This report summarizes recent ransomware attacks across various sectors, detailing the victims, threat actors, and available information on the incidents. Due to the nature of ransomware attacks and the often-redacted information publicly available, details may be limited in some cases. The information presented here is compiled from publicly available sources and should not be considered exhaustive.
Note: No files or stolen information are hosted or disclosed in this report. Any legal issues relating to the content of the files should be directed at the attackers directly. This summary is solely for informational purposes.
Law Diary (USA) – Skira
Threat Actor: Skira
Victim: Law Diary (USA)
Industry: Legal Support Services
Details of Breach: The ransomware leak page for Law Diary indicates that the company, which specializes in providing legal research and case tracking services, has been compromised. This breach poses significant risks to sensitive legal data, including client information and case details. Although the specifics of the compromised data are not detailed, the situation underscores the importance of cybersecurity within the legal sector. A screenshot related to the incident is included, but specific download links are not provided.
Krisala Developer (India) – Skira
Threat Actor: Skira
Victim: Krisala Developer (India)
Industry: Real Estate
Details of Breach: The ransomware leak page for Krisala Developers reveals a significant data breach, exposing sensitive information related to various construction projects. The breach was discovered on March 6, 2025, and raises concerns regarding the operational integrity and privacy of client data. A screenshot associated with the leak is available, showcasing aspects of the company’s operations, although no download links are provided for the compromised data.
City Government Office in Van (Turkey) – Skira
Threat Actor: Skira
Victim: City Government Office in Van (Turkey)
Industry: Local Government
Details of Breach: The ransomware leak page for the City Government Office in Van highlights the potential exposure of sensitive governmental data. This administrative body is crucial for local governance, and the breach raises concerns about data security and the implications for public administration. The leak was noted on March 6, 2025, but lacks specific details about the nature of the compromise or sensitive information.
The 19 Biggest Gitlabs – Fog
Threat Actor: Fog
Victim: Various Organizations
Industry: Multiple
Details of Breach: The ransomware leak page presents a list of various organizations potentially affected by a data breach, including links to their respective GitLab repositories. However, specific details regarding a particular victim or individual case are not apparent. The absence of clearly defined headings and the lack of explicit details suggest that the page serves as a generic catalog of victims rather than focusing on a single incident.
Eumetsat – Fog
Threat Actor: Fog
Victim: Eumetsat
Industry: Meteorological Services
Details of Breach: The ransomware leak page for Eumetsat indicates that multiple organizations have been affected by recent cyber incidents. While specifics about the nature of the data compromised are not disclosed, the presence of various entities across different sectors suggests a widespread impact. The lack of download links and detailed descriptions limits the available context for analysis.
Blue Planet – Fog
Threat Actor: Fog
Victim: Blue Planet
Industry: Technology Consulting
Details of Breach: The ransomware leak page for Blue Planet includes a list of organizations with their corresponding website links and Git repository URLs. While specific details about any individual case were not apparent, the compilation emphasizes a broad range of potential targets across various sectors. The lack of explicit details about the compromises indicates a more general overview rather than focusing on specific incidents.
Melexis – Fog
Threat Actor: Fog
Victim: Melexis
Industry: Technology
Details of Breach: The ransomware leak page for Melexis showcases a list of multiple organizations that may have been implicated in recent cyber incidents. However, specific details regarding the nature of the compromises or sensitive information have not been disclosed. The absence of images and downloadable links suggests that the focus remains on providing a directory of potentially compromised organizations.
Inelmatic – Fog
Threat Actor: Fog
Victim: Inelmatic
Industry: Manufacturing
Details of Breach: The ransomware leak page for Inelmatic indicates a data breach involving various organizations. Specific details about the compromise are not provided, and the page lacks images or download links, which limits context for analysis. This suggests a focus on listing potentially impacted organizations without disclosing sensitive information.
Kr3m – Fog
Threat Actor: Fog
Victim: Kr3m
Industry: Media and Gaming
Details of Breach: The ransomware leak page for Kr3m contains a compilation of various organizations, indicating potential data breaches. Specific details about the nature of the compromise are not provided, and the absence of download links and images suggests a focus on listing victims rather than disclosing sensitive information. The lack of a clear compromise date adds to the ambiguity regarding the incident.
Kotliva – Fog
Threat Actor: Fog
Victim: Kotliva
Industry: Agriculture
Details of Breach: The ransomware leak page for Kotliva presents a list of various companies, similar to the Kr3m incident. It lacks specific details about individual breaches, focusing instead on a directory of potentially compromised organizations. The absence of downloadable content or images implies that the information is meant for awareness rather than direct access to sensitive data.
Elite Advanced Laser Corporation – Akira
Threat Actor: Akira
Victim: Elite Advanced Laser Corporation
Industry: Manufacturing
Details of Breach: The ransomware leak page for Elite Advanced Laser Corporation reveals that over 90 GB of sensitive data has been compromised, including financial documents and employee/customer contact information. The leak includes instructions for downloading the data via a torrent client, raising serious security concerns for the company. The incident highlights the need for enhanced cybersecurity measures within the technology sector.
Flightsim Studio – Fog
Threat Actor: Fog
Victim: Flightsim Studio
Industry: Software Development
Details of Breach: The ransomware leak page for Flightsim Studio lists various organizations potentially affected by a data breach. While specific details about the nature of the compromise are not provided, the presence of multiple URLs highlights possible vulnerabilities. The page lacks downloadable content and images, focusing on a general overview of impacted entities.
Euranova – Fog
Threat Actor: Fog
Victim: Euranova
Industry: Computer support and services
Details of Breach: The ransomware leak page for Euranova features a list of organizations with associated URLs, suggesting potential data breaches. However, specific details regarding the nature of the compromise are not disclosed. The absence of download links and images indicates a focus on notifying about potential threats rather than providing sensitive information.
Neopoly – Fog
Threat Actor: Fog
Victim: Neopoly
Industry: Software provider
Details of Breach: The ransomware leak page for Neopoly presents a compilation of organizations that may have experienced a data breach. It lacks specific details about individual cases, and there are no download links or images available. This structured listing emphasizes potential vulnerabilities without disclosing sensitive content.
Aeonsparx – Fog
Threat Actor: Fog
Victim: Aeonsparx
Industry: Game development
Details of Breach: The ransomware leak page for Aeonsparx includes a list of various organizations alongside their websites and GitLab links. Specific details about individual breaches are not available, and the lack of download links suggests that the focus is on raising awareness about the potential impact of cyber incidents across multiple sectors.
FHNW – Fog
Threat Actor: Fog
Victim: FHNW
Industry: Education
Details of Breach: The leak page for FHNW lists multiple organizations that may have been affected by ransomware incidents. The specifics of the breaches remain vague, and the page does not contain images or download links, indicating a focus on listing potential victims rather than providing detailed information about any specific incident.
Manning Publications Co. – Fog
Threat Actor: Fog
Victim: Manning Publications Co.
Industry: Publishing
Details of Breach: The ransomware leak page for Manning Publications Co. showcases a compilation of companies with their corresponding URLs. Specific details about the nature of the compromise are not provided, leaving the exact impact ambiguous. The absence of downloadable content or images points to a focus on publicizing the potential risks rather than revealing sensitive data.
Bizcode – Fog
Threat Actor: Fog
Victim: Bizcode
Industry: Unknown
Details of Breach: The ransomware leak page for Bizcode lists multiple organizations that may have been affected by a data breach, including links to their respective websites and Git repositories. However, specific details regarding the compromise, including sensitive data, are not disclosed. The absence of download links and images suggests that the page mainly serves as a directory of potentially compromised entities without providing explicit evidence of the breaches.
1X Internet – Fog
Threat Actor: Fog
Victim: 1X Internet
Industry: Software provider
Details of Breach: The ransomware leak page for 1X Internet contains a compilation of various organizations alongside their websites. While it indicates potential vulnerabilities across multiple sectors, no specific details about individual compromises are provided. The lack of downloadable content and images further emphasizes that the focus is on listing affected entities rather than detailing specific incidents of data exposure.
Engikam – Fog
Threat Actor: Fog
Victim: Engikam
Industry: Unknown
Details of Breach: The ransomware leak page for Engikam features a list of organizations with their corresponding URLs. Specific details about the nature of the compromise are not available, and the page does not include any download links or images. This suggests that the leak primarily serves as an informational resource about potentially impacted organizations, raising awareness of cybersecurity risks without disclosing sensitive information.
Summary
| Victim | Threat Actor | Industry | Details of Breach |
|---|---|---|---|
| Law Diary (USA) | Skira | Legal Support Services | Potential exposure of sensitive legal data; screenshot included. |
| Krisala Developer (India) | Skira | Real Estate | Significant breach; sensitive project data at risk; screenshot available. |
| City Government Office in Van (Turkey) | Skira | Local Government | Potential data exposure; critical for public administration; details unspecified. |
| The 19 Biggest Gitlabs | Fog | Multiple | Generic catalog of victims; no specific details or download links. |
| Eumetsat | Fog | Meteorological Services | Multiple organizations affected; lack of specific compromise details. |
| Blue Planet | Fog | Technology Consulting | Directory of organizations with no explicit details about breaches. |
| Melexis | Fog | Technology | List of organizations; no specific details or images provided. |
| Inelmatic | Fog | Manufacturing | Data breach indication; focus on listing organizations without sensitive data. |
| Kr3m | Fog | Media and Gaming | Compilation of organizations; no specific details or download links provided. |
| Kotliva | Fog | Agriculture | List of victims; lacks detailed descriptions of breaches. |
| Elite Advanced Laser Corporation | Akira | Manufacturing | 90 GB of sensitive data compromised; download instructions provided. |
| Flightsim Studio | Fog | Software Development | General overview of impacted entities; no specific breach details. |
| Euranova | Fog | Computer support and services | Compilation of organizations; lacks specific details about data compromise. |
| Neopoly | Fog | Software provider | Structured listing of potential victims; no download links or images. |
| Aeonsparx | Fog | Game development | List of organizations with links; no explicit breach details. |
| FHNW | Fog | Education | Vague details about potential incidents; no images or download links. |
| Manning Publications Co. | Fog | Publishing | Broad listing of companies; no specific breach information disclosed. |
| Bizcode | Fog | Unknown | Compilation of organizations; no specific details or download links provided. |
| 1X Internet | Fog | Unknown | List of victims; lacks detailed descriptions of breaches. |
| Engikam | Fog | Unknown | Directory of organizations; no specific breach information disclosed. |
| Andreyev Engineering | Ransomhub | Engineering Services | Visual content leak; no download links available. |
| Family Community Health Center | Ransomhub | Healthcare | Eight images related to the incident; no download links available. |
| Cimenyan Desa | Funksec | Local Government | Breach indicates vulnerabilities; minimal user impact. |
| InternetWay | APOS | Telecommunications | Serious incident; sensitive data accessed; screenshots available. |
| Netcom-World | APOS | Telecommunications | Ransomware attack discovered on March 4; screenshots of sensitive data. |
| Ewald Consulting | BianLian | Accounting | Engagement opportunities; no sensitive data leaks. |
| Iovate Health Sciences | Clop | Health Supplements | Compromise of internal documents; screenshot included. |
| Legal Aid Society of Salt Lake | BianLian | Non-Profit Legal Services | Collaborative opportunities; no sensitive data leaks. |
| Rockhill Women’s Care | Qilin | Healthcare | Data set for download on March 11; significant privacy concerns. |
| Goencon | Ransomhub | Heating & A/C | Visual content leak; no download links available. |
| Peruzzi | Qilin | Automotive Sales | Data available for download on March 11; sensitive customer information at risk. |
| BPM Microsystems | Qilin | Technology | Significant breach; data available for download on March 11. |
| Seabank Group | Lynx | Hospitality and Tourism | Potential exposure of operational data; no download links available. |
| Wendy Wu Tours | Killsec | Travel and Tourism | Significant breach; concerns about customer data exposure. |
| Tata Technologies | Hunters | Engineering Services | Data exfiltration incident; sensitive information potentially accessed. |
| Ray Fogg Corporate Properties | Akira | Real Estate | 75 GB of documents at risk; sensitive financial data exposed. |
| Grupo Baston Aerossol | Fog | Manufacturing | 88.3 GB of sensitive information compromised; no download links available. |
| Keystone Pacific Property Management LLC | BianLian | Property Management | 4.5 terabytes of data at risk; focus on severity of breach without exposing files. |
| Mosley Glick O’Brien, Inc. | BianLian | Accounting | 1.2 TB of data at risk; no download links provided. |
| FANTIN Group | Akira | Manufacturing | 14 GB of sensitive information compromised; risks to privacy and security. |
| Pampili | Fog | Children’s Products | 36.3 GB of data exposed; includes sensitive employee information. |
| PFS Grupo | Qilin | Consultancy | Commitment to innovation; sanitized data; no download links available. |
| 365labs – Security Corp | Monti | Security Services | Full leak indicated; significant public interest; no direct access to sensitive files. |
