More
Date
December 6, 2024
Ransomware group
Dragonforce
Location

Cary, North Carolina

Cary, USA

USA
Industry
Construction
Victim
Precision Walls
Healthcare ServicesHealthcare ServicesHealthcare ServicesHealthcare Services
MTI Inc Faces Major Data Breach by Everest Ransomware Group
Read more
MTI Inc Faces Major Data Breach by Everest Ransomware Group
Read More
Date
December 6, 2024
Ransomware group
Everest
Location

Clarence, New York

Clarence, USA

USA
Industry
Healthcare Services
Victim
MTI, Inc,
Business ServicesBusiness ServicesBusiness ServicesBusiness Services
RJM Marketing Targeted by Interlock Ransomware Group
Read more
RJM Marketing Targeted by Interlock Ransomware Group
Read More
Date
December 6, 2024
Ransomware group
Interlock
Location

Jackson, Michigan

Jackson, USA

USA
Industry
Business Services
Victim
RJM Marketing
ConstructionConstructionConstructionConstruction
Kairos Group Targets TM Equipment in Major Ransomware Breach
Read more
Kairos Group Targets TM Equipment in Major Ransomware Breach
Read More
Date
December 6, 2024
Ransomware group
Kairos
Location

Springfield, Massachusetts

Springfield, USA

USA
Industry
Construction
Victim
T&M Equipment
Law Firms & Legal ServicesLaw Firms & Legal ServicesLaw Firms & Legal ServicesLaw Firms & Legal Services
Medusa Ransomware Breaches Levicoff Law Firm Data
Read more
Medusa Ransomware Breaches Levicoff Law Firm Data
Read More
Date
December 6, 2024
Ransomware group
Medusa
Location

Pittsburgh, Pennsylvania

Pittsburgh, USA

USA
Industry
Law Firms & Legal Services
Victim
Levicoff Law Firm, P.C
Law Firms & Legal ServicesLaw Firms & Legal ServicesLaw Firms & Legal ServicesLaw Firms & Legal Services
Medusa Ransomware Strikes BRP Family Law Firm
Read more
Medusa Ransomware Strikes BRP Family Law Firm
Read More
Date
December 6, 2024
Ransomware group
Medusa
Location

Gaithersburg, Maryland

Gaithersburg, USA

USA
Industry
Law Firms & Legal Services
Victim
Brodsky Renehan Pearlstein & Bouquet, Chartered
ConstructionConstructionConstructionConstruction
RansomHub Targets Pro-MEC Engineering in Ransomware Breach
Read more
RansomHub Targets Pro-MEC Engineering in Ransomware Breach
Read More
Date
December 6, 2024
Ransomware group
Ransomhub
Location

Grand Ledge, Michigan

Grand Ledge, USA

USA
Industry
Construction
Victim
Pro-MEC Engineering
SoftwareSoftwareSoftwareSoftware
Blue Yonder Faces Major Ransomware Breach by Termite Group
Read more
Blue Yonder Faces Major Ransomware Breach by Termite Group
Read More
Date
December 6, 2024
Ransomware group
Termite
Location

Scottsdale, Arizona

Scottsdale, USA

USA
Industry
Software
Victim
Blue Yonder
RetailRetailRetailRetail
Casa Imports Faces Ransomware Threat from SafePay Group
Read more
Casa Imports Faces Ransomware Threat from SafePay Group
Read More
Date
December 6, 2024
Ransomware group
SafePay
Location

Utica, New York

Utica, USA

USA
Industry
Retail
Victim
Casa Imports
GovernmentGovernmentGovernmentGovernment
Funksec Ransomware Breach Targets Milliy Tiklanish Data
Read more
Funksec Ransomware Breach Targets Milliy Tiklanish Data
Read More
Date
December 6, 2024
Ransomware group
Funksec
Location

Ташкент,

Ташкент, Uzbekistan

Uzbekistan
Industry
Government
Victim
Milliy Tiklanish
SoftwareSoftwareSoftwareSoftware
Azape Faces Ransomware Breach by APT73
Read more
Azape Faces Ransomware Breach by APT73
Read More
Date
December 5, 2024
Ransomware group
APT73
Location

Porto Alegre,

Porto Alegre, Brazil

Brazil
Industry
Software
Victim
Azape
ManufacturingManufacturingManufacturingManufacturing
Dorner GmbH Faces Cyberattack by Fog Ransomware Group
Read more
Dorner GmbH Faces Cyberattack by Fog Ransomware Group
Read More
Date
December 5, 2024
Ransomware group
Fog
Location

Berlin,

Berlin, Germany

Germany
Industry
Manufacturing
Victim
Dorner GmbH
AgricultureAgricultureAgricultureAgriculture
Frigopesca Faces Major Ransomware Breach by RansomHub
Read more
Frigopesca Faces Major Ransomware Breach by RansomHub
Read More
Date
December 5, 2024
Ransomware group
Ransomhub
Location

Guayaquil,

Guayaquil, Ecuador

Ecuador
Industry
Agriculture
Victim
Frigopesca
FinanceFinanceFinanceFinance
Aptus Value Housing Finance India Ltd Targeted by SpaceBears
Read more
Aptus Value Housing Finance India Ltd Targeted by SpaceBears
Read More
Date
December 5, 2024
Ransomware group
SpaceBears
Location

Badvel,

Badvel, India

India
Industry
Finance
Victim
Aptus Value Housing Finance India Ltd
EducationEducationEducationEducation
Edizioni Dottrinari Targeted by Funksec Ransomware Attack
Read more
Edizioni Dottrinari Targeted by Funksec Ransomware Attack
Read More
Date
December 5, 2024
Ransomware group
Funksec
Location

Capezzano Inferiore,

Capezzano Inferiore, Italy

Italy
Industry
Education
Victim
Edizioni Dottrinari
Consumer ServicesConsumer ServicesConsumer ServicesConsumer Services
ITO EN Faces Ransomware Breach by Play Group
Read more
ITO EN Faces Ransomware Breach by Play Group
Read More
Date
December 5, 2024
Ransomware group
Play
Location

Shibuya,

Shibuya, Japan

Japan
Industry
Consumer Services
Victim
ITO EN
FinanceFinanceFinanceFinance
Alior Bank Faces Ransomware Threat from APT73
Read more
Alior Bank Faces Ransomware Threat from APT73
Read More
Date
December 5, 2024
Ransomware group
APT73
Location

Wejherowo,

Wejherowo, Poland

Poland
Industry
Finance
Victim
Alior Bank
No results found.
There are no results with this criteria. Try changing your search.
Load More

Ready to Get Resilient Against Ransomware?

An endpoint resiliency platform is a critical part of a strong security strategy to protect your business and continuity. Setup a meeting to learn more with a Halcyon expert today.
Learn More

Request removal

To submit a takedown request, please provide a clear identification of the content in question, including the URL(s) or page title, along with a brief description of what should be removed or revised. Clarify your relationship to the content in question. State the reason for your request, such as inaccuracy, privacy violation, intellectual property infringement, or defamation, and provide any supporting evidence. Include your full name, position (if relevant), and preferred contact details.

While Halcyon will comply with valid takedown requests, please note that our reporting conforms to fair use principles, and all information is sourced from publicly available data leak aggregator websites and public news sources.

Submit your request to [insert email] with the subject line: “Takedown Request – [Content/Entity Name].”Input the contact email where you would like the request to go to.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.