Notable Ransomware Attacks and Incidents of 2025...so far.

Here is a list of some of the major ransomware attacks that have been reported throughout the year so far.

This is not an exhaustive list, rather a notables list, as many attacks go unreported or details are not made public. The ransomware landscape is also constantly changing, with new groups and campaigns emerging frequently.

• DaVita (Healthcare): The InterLock group claimed a ransomware attack on the healthcare provider DaVita, which infiltrated its servers from March to April 2025. The attack reportedly compromised sensitive data of over 2.6 million patients, including names, Social Security numbers, and health insurance information.

  
  

• Colt Technology Services (Telecommunications): In mid-August, Colt Technology Services was hit by the WarLock ransomware group. The attack knocked out its customer portal and other internal systems. The attackers claimed to have exfiltrated up to a million internal documents.

  
  

• Canada's House of Commons (Government): Threat actors reportedly exploited a Microsoft SharePoint vulnerability to breach the Canadian House of Commons network in August. They gained access to a device-management database and stole employee information.

  
  

• Inotiv (Pharmaceuticals): Drug research firm Inotiv suffered a ransomware attack by the Qilin gang in August. The attack encrypted critical systems, disrupted access to internal networks, and allegedly exfiltrated 176 GB of research data.

  
  

• Miljödata, Sweden (IT Services): A ransomware attack on Miljödata, an IT supplier serving about 80% of Sweden's municipalities, disrupted HR and sick-leave systems across approximately 200 municipal governments. The incident leaked data on over 1.5 million private individuals.

  
  

• UNFI (Grocery Wholesaler): In mid-June, United Natural Foods Inc. (UNFI), a major US grocery wholesaler and primary distributor for Whole Foods, fell victim to a cyberattack. The incident crippled its electronic ordering systems, causing grocery shortages across North America.

  
  

• Kering (Luxury Retail): The luxury fashion group Kering, which owns brands like Gucci and Balenciaga, announced in September that it had suffered a data breach in June. The attack, attributed to the Shiny Hunters group, stole customer data, including names, phone numbers, and email addresses.

  
  

• TransUnion (Credit Reporting): In July, a major data breach linked to a third-party application exposed the personal information of over 4.4 million individuals.

  
  

• Workday (HR Software): In August, HR software provider Workday confirmed a data breach linked to a wave of attacks targeting Salesforce CRM systems. The breach exposed business contact information like names, emails, and phone numbers.

  
  

• Air France and KLM (Airlines): Both airlines informed customers in August of a possible security incident linked to a third-party customer support tool they use. The breach may have exposed passenger names and contact details.

Key Trends Observed:

• Supply Chain Attacks: A significant number of attacks in 2025, such as those on Workday and Air France, have targeted third-party vendors and service providers. This highlights a growing trend of attackers exploiting weaknesses in a company's supply chain to compromise a broader range of clients.

• Healthcare and Government: The healthcare and government sectors continue to be prime targets for ransomware groups, as demonstrated by the attacks on DaVita and Canada's House of Commons. The sensitive data held by these organizations makes them particularly vulnerable to data theft and extortion.

• Geopolitical Motivation: While most ransomware attacks are financially motivated, some have been linked to geopolitical events, such as the attack on an Iranian bank.

Are you ready to fight back? Let's show you how!