This report summarizes recent ransomware attacks across various sectors, detailing the victims, threat actors, and available information on the incidents. Due to the nature of ransomware attacks and the often-redacted information publicly available, details may be limited in some cases. The information presented here is compiled from publicly available sources and should not be considered exhaustive.
Note: No files or stolen information are hosted or disclosed in this report. Any legal issues relating to the content of the files should be directed at the attackers directly. This summary is solely for informational purposes.
Ceratec Surfaces – Abyss
Threat Actor: Abyss
Victim: Ceratec Surfaces
Industry: Flooring Products (Home and Commercial)
Details of Breach: Ceratec Surfaces, based in Quebec, Canada, has been identified as a ransomware leak victim. The breach involved the potential exposure of sensitive information, affecting three user accounts. While specific details about the compromised data have not been distinctly disclosed, the leak raises significant concerns about the security of sensitive information. No visual content or download links were reported, leaving the specifics of the data unclear. The incident highlights the importance of robust cybersecurity measures in protecting critical business data.
Klesk Metal Stamping Co – Fog
Threat Actor: Fog
Victim: Klesk Metal Stamping Co
Industry: Manufacturing
Details of Breach: Klesk Metal Stamping has experienced significant data exposure, with a reported total data volume of approximately 2.2 GB. The leak includes sensitive employee information such as medical records, driver license numbers, and contact details, indicating a serious violation of privacy. The breach raises concerns about the company’s data security measures and the potential risks posed to both employees and clients.
Forstenlechner Installationstechnik – Akira
Threat Actor: Akira
Victim: Forstenlechner Installationstechnik
Industry: Construction
Details of Breach: The ransomware leak associated with Forstenlechner Installationstechnik revealed a substantial data compromise affecting essential corporate operations. The breach included over 41 GB of sensitive documents, including employee and customer contact information, financial data, and confidential licenses. The potential exposure of personal identifiers and corporate strategies demands immediate action to mitigate risks and bolster data security protocols.
Central McGowan – Fog
Threat Actor: Fog
Victim: Central McGowan
Industry: Distribution (Welding and Industrial Equipment)
Details of Breach: Central McGowan has faced a substantial data breach, with approximately 23.5 GB of internal documents leaked. The compromised data includes HR documents, Non-Disclosure Agreements (NDAs), and sensitive employee information, such as driver license numbers. This incident underscores the vulnerabilities companies face concerning data security and the potential ramifications of ransomware attacks on business integrity.
La Unión – Lynx
Threat Actor: Lynx
Victim: La Unión
Industry: Agriculture (Fruits and Vegetables)
Details of Breach: La Unión, a prominent Spanish company, has recently been the target of a ransomware leak. The breach raises significant concerns regarding the security of sensitive information. The leak may include various materials, although specific download links and detailed content are not disclosed. The impact of the breach on La Unión’s operations has not been specified, but the nature of the incident highlights the importance of data security in the agricultural sector.
Synaptic.co.tz – Arcusmedia
Threat Actor: Arcusmedia
Victim: Synaptic.co.tz
Industry: Data
Details of Breach: The ransomware leak concerning Synaptic Solutions suggests that important data may have been exposed. The site indicates that sensitive information was available for direct sales for a duration of five days, with a total leak timeframe of seven days. While exact details of the compromise were not disclosed, the incident reflects potential risks for the organization and its stakeholders.
RJ IT Solutions – Arcusmedia
Threat Actor: Arcusmedia
Victim: RJ IT Solutions
Industry: Repair Services
Details of Breach: The leak page for RJ IT Solutions outlines key information regarding a recent security incident, indicating an urgency in the activities of the perpetrators as they attempt to monetize the stolen data. The victim operates within the repair services industry, emphasizing the potential harm to their operations and reputation due to the breach.
Grafitec – Arcusmedia
Threat Actor: Arcusmedia
Victim: Grafitec
Industry: Machinery Distribution
Details of Breach: The ransomware leak page associated with Grafitec Ltd indicates a significant exposure of information regarding the company’s operations. Grafitec, recognized as the largest stockist of top-quality binding and finishing machinery in the UK, has experienced a breach affecting their internal documents. The leak mentions an estimated sell timeframe of 5 days and a leak timeframe of 7 days, underscoring the urgency of addressing cybersecurity vulnerabilities. While there is one image present, no download links are included, suggesting a focus on promoting their market position rather than exposing sensitive operational data.
Logic Insectes – Arcusmedia
Threat Actor: Arcusmedia
Victim: Logic Insectes
Industry: Pest Control
Details of Breach: The ransomware leak page for Logic Insectes highlights their services related to pest control and ecological intervention strategies in Réunion Island. The leak mentions a quick response time for services and outlines a five-day lead for services with a seven-day period for data leaks. An image is included, but no download links are present, indicating that the focus may be more on service promotion rather than detailed sensitive data exposure.
Quigley Eye Specialists – Cactus
Threat Actor: Cactus
Victim: Quigley Eye Specialists
Industry: Healthcare
Details of Breach: The ransomware leak page reveals a significant data breach involving Quigley Eye Specialists, located in Florida, USA. Approximately 435GB of data was disclosed, with less than 1% publicly available. The breach includes sensitive personal identifiable information (PII), employee and patient medical records, and financial documents. The estimated revenue of the practice is $33.6 million, emphasizing the critical nature of the healthcare sector’s data security. The page contains six images, likely illustrating aspects of the internal documents or general information related to the breach.
Itapeseg – Arcusmedia
Threat Actor: Arcusmedia
Victim: Itapeseg
Industry: Manufacturing
Details of Breach: The ransomware leak for Itapeseg, based in Itapetininga, São Paulo, Brazil, indicates a data breach affecting the manufacturing sector. The leak suggests exposure to critical operational data, although specific details about the compromise remain unspecified. The company, generating annual revenues between 1 to 5 million, emphasizes tailored solutions for clients. The page includes one image but no download links, suggesting limited direct data exposure.
Vitenas Cosmetic Surgery – Kairos
Threat Actor: Kairos
Victim: drvitenas.com
Industry: Healthcare
Details of Breach: The ransomware leak page for Vitenas Cosmetic Surgery provides insights into its operations and sensitive patient care details. With an estimated revenue of $5.9 million, the practice focuses on delivering exceptional patient experiences. The page indicates that sensitive contact information, including the physical address and phone number, has been compromised. Sixteen images are present, likely illustrating internal documentation or patient case studies, but no download links are specified.
Sunnking Sustainable Solutions – Akira
Threat Actor: Akira
Victim: Sunnking Sustainable Solutions
Industry: IT Asset Disposition
Details of Breach: The ransomware leak for Sunnking emphasizes the company’s suite of IT asset disposition services aimed at promoting efficiency and sustainability. The leak suggests a release of internal corporate documents, including non-disclosure agreements (NDAs) and financial reports. Sensitive employee and customer data may also be at risk. The incident underscores the potential implications of data exposure on the organization’s operations and customer privacy.
LINKGROUP – Arcusmedia
Threat Actor: Arcusmedia
Victim: LINKGROUP
Industry: Landscaping
Details of Breach: The ransomware leak page for LINKGROUP reveals their specialization in hard landscaping services, including installation of patios and tree surgery. The leak indicates an estimated sell timeframe of 5 days and a leak timeframe of 7 days. Although there is one image present, no download links are included, suggesting that the leak focuses on promoting their services rather than exposing sensitive data.
Openreso – Arcusmedia
Threat Actor: Arcusmedia
Victim: Openreso
Industry: Consumer Services
Details of Breach: The ransomware leak page concerning Openreso highlights the company’s operations within the consumer services sector, generating revenues between 1 million to 5 million USD. The leak mentions a five-day sell timeframe and a seven-day leak timeframe, indicating urgency around the compromised data. While an image is included, no download links are present, suggesting limited direct access to sensitive information.
USA Rice – Kairos
Threat Actor: Kairos
Victim: usarice.com
Industry: Agriculture and Food Production
Details of Breach: The ransomware leak page for USA Rice indicates a breach involving critical data linked to the agriculture sector. Discovered on March 3, 2025, the leak suggests substantial exposure of sensitive information affecting operations in the U.S. Multiple infostealers were employed, and three users were reported affected. The presence of screenshots illustrates sensitive content, but specific download links are omitted.
Family Community Health Center – Ransomhub
Threat Actor: Ransomhub
Victim: familychc.com
Industry: Healthcare
Details of Breach: The leak page for Family Community Health Center features several images related to the ransomware incident, though specific details about the content are not disclosed. The lack of textual information means that the data conveyed is primarily visual, focusing on extortion materials or evidence. No download links are available, indicating a significant cybersecurity concern in maintaining data security.
Summary
| Victim | Threat Actor | Industry | Details of Breach |
|---|---|---|---|
| Ceratec Surfaces | Abyss | Flooring Products | Potential exposure of sensitive information affecting three user accounts. |
| Klesk Metal Stamping Co | Fog | Manufacturing | Data volume of 2.2 GB, including sensitive employee information and medical records. |
| Forstenlechner Installationstechnik | Akira | Construction | Over 41 GB of documents leaked, including financial data and confidential licenses. |
| Central McGowan | Fog | Distribution | 23.5 GB of internal documents leaked, including HR documents and NDAs. |
| La Unión | Lynx | Agriculture | Breach may include various materials; impact on operations not specified. |
| Synaptic.co.tz | Arcusmedia | Data | Important data exposure; available for direct sales for five days. |
| RJ IT Solutions | Arcusmedia | Repair Services | Urgency in activities of perpetrators to monetize stolen data. |
| Grafitec | Arcusmedia | Machinery Distribution | Significant exposure of internal documents; no download links available. |
| Logic Insectes | Arcusmedia | Pest Control | Focus on ecological pest management; limited data exposure. |
| Quigley Eye Specialists | Cactus | Healthcare | Approx. 435GB of data disclosed; includes sensitive PII and medical records. |
| Itapeseg | Arcusmedia | Manufacturing | Data breach affecting operational data; no specific details available. |
| Vitenas Cosmetic Surgery | Kairos | Healthcare | Exposure of sensitive patient information; substantial number of images present. |
| Sunnking Sustainable Solutions | Akira | IT Asset Disposition | Potential release of corporate documents and sensitive data; implications for privacy. |
| LINKGROUP | Arcusmedia | Landscaping | Specializes in hard landscaping services; no sensitive data exposed. |
| Openreso | Arcusmedia | Consumer Services | Revenue between 1-5 million; limited data exposure with no download links. |
| USA Rice | Kairos | Agriculture and Food Production | Breach involving critical agricultural data; multiple infostealers employed. |
| Family Community Health Center | Ransomhub | Healthcare | Visual evidence of the breach; significant cybersecurity concern. |
