Inside RAMP: What a leaked database reveals about Russia's ransomware marketplace - Comparitech Analysis of 1,732 forum threads, 7,707 registered users, and 340,000 IP records from the notorious Russian-language cybercrime forum, RAMP.

📢 Inside RAMP: What a leaked database reveals about Russia’s ransomware marketplace

We gained exclusive access to a leaked database, allowing us to analyze 1.7K forum threads, 7.7K registered users & 340K IP records from the notorious cybercrime forum.

bit.ly/4cYUfhH

By: @pabischoff.bsky.social

Critical Infrastructure at Risk: 179 ICS Devices Exposed Online - Comparitech We identified 179 suspected industrial control devices responding on port 502, the default port used by the Modbus protocol.

🛑 Critical Infrastructure at Risk: 179 ICS Devices Exposed Online

Our scan for internet-facing Modbus devices found:

🔺179 exposed devices
🇺🇸 x57
🇸🇪 x22
🇹🇷 x19
🚉 x1 device from a national railway network
⚡️x2 devices from national power grids

bit.ly/4sq6QPJ

Texas gun store notifies over 21,000 people of data breach following hack - Comparitech Mister Guns, is notifying 21,225 people of a data breach following unauthorized access to its systems in November 2025.

‼️ Mister Guns 🇺🇸 is notifying 21,225 people of a data breach following unauthorized access to its systems in November 2025.

Ransomware gang Securotrop claimed an attack on the Texas gun store at the time, alleging to have stolen 290 GB of data.

bit.ly/4toB5Ho

By: @becmoody.bsky.social

Ransomware roundup: March 2026 - Comparitech In March 2026, ransomware attacks rose to the highest level of the year with 780 in total – a 13 percent increase on February’s figure (692).

📣 Our March 2026 ransomware roundup is live!

🔺 780 attacks in total (UP 13% from February)

🔌 Attacks on utility companies UP 630%
🏭 Attacks on manufacturers UP 36%
🏛️ Attacks on governments UP 30%
🏥 Attacks on healthcare DOWN 15%

bit.ly/4v14NUA

By: @becmoody.bsky.social

Humana warns patients of data breach that leaked SSNs, medical info - Comparitech Humana notified patients of a breach that compromised SSNs and medical info. Ransomware group Clop took credit.

‼️ Humana 🇺🇸 is notifying people of a data breach from August 2025. Names, SSNs, medical info & health insurance data affected.

This follows #ransomware gang Clop's exploitation of a zero-day vulnerability in Oracle’s E-Business Suite software.

bit.ly/47lmFzr

By: @pabischoff.bsky.social

Cybercriminal group says it hacked Namibia's biggest airport operator - Comparitech A ransomware group called Inc took credit for hacking Namibia Airports Company, the country's top airport operator.

🚨 Namibia Airports Company 🇳🇦 has been added to the data leak site of #ransomware gang INC. 500 GB allegedly stolen.

The government airline confirmed its systems were impacted in an attack on March 6. There was no evidence of a data breach at the time.

bit.ly/4sTL1bJ

By: @pabischoff.bsky.social

‼️ Insightin Health 🇺🇸 is warning 142,000+ people of a September 2025 data breach, which was claimed by #ransomware group Medusa.

Medusa issued the healthcare marketing agency with a $500K ransom demand after allegedly stealing 378 GB of data.

bit.ly/4bCuDph

By: @pabischoff.bsky.social

Michigan city confirms cyber attack following ransomware gang's claim - Comparitech Over the weekend, ransomware gang Genesis added the City of Hart, Michigan, to its data leak site. It alleges to have stolen 300 GB of data and has given the City less than six days to meet its ransom...

🚨 The City of Hart, MI 🇺🇸 has confirmed it's investigating a Feb '26 cyber attack after #ransomware gang Genesis claimed an attack on the government org this weekend.

Genesis says it's stolen 300 GB of data, giving the city less than 6 days to pay up.

bit.ly/4up9mbc

By: @becmoody.bsky.social

Ransomware roundup: February 2026 - Comparitech Despite February being the shortest month of the year, ransomware attacks across the globe remained high. 685 attacks were recorded in February 2026, following 718 in January 2026.

📣 Our February 2026 ransomware roundup is live!

🔻 685 attacks in total (718 in January)
🏥 Attacks on healthcare UP 30%
🚚 Attacks on transport companies UP 39%
🇧🇷 Attacks on Brazilian companies UP 180%
🔺 Qilin continues to dominate (104 attacks)

bit.ly/4rr1xix

By: @becmoody.bsky.social

Cybercriminals say they hacked Southold, NY local government, stole data - Comparitech Ransomware group Rhysida took credit for a cyber attack on the local government of Southold, New York that crippled the city's systems.

🚨 The Town of Southold 🇺🇸 has been added to the data leak site of #ransomware gang Rhysida. A 10 BTC ransom ($661,400) and a payment deadline of 7 days have been issued.

Southold was hit by an attack that crippled key systems in November 2025.

bit.ly/46wJdwH

By: @pabischoff.bsky.social

‼️ Insight Hospital & Medical Center in Chicago 🇺🇸 is warning patients of a data breach following a cyber attack in Aug '25.

TWO #ransomware gangs have claimed attacks on the healthcare provider.

LockBit - Dec '25 (200 GB)
Termite - Feb '26 (360 GB)

bit.ly/471i9Wv

By: @pabischoff.bsky.social

91.5K patients have data breached following cyber attack on third-party software provider - Comparitech North East Medical Services (NEMS) is notifying 91,513 patients of an October 2025 data breach following a cyber attack on its third-party software provider, UnitedLayer. In November 2025, ransomware ...

‼️ North East Medical Services (NEMS) 🇺🇸 is notifying 91,513 patients of an Oct '25 data breach following a cyber attack on its third-party software provider, UnitedLayer.

Ransomware gang RansomHouse claimed the attack on UnitedLayer.

bit.ly/4kIN9QC

By: @becmoody.bsky.social

🚨 Cheyenne and Arapaho Tribes 🇺🇸 has been added to the data leak site of #ransomware gang Rhysida with a $700K ransom demand.

The government organization said it suffered an attack in December 2025 which impacted systems but said no data was breached.

bit.ly/4aMzioa

By: @pabischoff.bsky.social

Ransomware gang claims recent cyber attack on Canadian retailer - Comparitech Ransomware gang, Akira, has added prominent Canadian retailer, Ardene, to its data leak site and alleges to have stolen 58 GB of data.

🚨 Ardene 🇨🇦 has been added to the data leak site of #ransomware gang Akira. 58 GB stolen.

This week, the Canadian retailer confirmed a cyber attack had impacted its systems in January. It wasn't aware of any customer data being breached "at this time."

bit.ly/4csrnOY

Ransomware roundup: January 2026 - Comparitech 2026 kicked off with more ransomware attacks than usual: 710 in total. While slightly lower than the total recorded in December 2025 (783), January’s figure is still significantly higher than 2025’s m...

📣 Our January 2026 ransomware roundup is live!

🔻 711 attacks in total (8% less than Dec '25)
💰 Attacks on finance companies UP 26%
💻 Attacks on tech companies UP 12%
🇬🇧 Attacks on UK companies UP 83%
🔺 Qilin continues to dominate (108 attacks)

bit.ly/4r7V78p

By: @becmoody.bsky.social

🚨 Jefferson Blount St. Claire Mental Health Authority 🇺🇸 is notifying 30,400+ people of a November 2025 data breach. SSNs & medical info affected.

#Ransomware gang Medsua claimed the attack on the healthcare org with a $200K ransom for 168.6 GB of data.

bit.ly/4rziTdc

By: @pabischoff.bsky.social

Education Ransomware Roundup: 2025 stats on attacks, ransoms, and data breaches - Comparitech In 2025, ransomware gangs took credit for 251 cyberattacks on schools, universities, and other educational institutions. While similar to 2024’s figure (247), 2025’s attacks resulted in the breach of ...

📢 Our 2025 education ransomware roundup is live!

Attacks on the education sector plateaued in 2025 (when compared to 2024), but the number of records involved in these data breaches increased significantly (up to 3.96M from 3.11M).

Read the report here: bit.ly/3ZfacsD

By: @becmoody.bsky.social

Cybercriminals say they hacked a local Ontario government health department - Comparitech A ransomware group called Lynx yesterday took credit for a cyber attack on Lakelands Public Health in Ontario, Canada.

🚨 Ransomware gang Lynx has claimed the attack on Lakelands Public Health 🇨🇦

The Canadian health authority has been dealing with an attack since January 29, 2026. System restoration and data breach investigations are ongoing.

bit.ly/49Z375I

By: @pabischoff.bsky.social

Colorado clinic warns 65,000+ people of data breach that leaked SSNs, credit cards, and medical info - Comparitech Alpine Ear, Nose & Throat notified 65,648 people of a data breach that compromised SSNs, credit cards, and medical info.

‼️ Alpine Ear, Nose & Throat, P.L.L.C. 🇺🇸 is issuing data breach notifications to 65,648 people following a cyber attack in November 2024. SSNs, medical info & credit card data affected.

#Ransomware gang BianLian claimed the attack.

bit.ly/45NHuTo

By: @pabischoff.bsky.social

‼️ 30,797 people are confirmed to have been impacted in a data breach on Appalachian Community Federal Credit Union 🇺🇸 following a cyber attack in October 2025.

Names, SSNs & financial account info affected.

#Ransomware gang Qilin claimed the attack.

bit.ly/49S2rPg

By: @pabischoff.bsky.social

📣 Worldwide ransomware roundup: 2025 end-of-year report

🔺 7,419 attacks in total - UP 32% from 2024
🔺 374 attacks on government entities – UP 27%
🔺 444 attacks on healthcare companies – UP 2%
🔺 252 attacks on educational institutions – UP 2%

bit.ly/4ql9DcL

By: @becmoody.bsky.social

‼️Money Mart 🇺🇸🇨🇦 is issuing data breach letters to US residents following a cyber attack in November 2025. SSNs affected.

#Ransomware gang Everest claimed the attack and alleged theft of 80K files from the finance company's US and Canadian offices.

bit.ly/3NeWxPw

By: @pabischoff.bsky.social

‼️ Clackamas Community College 🇺🇸 is notifying 33K people of a data breach that leaked SSNs, student records & more.

#Ransomware gang Medusa claimed the attack, demanding $300K to delete 1.2 TB of data.

NB: Clackamas was also hit by LockBit in Jan '24.

bit.ly/4szdeVO

By: @pabischoff.bsky.social

‼️ Chesapeake Bay Maritime Museum 🇺🇸 is notifying 5K+ people of 17-month-old data breach from August 2024. SSNs and financial info affected.

#Ransomware group Helldown claimed the attack at the time, allegedly stealing 65 GB of data.

bit.ly/4qahz0n

By: @pabischoff.bsky.social

‼️Pulse Urgent Care Center 🇺🇸 is issuing data breach letters following a cyber attack in March 2025. SSNs & medical info among the data affected.

#Ransomware gang Medusa claimed the attack, issuing a $120K ransom for 60.7 GB of data allegedly stolen.

bit.ly/4qz9Ybb

By: @pabischoff.bsky.social

🚨 Kelsey School Division 🇨🇦 has been added to the data leak site of Ransomware Blog/MedusaLocker. A ransom of $40K is being demanded for the stolen data.

The Canadian school district confirmed a cyber attack had impacted systems on November 13, 2025.

bit.ly/3MYlXAH

By: @pabischoff.bsky.social

Akira ransomware: stats on attacks, ransoms & data breaches - Comparitech From January to November 2025, Akira claimed responsibility for 683 ransomware attacks, making it the second most dominant strain this year behind Qilin (864 attacks during the same period).

📢 Akira ransomware: stats on attacks, ransoms & data breaches

2025 key findings:

🔺 683 victims - double 2024's total (272)
🔺 182 attacks on manufacturers - triple 2024's total (52)
🔺 32 TB of data stolen
🇺🇸 The US accounts for the most attacks (455)

bit.ly/493bMTY

By: @becmoody.bsky.social

🚨 Ransomware gang DragonForce has taken credit for an October cyber attack on the city of La Vergne, Tennessee 🇺🇸 It alleges to have stolen 382 GB of data.

The group has given the city a week to pay its ransom before the data is leaked.

bit.ly/4rL0mM5

By: @pabischoff.bsky.social

Ransomware roundup: November 2025 - Comparitech Last month, the number of ransomware attacks remained high with 659 recorded in total. However, this was a slight dip (-5%) from October’s total of 693.

📢 Our #ransomware roundup for November 2025 is live!

🔻 659 attacks in total (DOWN 5% from October)
🔻 Attacks on healthcare (DOWN 44%)
🔺 Attacks on manufacturers (UP 35%)
🔺 Attacks on education (UP 24%)
🔺 Top strain - Qilin (107 attacks)

bit.ly/446vpI6

By: @becmoody.bsky.social

🚨 #Ransomware gang Devman is demanding $400K for 500 GB of data from the Georgia Superior Court Clerks’ Cooperative Authority 🇺🇸

GSCCCA's systems are currently down while it deals with a "credible and ongoing cybersecurity threat."

bit.ly/4pOP87F

By: @pabischoff.bsky.social