Loading....

Explore the Halcyon Attacks Lookout

The Halcyon Attacks Lookout (or ‘HAL’ for short) is a recent ransomware attacks watchtower, built to provide tracking of attacks, groups and their victims. Given threat actors' overarching, lucrative success from ransomware attacks, they’ve become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

Recent Attack News

Visit All Attack News
NEW
February 13, 2025

Ransomware Attack Linked to Known Chinese APT Tooling

While it is not unusual to see APT-level tradecraft in ransomware attacks, such operations have historically been linked to Russian or North Korean groups rather than Chinese actors...

Read More
NEW
February 12, 2025

US, UK and Australia Sanction Bulletproof Hosting Provider Linked to LockBit

Zservers criminal activities echo a concern raised in the Halcyon investigation into Cloudzy, another hosting provider implicated in supporting threat actors...

Read More
NEW
February 12, 2025

Ransomware on the Move: 8Base, Cactus, INC Ransom, Qilin

Halcyon publishes a quarterly RaaS and data extortion group guide, Power Rankings: Ransomware Malicious Quartile - here's the ransomware gangs on the move last week: 8Base, Cactus, INC Ransom, and Qilin...

Read More
NEW
February 10, 2025

Global Law Enforcement Operation Impacts 8Base Ransomware Leaks Site

Unlike traditional RaaS groups, 8Base does not openly recruit affiliates through a public platform, but instead appear to operate privately with a vetted group of attackers...

Read More
NEW
February 10, 2025

Ransomware Attack Shuts Down Municipal Systems in Tarrant, Alabama

Ransomware attacks on state and local governments are increasing at an alarming rate, exploiting outdated IT systems, budget constraints, and the critical nature of government services...

Read More
NEW
February 10, 2025

Ransomware on the Move: FunkSec, SpaceBears, Akira, RansomHub

Halcyon publishes a quarterly RaaS and data extortion group guide, Power Rankings: Ransomware Malicious Quartile - here's the ransomware gangs on the move last week: FunkSec, SpaceBears, Akira, RansomHub...

Read More

Explore the Ransomware Attacks Database

Dive into each Attack to read the full incident details. View Attacks by Group, Industry, and Country, using filters.

Attacks by Industry
Attacks by Groups
Attacks by Locations
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Tag
Showing 0 of 100
ManufacturingManufacturingManufacturingManufacturing
Stormous Group Claims Ransomware Attack on Turbo Machined Products
Read more
Stormous Group Claims Ransomware Attack on Turbo Machined Products
Read More
Date
February 2, 2025
Ransomware group
Stormous
Location

Frankfort, New York

Frankfort, USA

USA
Industry
Manufacturing
Victim
Turbo Machined Products (TMP),
ConstructionConstructionConstructionConstruction
JPC Group Allegedly Targeted by Abyss Ransomware Attack
Read more
JPC Group Allegedly Targeted by Abyss Ransomware Attack
Read More
Date
February 2, 2025
Ransomware group
Abyss
Location

Blackwood, New Jersey

Blackwood, USA

USA
Industry
Construction
Victim
JPC Group, Inc.
Healthcare ServicesHealthcare ServicesHealthcare ServicesHealthcare Services
LockBit 3.0 Ransomware Allegedly Targets USUHS Institution
Read more
LockBit 3.0 Ransomware Allegedly Targets USUHS Institution
Read More
Date
February 2, 2025
Ransomware group
Lockbit
Location

Bethesda, Maryland

Bethesda, USA

USA
Industry
Healthcare Services
Victim
Uniformed Services University of the Health Sciences
Business ServicesBusiness ServicesBusiness ServicesBusiness Services
BianLian Group Alleges Ransomware Attack on GAP
Read more
BianLian Group Alleges Ransomware Attack on GAP
Read More
Date
February 2, 2025
Ransomware group
Bianlian
Location

Austin, Texas

Austin, USA

USA
Industry
Business Services
Victim
Growth Acceleration Partners
Law Firms & Legal ServicesLaw Firms & Legal ServicesLaw Firms & Legal ServicesLaw Firms & Legal Services
BianLian Ransomware Allegedly Targets Ayres Law Firm
Read more
BianLian Ransomware Allegedly Targets Ayres Law Firm
Read More
Date
February 2, 2025
Ransomware group
Bianlian
Location

Draper, Utah

Draper, USA

USA
Industry
Law Firms & Legal Services
Victim
Ayres Law Firm
Healthcare ServicesHealthcare ServicesHealthcare ServicesHealthcare Services
BianLian Ransomware Group Alleges Brevard Medical Data Breach
Read more
BianLian Ransomware Group Alleges Brevard Medical Data Breach
Read More
Date
February 2, 2025
Ransomware group
Bianlian
Location

Melbourne, Florida

Melbourne, USA

USA
Industry
Healthcare Services
Victim
Medical Associates of Brevard
SoftwareSoftwareSoftwareSoftware
BianLian Group Alleges Ransomware Attack on Cyrious Software
Read more
BianLian Group Alleges Ransomware Attack on Cyrious Software
Read More
Date
February 2, 2025
Ransomware group
Bianlian
Location

Baton Rouge, Louisiana

Baton Rouge, USA

USA
Industry
Software
Victim
Cyrious Software
Business ServicesBusiness ServicesBusiness ServicesBusiness Services
LockBit Ransomware Allegedly Hits Topackt IT Solutions GmbH
Read more
LockBit Ransomware Allegedly Hits Topackt IT Solutions GmbH
Read More
Date
February 2, 2025
Ransomware group
Lockbit
Location

Speyer,

Speyer, Germany

Germany
Industry
Business Services
Victim
Topackt IT Solutions GmbH
GovernmentGovernmentGovernmentGovernment
BianLian Ransomware Group Allegedly Targets Chicago Civic Committee
Read more
BianLian Ransomware Group Allegedly Targets Chicago Civic Committee
Read More
Date
February 2, 2025
Ransomware group
Bianlian
Location

Chicago, Illinois

Chicago, USA

USA
Industry
Government
Victim
Civic Committee
Healthcare ServicesHealthcare ServicesHealthcare ServicesHealthcare Services
KillSec Allegedly Breaches NanoHealth in Ransomware Attack
Read more
KillSec Allegedly Breaches NanoHealth in Ransomware Attack
Read More
Date
February 1, 2025
Ransomware group
Killsec
Location

Hyderabad,

Hyderabad, India

India
Industry
Healthcare Services
Victim
Nano Health
Energy, Utilities & WasteEnergy, Utilities & WasteEnergy, Utilities & WasteEnergy, Utilities & Waste
Indonesian Water Supplier Alleges Ransomware Attack by Funksec
Read more
Indonesian Water Supplier Alleges Ransomware Attack by Funksec
Read More
Date
February 1, 2025
Ransomware group
Funksec
Location

Cimahi,

Cimahi, Indonesia

Indonesia
Industry
Energy, Utilities & Waste
Victim
PT Tirta Raharja Perkasa
ConstructionConstructionConstructionConstruction
SpaceBears Allegedly Targets Cambridgeport Construction in Cyberattack
Read more
SpaceBears Allegedly Targets Cambridgeport Construction in Cyberattack
Read More
Date
February 1, 2025
Ransomware group
SpaceBears
Location

Milton, Massachusetts

Milton, USA

USA
Industry
Construction
Victim
Cambridgeport Construction LLC
RetailRetailRetailRetail
Lynx Group Claims Ransomware Attack on Zamzows in Idaho
Read more
Lynx Group Claims Ransomware Attack on Zamzows in Idaho
Read More
Date
February 1, 2025
Ransomware group
Lynx
Location

Boise, Idaho

Boise, USA

USA
Industry
Retail
Victim
Zamzow's
RetailRetailRetailRetail
Lynx Group Claims Ransomware Attack on Wireless Solutions
Read more
Lynx Group Claims Ransomware Attack on Wireless Solutions
Read More
Date
February 1, 2025
Ransomware group
Lynx
Location

Greer, South Carolina

Greer, USA

USA
Industry
Retail
Victim
Wireless Solutions
TelecommunicationsTelecommunicationsTelecommunicationsTelecommunications
Funksec Alleges Major Data Breach at MyISP.live
Read more
Funksec Alleges Major Data Breach at MyISP.live
Read More
Date
February 1, 2025
Ransomware group
Funksec
Location

Beirut,

Beirut, Lebanon

Lebanon
Industry
Telecommunications
Victim
Myisp.live
TelecommunicationsTelecommunicationsTelecommunicationsTelecommunications
Funksec Ransomware Group Alleges Data Breach at FiberSkyNet
Read more
Funksec Ransomware Group Alleges Data Breach at FiberSkyNet
Read More
Date
February 1, 2025
Ransomware group
Funksec
Location

Broummana,

Broummana, Lebanon

Lebanon
Industry
Telecommunications
Victim
FiberSkyNet
TransportationTransportationTransportationTransportation
Utilíssimo Transportes Alleges Ransomware Attack by ArcusMedia
Read more
Utilíssimo Transportes Alleges Ransomware Attack by ArcusMedia
Read More
Date
February 1, 2025
Ransomware group
Arcus Media
Location

São Paulo,

São Paulo, Brazil

Brazil
Industry
Transportation
Victim
Utilissimo Transportes
ConstructionConstructionConstructionConstruction
Arcus Media Claims Ransomware Attack on Gattelli Prefabbricati
Read more
Arcus Media Claims Ransomware Attack on Gattelli Prefabbricati
Read More
Date
February 1, 2025
Ransomware group
Arcus Media
Location

Russi,

Russi, Italy

Italy
Industry
Construction
Victim
GATTELLI SpA
ManufacturingManufacturingManufacturingManufacturing
Arcus Media Allegedly Ransomware Attacks Brazilian Firm Technico
Read more
Arcus Media Allegedly Ransomware Attacks Brazilian Firm Technico
Read More
Date
February 1, 2025
Ransomware group
Arcus Media
Location

Jaboatão dos Guararapes,

Jaboatão dos Guararapes, Brazil

Brazil
Industry
Manufacturing
Victim
Technico
Business ServicesBusiness ServicesBusiness ServicesBusiness Services
Eascon Contabilidade Alleges Ransomware Attack by Arcus Media
Read more
Eascon Contabilidade Alleges Ransomware Attack by Arcus Media
Read More
Date
February 1, 2025
Ransomware group
Arcus Media
Location

São Paulo,

São Paulo, Brazil

Brazil
Industry
Business Services
Victim
Eascon Contabilidade
GovernmentGovernmentGovernmentGovernment
Héron Municipality Alleges Data Breach by 8Base Ransomware Group
Read more
Héron Municipality Alleges Data Breach by 8Base Ransomware Group
Read More
Date
February 1, 2025
Ransomware group
8base
Location

Héron,

Héron, Belgium

Belgium
Industry
Government
Victim
Héron
ConstructionConstructionConstructionConstruction
Tan Teck Seng Electric Allegedly Hit by 8Base Ransomware Attack
Read more
Tan Teck Seng Electric Allegedly Hit by 8Base Ransomware Attack
Read More
Date
February 1, 2025
Ransomware group
8base
Location

Singapore,

Singapore, Singapore

Singapore
Industry
Construction
Victim
Tan Teck Seng Electric (Co) Pte Ltd
EducationEducationEducationEducation
St. Nicholas School Allegedly Targeted by 8Base Ransomware Group
Read more
St. Nicholas School Allegedly Targeted by 8Base Ransomware Group
Read More
Date
February 1, 2025
Ransomware group
8base
Location

São Paulo,

São Paulo, Brazil

Brazil
Industry
Education
Victim
St. Nicholas School
EducationEducationEducationEducation
8Base Ransomware Group Alleges Attack on High Learn Ltd
Read more
8Base Ransomware Group Alleges Attack on High Learn Ltd
Read More
Date
February 1, 2025
Ransomware group
3am
Location

London,

London, United Kingdom

United Kingdom
Industry
Education
Victim
High Learn Ltd
Consumer ServicesConsumer ServicesConsumer ServicesConsumer Services
Medusa Ransomware Group Alleges Attack on Beauty Works Spa
Read more
Medusa Ransomware Group Alleges Attack on Beauty Works Spa
Read More
Date
January 31, 2025
Ransomware group
Medusa
Location

Belleville,

Belleville, Canada

Canada
Industry
Consumer Services
Victim
Beauty Works Spa
ManufacturingManufacturingManufacturingManufacturing
DragonForce Ransomware Allegedly Compromises Farrar Corporation Data
Read more
DragonForce Ransomware Allegedly Compromises Farrar Corporation Data
Read More
Date
January 31, 2025
Ransomware group
Dragonforce
Location

Manhattan, Kansas

Manhattan, USA

USA
Industry
Manufacturing
Victim
Farrar Corporation
ManufacturingManufacturingManufacturingManufacturing
Medusa Ransomware Group Alleges Major Breach at Trimaco Inc
Read more
Medusa Ransomware Group Alleges Major Breach at Trimaco Inc
Read More
Date
January 31, 2025
Ransomware group
Medusa
Location

Morrisville, North Carolina

Morrisville, USA

USA
Industry
Manufacturing
Victim
Trimaco, Inc
Consumer ServicesConsumer ServicesConsumer ServicesConsumer Services
Medusa Ransomware Allegedly Disrupts Fayez Spa Operations
Read more
Medusa Ransomware Allegedly Disrupts Fayez Spa Operations
Read More
Date
January 31, 2025
Ransomware group
Medusa
Location

London,

London, Canada

Canada
Industry
Consumer Services
Victim
Fayez Spa
ManufacturingManufacturingManufacturingManufacturing
Qilin Ransomware Group Alleges Major Data Breach at Hikari Seiko
Read more
Qilin Ransomware Group Alleges Major Data Breach at Hikari Seiko
Read More
Date
January 31, 2025
Ransomware group
Qilin
Location

Higashiosaka,

Higashiosaka, Japan

Japan
Industry
Manufacturing
Victim
HIKARI SEIKO
ManufacturingManufacturingManufacturingManufacturing
Qilin Ransomware Group Alleges Breach of HEXPOL Compounding
Read more
Qilin Ransomware Group Alleges Breach of HEXPOL Compounding
Read More
Date
January 31, 2025
Ransomware group
Qilin
Location

Malmö,

Malmö, Sweden

Sweden
Industry
Manufacturing
Victim
HEXPOL AB
Business ServicesBusiness ServicesBusiness ServicesBusiness Services
Qilin Ransomware Group Alleges Breach of Akran's Client Data
Read more
Qilin Ransomware Group Alleges Breach of Akran's Client Data
Read More
Date
January 31, 2025
Ransomware group
Qilin
Location

Roma,

Roma, Italy

Italy
Industry
Business Services
Victim
Akran
EducationEducationEducationEducation
Rhysida Group Alleges Ransomware Attack on Pembina Trails School
Read more
Rhysida Group Alleges Ransomware Attack on Pembina Trails School
Read More
Date
January 31, 2025
Ransomware group
Rhysida
Location

Winnipeg,

Winnipeg, Canada

Canada
Industry
Education
Victim
Pembina Trails School Division
No results found.
There are no results with this criteria. Try changing your search.
Load More

Disclaimer

The Halcyon Attacks Lookout Database is compiled using publicly available information based on the hosting choices of real-world threat actors and data from a variety of trackers. This information is provided in accordance with principles of fair use. Halcyon has made reasonable efforts to sanitize and verify the data; however, we do not guarantee the accuracy, completeness, or reliability of the information provided. Updates to the database are made as new source data becomes available from reputable sources.  By accessing, viewing, or using the information within the Halcyon Attacks Lookout Database, you acknowledge and agree to do so entirely at your own risk. No reliance should be placed upon the information for decision-making, and Halcyon disclaims all liability for any inaccuracies or omissions in the data.

Ready to Get Resilient Against Ransomware?

An endpoint resiliency platform is a critical part of a strong security strategy to protect your business and continuity. Setup a meeting to learn more with a Halcyon expert today.
Learn More

Request removal

To submit a takedown request, please provide a clear identification of the content in question, including the URL(s) or page title, along with a brief description of what should be removed or revised. Clarify your relationship to the content in question. State the reason for your request, such as inaccuracy, privacy violation, intellectual property infringement, or defamation, and provide any supporting evidence. Include your full name, position (if relevant), and preferred contact details.

While Halcyon will comply with valid takedown requests, please note that our reporting conforms to fair use principles, and all information is sourced from publicly available data leak aggregator websites and public news sources.

Submit your request to [insert email] with the subject line: “Takedown Request – [Content/Entity Name].”Input the contact email where you would like the request to go to.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.