Weekly Ransomware & Breach Recap (Sep 21–28, 2025)
1 min read
Weekly Ransomware & Breach Intelligence Recap
Between September 21 – 28, 2025, we tracked an alarming rise in cybercrime activity, spanning ransomware, breaches, and infostealer operations.
📊 Key Metrics – Source: breach.house
• 132 new infostealer packages detected
• 175 fresh breaches identified
Dozens of ransomware victims across finance, government, healthcare, industrial, and technology sectors
Ransomware Highlights
The most impactful ransomware cases this cycle include:
1. Pennsylvania Office of Attorney General (US) – Incransom Massive 5.7 TB data leak including sensitive government files and alleged FBI network access.
2. NV ELMAR (Aruba) – Qilin Exclusive national power provider. Attack risks a total blackout across the island.
3. Amos Spacecom (IL) – Handala Critical satellite operator breached; exposure of military and governmental satellite data.
4. Thermofin (CA/DE) – Sarcoma Industrial cooling systems provider with a 2.9 TB leak. Supply chain implications across energy & manufacturing.
5. Jones Soda (US) – Akira Consumer goods producer; 66 GB leaked, including contracts with PepsiCo and sensitive employee/financial data.
6. Yooshin Engineering Corporation (KR) – Qilin Major South Korean engineering consultancy. Risks to infrastructure and government projects.
7. Asserson Law (UK) – DragonForce Over 500k legal documents leaked. Impact across corporate, lobbying, and litigation activities.
Threat Trends
Ransomware operators diversify: Qilin, Akira, Incransom, Handala, DragonForce remain highly active.
Critical infrastructure under pressure: Energy (NV ELMAR), satellites (Spacecom), utilities.
Supply chain & legal sectors targeted heavily.
Data volumes escalating: multiple leaks in the terabyte range.
Infostealers continue expanding with 132 new malware packages fueling credential theft.
Discover all attacks and leaks and check if your data has been compromised at: