This report summarizes recent ransomware attacks across various sectors, detailing the victims, threat actors, and available information on the incidents. Due to the nature of ransomware attacks and the often-redacted information publicly available, details may be limited in some cases. The information presented here is compiled from publicly available sources and should not be considered exhaustive.
Note: No files or stolen information are hosted or disclosed in this report. Any legal issues relating to the content of the files should be directed at the attackers directly. This summary is solely for informational purposes.
I. germancentre.sg – Incransom Attack
- Victim: germancentre.sg (Singapore)
- Threat Actor: Incransom
- Industry: Business services; provides office spaces, meeting rooms, and networking events for German companies in Singapore. Facilitates market entry for German businesses.
- Date of Leak (Reported): March 1, 2025
- Malware/Ransomware Strain: Incransom
- Details of Breach: Specific details regarding data compromise were not initially specified in the publicly available report. The leak page included an image depicting internal documents, potentially revealing sensitive internal data. No download links were noted. No employee or third-party exposures were detected.
II. breakawayconcretecutting.com – Incransom Attack
- Victim: breakawayconcretecutting.com
- Threat Actor: Incransom
- Industry: Concrete cutting (Presumed based on domain name)
- Date of Leak (Reported): March 1, 2025
- Malware/Ransomware Strain: Incransom
- Details of Breach: Sensitive operational information was exposed; however, no employee or user data was explicitly mentioned. A screenshot on the leak page illustrated the leaked content. The company, established in 1997, specializes in various concrete cutting services.
III. Bell Ambulance – Medusa Ransomware Attack
- Victim: Bell Ambulance
- Threat Actor: Medusa
- Industry: Emergency medical services
- Date of Leak (Reported): March 2, 2025
- Malware/Ransomware Strain: Medusa
- Details of Breach: 219.50 GB of data leaked, pertaining to corporate operations. No PII disclosed. $400,000 ransom demanded. Images or screenshots of internal documents may be present.
IV. Workforce Group – KillSec Attack
- Victim: Workforce Group (Nigeria)
- Threat Actor: KillSec
- Industry: Business Services
- Date of Leak (Reported): March 2, 2025
- Malware/Ransomware Strain: KillSec
- Details of Breach: Data related to 32 users and 13 third-party associations leaked. The nature of the compromised data was not fully disclosed. The victim’s website, workforcegroup.com, was under scrutiny.
V. gruppocogesi.org – LockBit 3.0 Attack
- Victim: gruppocogesi.org
- Threat Actor: LockBit 3.0
- Industry: IT and administrative support
- Date of Leak (Reported): March 2, 2025
- Malware/Ransomware Strain: LockBit 3.0
- Details of Breach: The ransomware leak page for CO.GE.S.I. (gruppocogesi.org), a provider of technical and administrative support for urban planning applications (D.P.R. n. 380/2001), shows a screenshot of their website, indicating potential exposure of sensitive operational data. The LockBit 3.0 ransomware group is implicated, with the leak appearing on March 2, 2025. While the exact date of compromise is unknown and no direct download links are mentioned, the screenshot suggests potentially sensitive internal documents were exposed. The number of affected employees or third-party relationships remains unclear.
VI. FM.GOB.AR – Monti Attack
- Victim: FM.GOB.AR
- Threat Actor: Monti
- Industry: NA
- Date of Leak (Reported): March 2, 2025
- Malware/Ransomware Strain: Monti
- Details of Breach: Described as a “full leak,” but the page only showed 435 views and contained no download links or images.
VII. Pre Con Industries – Play Ransomware Attack
- Victim: Pre Con Industries (United States)
- Threat Actor: Play
- Industry: Construction (Inferred)
- Date of Leak (Reported): March 2, 2025
- Malware/Ransomware Strain: Play
- Details of Breach: Significant data pertaining to the company’s operations was compromised. The leak page contained a screenshot of some of the compromised data, but specifics on the nature and volume of data were not provided. Multiple documents or resources were potentially available for download.
VIII. North American Fire Hose – Play Ransomware Attack
- Victim: North American Fire Hose
- Threat Actor: Play
- Industry: Fire hose manufacturing/distribution (Presumed based on name)
- Date of Leak (Reported): March 2, 2025
- Malware/Ransomware Strain: Play
- Details of Breach: Significant information about the company exposed. No PII disclosed. Screenshot illustrates elements of the breach; downloadable materials mentioned but not specified.
IX. Optometrics – Play Ransomware Attack
- Victim: Optometrics
- Threat Actor: Play
- Industry: Technology (Inferred)
- Date of Leak (Reported): March 2, 2025
- Malware/Ransomware Strain: Play
- Details of Breach: Banners and internal communications leaked. Screenshot of internal documents may be present. Potential download links to additional data files mentioned but not specified.
X. IT-IQ Botswana – Play Ransomware Attack
- Victim: IT-IQ Botswana (Botswana)
- Threat Actor: Play
- Industry: Managed IT Services, Training, and Testing
- Date of Leak (Reported): March 2, 2025
- Malware/Ransomware Strain: Play
- Details of Breach: The extent of the data breach is unknown. The company provides managed IT services, training, and testing services. A screenshot of the ransomware leak page was reportedly available.
XI. International Process Plants – Play Ransomware Attack
- Victim: International Process Plants
- Threat Actor: Play
- Industry: Manufacturing (Inferred)
- Date of Leak (Reported): March 2, 2025
- Details of Breach: Specific details regarding the nature of the compromised data remain unspecified. Screenshot on leak page; access to additional materials requires visiting a dark web URL.
XII. Ganong Bros – Play Ransomware Attack
- Victim: Ganong Bros
- Threat Actor: Play
- Industry: Agriculture and Food Production
- Date of Leak (Reported): March 2, 2025
- Malware/Ransomware Strain: Play
- Details of Breach: Sensitive data potentially compromised, specifics not disclosed. Screenshot on leak page illustrating internal communications or stolen data. Leak hosted on a dark web domain.
Summary:
| Ransomware Group | Victim Name | Date | Location/Industry | Details of Breach |
|---|---|---|---|---|
| INCRANSOM | germancentre[.]sg | March 2, 2025 | Singapore, Business Services | Internal documents leaked. Services offered include office spaces and networking events for German companies in Singapore. No download links were noted. |
| INCRANSOM | breakawayconcretecutting[.]com | March 1, 2025 | Chad, Construction | Sensitive operational information exposed; no employee or user data explicitly mentioned. Screenshot on leak page illustrates leaked content. Company established in 1997, specializing in various concrete cutting services, with projects ranging up to $500,000. |
| MEDUSA | Bell Ambulance | March 2, 2025 | (Location unspecified) Healthcare | 219.50 GB of data leaked, pertaining to corporate operations. No PII disclosed. $400,000 ransom demanded. Images or screenshots of internal documents may be present. |
| LOCKBIT3 | gruppocogesi[.]org | March 2, 2025 | (Location unspecified) Healthcare | The ransomware leak page for CO.GE.S.I. (gruppocogesi.org), a provider of technical and administrative support for urban planning applications (D.P.R. n. 380/2001), shows a screenshot of their website, indicating potential exposure of sensitive operational data. The LockBit 3.0 ransomware group is implicated, with the leak appearing on March 2, 2025. While the exact date of compromise is unknown and no direct download links are mentioned, the screenshot suggests potentially sensitive internal documents were exposed. The number of affected employees or third-party relationships remains unclear. |
| PLAY | Pre Con Industries | March 2, 2025 | (Location/Industry unspecified) | Significant data pertaining to the company’s operations was compromised. The leak page contained a screenshot of some of the compromised data, but specifics on the nature and volume of data were not provided. Multiple documents or resources were potentially available for download. |
| PLAY | Optometrics | March 2, 2025 | US, Technology | Banners and internal communications leaked. Screenshot of internal documents may be present. Potential download links to additional data files mentioned but not specified. |
| KILLSEC | Workforce Group | March 2, 2025 | Nigeria, Business Services | Data related to 32 users and 13 third-party associations leaked. The company’s website, workforcegroup.com, is under scrutiny. |
| MONTI | FM[.]GOB[.]AR | March 2, 2025 | (Location/Industry unspecified) | Described as a “full leak,” but the page only shows 435 views and contains no download links or images. |
| PLAY | North American Fire Hose | March 2, 2025 | US, Manufacturing | Significant information about the company exposed. No PII disclosed. Screenshot illustrates elements of the breach; downloadable materials mentioned but not specified. |
| PLAY | IT-IQ Botswana | (Date unspecified) | (Location/Industry unspecified) | The extent of the data breach is unknown. The company provides managed IT services, training, and testing services. A screenshot of the ransomware leak page was reportedly available. |
| PLAY | International Process Plants | March 2, 2025 | US, Manufacturing | Specific details regarding the nature of the compromised data remain unspecified. Screenshot on leak page; access to additional materials requires visiting a dark web URL. |
| PLAY | Ganong Bros | March 2, 2025 | Canada, Agriculture & Food | Sensitive data potentially compromised, specifics not disclosed. Screenshot on leak page illustrating internal communications or stolen data. Leak hosted on a dark web domain. |
