The Halcyon Attacks Lookout (or ‘HAL’ for short) is a recent ransomware attacks watchtower, built to provide tracking of attacks, groups and their victims. Given threat actors' overarching, lucrative success from ransomware attacks, they’ve become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

Ransomware Attacks Database

All Attacks

Attacks by Industry

Commonly Attacked

Manufacturing

Business Services

Construction

Healthcare Services

Education

All Industries

Agriculture

Business Services

Construction

Consumer Services

Education

Energy, Utilities & Waste

Finance

Government

Healthcare Services

Holding Companies & Conglomerates

Hospitality

Hospitals & Physicians Clinics

Insurance

Law Firms & Legal Services

Manufacturing

Media & Internet

Minerals & Mining

Organizations

Real Estate

Retail

Software

Telecommunications

Transportation

Attacks by Groups

Top 5 ACtive Groups

Akira

Hunters International

Play

Ransomhub

Medusa

All Groups

0mega

3am

8base

Abyss

Akira

AlphaLocker

Alphv

Anubis

Apos

APT73

Arcus Media

Argonauts

Arkana

Arvinclub

Avoslocker

Beast

Bert

Bianlian

Blackbasta

Blackbyte

BlackLock

BlackNevas

Blackout

Black Suit

Bluebox

BrainCipher

Cactus

Chaos

Cheers

Cicada 3301

Ciphbit

Cloak

Clop

Conti

CrazyHunter

Crypto24

Cuba

D4RK4RMY

Daixin

dAn0n

Darkbit

Darkleakmarket

Darkrace

DarkVault

DataCarry

Devman

Dire Wolf

Dispossessor

Donex

Donut

Donutleaks

Dragonforce

Dunghill

ElDorado

Embargo

Everest

Flocker

Fog

Frag

Funksec

GDLockerSec

Ghost

Global

Gunra

Handala

HellCat

Helldown

Hiveleak

Hunters International

Icefire

IMN Crew

Inc Ransom

Interlock

Kairos

Karakurt

kawa4096

Kelvinsecurity

Killsec

Knight

Kraken

Lapsus

Lockbit

Lorenz

Lynx

Mad Liberator

Mallox

Marketo

Maze

Medusa

Meow

MetaEncryptor

Midas

Mindware

Money Message

Monti

Morpheus

Mountlocker

Nightsky

NightSpire

Nitrogen

Noescape

Nokoyawa

Notpetya

Nova

Onyx

Orca

Pandora

Payloadbin

PayoutsKING

PEAR

Play

Playboy

Qilin

Qiulong

Quantum

Ragnarlocker

Ra Group

RALord

Rancoz

Ransomcortex

Ransomedvc

Ransomexx

Ransomhouse

Ransomhub

RA World

RebornVC

Redalert

RedRansomware

Revil

Rhysida

Rook

Royal

RunSomeWares

Sabbath

SafePay

Sarcoma

SatanLockV2

SecP0

Securotrop

SenSayQ

Silent

Sinobi

Skira

Snatch

SpaceBears

Sparta

Stormous

Suncrypt

Team XXX

Termite

Threeam

Trigona

Trinity

Underground Team

Unknown

Unsafeleak

Valencia Leaks

VanHelsing

Vanirgroup

Vicesociety

Warlock

Werewolves

Weyhro

WorldLeaks

Yanluowang

Attacks by Locations

Commonly Attacked

USA

Canada

United Kingdom

United Arab Emirates

Brazil

All Groups

Andorra

Antigua And Barbuda

Argentina

Australia

Austria

Azerbaijan

Bahamas

Bahrain

Bangladesh

Barbados

Belarus

Belgium

Bermuda

Bolivia

Bosnia and Herzegovina

Botswana

Brazil

Bulgaria

Burkina Faso

Cambodia

Cameroon

Canada

Cape Verde

Cayman Islands

Chile

China

Colombia

Congo

Costa Rica

Croatia

Cuba

Curaçao

Cyprus

Czech Republic

Czechia

Côte d’Ivoire

Denmark

Djibouti

Dominican Republic

Ecuador

Egypt

El Salvador

Estonia

Ethiopia

Europe

Fiji

Finland

France

French Guiana

Georgia

Germany

Ghana

Greece

Guatemala

Honduras

Hong Kong

Hungary

Iceland

India

Indonesia

Iran

Iraq

Ireland

Isle Of Man

Israel

Italy

Jamaica

Japan

Jersey

Jordan

Kashmir

Kenya

Kiribati

Kuwait

Lebanon

Libya

Lithuania

Luxembourg

Malaysia

Maldives

Mali

Malta

Martinique

Mauritania

Mexico

Monaco

Mongolia

Montenegro

Morocco

Mosaic Eins

Myanmar

Namibia

Nepal

Netherlands

Netherlands Antilles

New Zealand

Nicaragua

Nigeria

North Macedonia

Norway

Oman

Pakistan

Palau

Panama

Papua New Guinea

Paraguay

Peru

Philippines

Poland

Portugal

Puerto Rico

Qatar

Republic Of Korea

Romania

Russia

Saint Vincent and the Grenadines

Saudi Arabia

Scotland

Senegal

Serbia

Singapore

Slovakia

Slovenia

South Africa

South Korea

Spain

Sri Lanka

Sudan

Sweden

Switzerland

Taiwan

Tanzania

Thailand

Timor-Leste

Trinidad and Tobago

Tunisia

Turkey

USA

Ukraine

United Arab Emirates

United Kingdom

Uruguay

Uzbekistan

Venezuela

Vietnam

Zambia

Zimbabwe

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Tag

Showing 0 of 100

This is some text inside of a div block.

Hiveleak Alleges Ransomware Attack on Oregon Telecommunications Company

Date

September 6, 2022

Ransomware group

Hiveleak

Location

Oregon

USA

Industry

Telecommunications

This is some text inside of a div block.

Lockbit Alleges Ransomware Attack on Stemwede Business Services Company

Date

September 5, 2022

Ransomware group

Lockbit

Location

Stemwede

Germany

Industry

Business Services

This is some text inside of a div block.

Lockbit Alleges Ransomware Attack on Maaseik Business Services Company

Date

September 5, 2022

Ransomware group

Lockbit

Location

Maaseik

Belgium

Industry

Business Services

This is some text inside of a div block.

Lockbit Alleges Ransomware Attack on Bologna Agriculture Company

Date

September 5, 2022

Ransomware group

Lockbit

Location

Bologna

Italy

Industry

Agriculture

This is some text inside of a div block.

Lockbit Alleges Ransomware Attack on Zwiesel Construction Company

Date

September 5, 2022

Ransomware group

Lockbit

Location

Zwiesel

Germany

Industry

Construction

This is some text inside of a div block.

Lockbit Alleges Ransomware Attack on Porto Business Services Company

Date

September 5, 2022

Ransomware group

Lockbit

Location

Porto

Portugal

Industry

Business Services

This is some text inside of a div block.

Lockbit Alleges Ransomware Attack on Samora Correia Manufacturing Company

Date

September 5, 2022

Ransomware group

Lockbit

Location

Samora Correia

Portugal

Industry

Manufacturing

This is some text inside of a div block.

Lockbit Alleges Ransomware Attack on Gorizia GO, Government Company

Date

September 5, 2022

Ransomware group

Lockbit

Location

Gorizia GO,

Italy

Industry

Government

This is some text inside of a div block.

Lockbit Alleges Ransomware Attack on Mexico Hospitality Company

Date

September 5, 2022

Ransomware group

Lockbit

Location

Mexico

Industry

Hospitality

This is some text inside of a div block.

Lockbit Alleges Ransomware Attack on Janeiro Energy, Utilities & Waste Company

Date

September 5, 2022

Ransomware group

Lockbit

Location

Janeiro

Brazil

Industry

Energy, Utilities & Waste

This is some text inside of a div block.

Blackbyte Alleges Ransomware Attack on Paulistano Media & Internet Company

Date

September 5, 2022

Ransomware group

Blackbyte

Location

Paulistano

Brazil

Industry

Media & Internet

This is some text inside of a div block.

Blackbasta Alleges Ransomware Attack on Viganello Healthcare Services Company

Date

September 5, 2022

Ransomware group

Blackbasta

Location

Viganello

Switzerland

Industry

Healthcare Services

This is some text inside of a div block.

Blackbasta Alleges Ransomware Attack on Helchteren Energy, Utilities & Waste Company

Date

September 5, 2022

Ransomware group

Blackbasta

Location

Helchteren

Belgium

Industry

Energy, Utilities & Waste

This is some text inside of a div block.

Blackbasta Alleges Ransomware Attack on Staunton Agriculture Company

Date

September 5, 2022

Ransomware group

Blackbasta

Location

Staunton

USA

Industry

Agriculture

This is some text inside of a div block.

Vicesociety Alleges Ransomware Attack on Wisconsin Education Company

Date

September 4, 2022

Ransomware group

Vicesociety

Location

Wisconsin

USA

Industry

Education

This is some text inside of a div block.

Lockbit Alleges Ransomware Attack on Kansas Retail Company

Date

September 4, 2022

Ransomware group

Lockbit

Location

Kansas

USA

Industry

Retail

This is some text inside of a div block.

Lockbit Alleges Ransomware Attack on Cundinamarca Media & Internet Company

Date

September 4, 2022

Ransomware group

Lockbit

Location

Cundinamarca

Colombia

Industry

Media & Internet

This is some text inside of a div block.

Blackbasta Alleges Ransomware Attack on Pennsylvania Media & Internet Company

Date

September 4, 2022

Ransomware group

Blackbasta

Location

Pennsylvania

USA

Industry

Media & Internet

This is some text inside of a div block.

Ransomexx Alleges Ransomware Attack on Federal Government Company

Date

September 3, 2022

Ransomware group

Ransomexx

Location

Federal

Brazil

Industry

Government

This is some text inside of a div block.

Bianlian Alleges Ransomware Attack on Florida Hospitality Company

Date

September 3, 2022

Ransomware group

Bianlian

Location

Florida

USA

Industry

Hospitality

This is some text inside of a div block.

Bianlian Alleges Ransomware Attack on Florida Retail Company

Date

September 3, 2022

Ransomware group

Bianlian

Location

Florida

USA

Industry

Retail

This is some text inside of a div block.

Ragnarlocker Alleges Ransomware Attack on Lisboa Transportation Company

Date

September 2, 2022

Ransomware group

Ragnarlocker

Location

Lisboa

Portugal

Industry

Transportation

This is some text inside of a div block.

Quantum Alleges Ransomware Attack on Santo Domingo Government Company

Date

September 2, 2022

Ransomware group

Quantum

Location

Santo Domingo

Dominican Republic

Industry

Government

This is some text inside of a div block.

Lockbit Alleges Ransomware Attack on California Business Services Company

Date

September 2, 2022

Ransomware group

Lockbit

Location

California

USA

Industry

Business Services

This is some text inside of a div block.

Hiveleak Alleges Ransomware Attack on Sheffield Construction Company

Date

September 2, 2022

Ransomware group

Hiveleak

Location

Sheffield

United Kingdom

Industry

Construction

This is some text inside of a div block.

Vicesociety Alleges Ransomware Attack on Pennsylvania Education Company

Date

September 1, 2022

Ransomware group

Vicesociety

Location

Pennsylvania

USA

Industry

Education

This is some text inside of a div block.

Revil Alleges Ransomware Attack on Maharashtra Manufacturing Company

Date

September 1, 2022

Ransomware group

Revil

Location

Maharashtra

India

Industry

Manufacturing

This is some text inside of a div block.

Quantum Alleges Ransomware Attack on California Business Services Company

Date

September 1, 2022

Ransomware group

Quantum

Location

California

USA

Industry

Business Services

This is some text inside of a div block.

Lockbit Alleges Ransomware Attack on new jersy Manufacturing Company

Date

September 1, 2022

Ransomware group

Lockbit

Location

new jersy

USA

Industry

Manufacturing

This is some text inside of a div block.

Lockbit Alleges Ransomware Attack on Connecticut Law Firms & Legal Services Company

Date

September 1, 2022

Ransomware group

Lockbit

Location

Connecticut

USA

Industry

Law Firms & Legal Services

This is some text inside of a div block.

Donutleaks Alleges Ransomware Attack on North Carolina Healthcare Services Company

Date

September 1, 2022

Ransomware group

Donutleaks

Location

North Carolina

USA

Industry

Healthcare Services

This is some text inside of a div block.

Cheers Alleges Ransomware Attack on Virginia Media & Internet Company

Date

September 1, 2022

Ransomware group

Cheers

Location

Virginia

USA

Industry

Media & Internet

Load More Attacks

251 / 302

No results found.

There are no results with this criteria. Try changing your search.

Disclaimer

The Halcyon Attacks Lookout Database is compiled using publicly available information based on the hosting choices of real-world threat actors and data from a variety of trackers. This information is provided in accordance with principles of fair use. Halcyon has made reasonable efforts to sanitize and verify the data; however, we do not guarantee the accuracy, completeness, or reliability of the information provided. Updates to the database are made as new source data becomes available from reputable sources. By accessing, viewing, or using the information within the Halcyon Attacks Lookout Database, you acknowledge and agree to do so entirely at your own risk. No reliance should be placed upon the information for decision-making, and Halcyon disclaims all liability for any inaccuracies or omissions in the data.

Ready to Get Resilient Against Ransomware?

An endpoint resiliency platform is a critical part of a strong security strategy to protect your business and continuity. Setup a meeting to learn more with a Halcyon expert today.

Learn More

Request removal

To submit a takedown request, please provide a clear identification of the content in question, including the URL(s) or page title, along with a brief description of what should be removed or revised. Clarify your relationship to the content in question. State the reason for your request, such as inaccuracy, privacy violation, intellectual property infringement, or defamation, and provide any supporting evidence. Include your full name, position (if relevant), and preferred contact details.

While Halcyon will comply with valid takedown requests, please note that our reporting conforms to fair use principles, and all information is sourced from publicly available data leak aggregator websites and public news sources.

Submit your request to [insert email] with the subject line: “Takedown Request – [Content/Entity Name].”Input the contact email where you would like the request to go to.

First name*

Last Name*

Email*

URL to remove*

Additional InformationPlease include information to support the removal of an entry, i.e. this is old data from a previous breach and not something new.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.