Weekly Ransomware & Breach Recap (Oct 13–19, 2025)
3 min read
Cyber Threat Intelligence Weekly Report
•Period: 14 – 20 Oct 2025
•Scope: Ransomware + Traditional Breaches (415) + Infostealer Packages (176)
Headline Metrics
| Indicator | Volume | Δ vs prior week |
|---|---|---|
| Ransomware victims | ≈ 152 (+12 %) | ↑ moderate |
| Traditional breaches | 217 | ↑ 66 % |
| Infostealer packages | 118 | ↑ +19 % |
| Avg. exfil volume | ~0.8 TB | stable |
| Most-targeted regions | 🇺🇸 US 🇫🇷 FR 🇩🇪 DE 🇨🇦 CA 🇬🇧 UK | |
| Leading crews | Qilin Medusa Akira Radar Sinobi Everest BlackShrantac |
Top 10 High-Impact Incidents (Oct 14 – 20 2025)
| Victim | Group | Country | Sector | Highlights |
|---|---|---|---|---|
| Collins Aerospace / RTX | Everest | 🇺🇸 US | Aerospace & Defense | Multiple postings; flight-ops disruption at Heathrow & Brussels. |
| Volkswagen Group France | Qilin | 🇫🇷 FR | Automotive / Corporate | National subsidiary data leak; vendor contracts exposed. |
| London Women’s Clinic | Qilin | 🇬🇧 UK | Healthcare | Patient data breach; PHI/PII impact across 3 clinics. |
| Agencia Tributaria (ES) | Qilin | 🇪🇸 ES | Government / Finance | Tax authority targeted – confidential fiscal records. |
| Imagicle (IT) | Medusa | 🇮🇹 IT | Unified Comms / Software | Cloud VoIP platform leak; partner portal credentials. |
| Al Ahly Leasing & Factoring (EG) | BlackShrantac | 🇪🇬 EG | Finance | Financial contracts and customer KYC files. |
| Linxx Global Solutions (US) | Medusa | 🇺🇸 US | Security / Defense Contractor | Sensitive personnel data and training materials. |
| Madagascar Airlines (MG) | The Gentlemen | 🇲🇬 MG | Aviation | Operational schedules and ticketing data leaked. |
| Unimed do Brasil (BR) | Sarcoma | 🇧🇷 BR | Healthcare / Insurance | Medical insurance records (≈ 1 TB). |
| City of Riviera Beach (US) | Qilin | 🇺🇸 US | Local Government | Critical infrastructure data and citizen services files. |
Geographic Distribution (14 – 20 Oct 2025)
| Continent | % Victims | Main Groups |
|---|---|---|
| North America | 46 % | Qilin, Medusa, Akira, Radar |
| Europe | 32 % | Qilin, Medusa, Lynx, Play |
| Asia | 11 % | Medusa, Nova, BlackShrantac |
| South America | 6 % | Qilin, Sarcoma |
| Africa | 3 % | BlackShrantac |
| Oceania | 2 % | Radar |
Observed Trends
1. Qilin expands its reach — 70 + victims spanning US, FR, DE, ES and health/industrial verticals.
2. Everest returns with multiple RTX/Collins Aerospace posts plus derivative “insecure” narratives.
3. Radar rises as a secondary actor targeting Australia and Latin America.
4. BlackShrantac adds finance and Middle East victims (Al Ahly Leasing & Gulf Warranties).
5. Sinobi + Medusa continue to pressure US healthcare and construction.
6. Infostealer ecosystem growth: 118 new packages (log stealer, Lumma, Vidar forks).
Near-Term Risks
• Credential replay against O365 and VPN tenants via fresh stealer logs.
• Ransomware spillovers to education and municipal IT from US/UK targets.
• Supply-chain propagation in industrial and automotive vendors (Play & Qilin).