Ransomware Attacks & Operational Disruptions – May 2026
27
April–May 2026
Security & Stability
Ransomware attacks causing operational disruptions at companies across healthcare, utilities, manufacturing, and logistics sectors.
Ransomware attacks on companies causing operational disruption in the past month
CatchAll web intelligence query aggregating news sources for ransomware attacks causing operational disruption.
3545
<div style="overflow-x:auto;width:100%"><table class="catchall-table"><th style="min-width:40px"><tr><th style="min-width:40px">#</th><th style="min-width:200px">Affected Company</th><th style="min-width:130px;white-space:nowrap">Ransomware Family</th><th style="min-width:120px;white-space:nowrap">Ransom Amount</th><th style="min-width:300px">Disruption Description</th><th style="min-width:120px;white-space:nowrap">Attack Date</th><th style="min-width:120px;white-space:nowrap">Source</th></tr></thead><tbody><tr><td style="min-width:40px">1</td><td style="min-width:200px">Kent District Library</td><td style="white-space:nowrap">—</td><td style="white-space:nowrap">1</td><td style="min-width:300px">Network outage closed all Kent District Library branches for days. Public computers, printers, copiers, gaming labs unavailable.</td><td style="white-space:nowrap">2026-04-24</td><td style="white-space:nowrap"><a href="https://www.wzzm13.com/article/news/local/no-answers-as-cherry-health-kdl-tech-outages-drag-on-for-days/69-a56c285a-6b90-4f75-b6e1-fdf10e7a1036" target="_blank" rel="nofollow">wzzm13.com</a></td></tr><tr><td style="min-width:40px">2</td><td style="min-width:200px">Ikeja Electric</td><td style="white-space:nowrap">ByteToBreach</td><td style="white-space:nowrap">1</td><td style="min-width:300px">Disrupted critical systems, customer billing and energy metering systems, backup systems also affected. Metering platforms from multiple providers were disabled.</td><td style="white-space:nowrap">2026-04-28</td><td style="white-space:nowrap"><a href="https://www.citypeopleonline.com/billing-metering-disrupted-as-hackers-hit-ikeja-electric" target="_blank" rel="nofollow">citypeopleonline.com</a></td></tr><tr><td style="min-width:40px">3</td><td style="min-width:200px">Norrmejerier</td><td style="white-space:nowrap">—</td><td style="white-space:nowrap">1000000</td><td style="min-width:300px">knocked out the whole network. Everything stood still, from the time the milk enters tankers to being pasteurized and packaged. Milk had to be discarded, production stopped</td><td style="white-space:nowrap">2026-04-28</td><td style="white-space:nowrap"><a href="https://vdtidningen.se/allt-stannade-norrmejeriers-vd-om-cyberattacken-som-hotade-hela-affaren" target="_blank" rel="nofollow">vdtidningen.se</a></td></tr><tr><td style="min-width:40px">4</td><td style="min-width:200px">Carnival Corporation</td><td style="white-space:nowrap">—</td><td style="white-space:nowrap">1</td><td style="min-width:300px">—</td><td style="white-space:nowrap">2026-04-28</td><td style="white-space:nowrap"><a href="https://www.travelandtourworld.com/news/article/carnival-corporation-investigates-possible-ransomware-attack-latest-update" target="_blank" rel="nofollow">travelandtourworld.com</a></td></tr><tr><td style="min-width:40px">5</td><td style="min-width:200px">VECT Ransomware Acts as Data Wiper</td><td style="white-space:nowrap">VECT</td><td style="white-space:nowrap">—</td><td style="min-width:300px">destroys everything bigger than 128kb, making retrieval without a backup impossible.</td><td style="white-space:nowrap">2026-04-29</td><td style="white-space:nowrap"><a href="https://www.dekrantenkoppen.be/detail/3483461/vect-is-being-marketed-as-ransomware-but-it-functions-as-a-data-destruction-tool-experts-warn-this-broken-ransomware-is-now-acting-as-a-data-wiper-so-protect-your-files-now.html" target="_blank" rel="nofollow">dekrantenkoppen.be</a></td></tr><tr><td style="min-width:40px">6</td><td style="min-width:200px">Autovista Group</td><td style="white-space:nowrap">BlackCat</td><td style="white-space:nowrap">1000000</td><td style="min-width:300px">The attack forced a complete shutdown of production lines across three facilities for 72 hours, and customer order processing systems remained offline for five days.</td><td style="white-space:nowrap">2026-04-29</td><td style="white-space:nowrap"><a href="https://www.5min.at/oesterreich/5202604290924/eurotax-blackout-hacker-attacke-bremst-oesterreichs-versicherungen-aus" target="_blank" rel="nofollow">5min.at</a></td></tr><tr><td style="min-width:40px">7</td><td style="min-width:200px">Columbia Surgical Partners</td><td style="white-space:nowrap">—</td><td style="white-space:nowrap">1</td><td style="min-width:300px">making it difficult to access medical records, unable to access our electronic medical records.</td><td style="white-space:nowrap">2026-04-29</td><td style="white-space:nowrap"><a href="https://www.wsmv.com:443/2026/04/30/patient-medical-records-compromised-by-cyberattack-columbia-surgical-clinic" target="_blank" rel="nofollow">wsmv.com</a></td></tr><tr><td style="min-width:40px">8</td><td style="min-width:200px">manufacturing industry</td><td style="white-space:nowrap">—</td><td style="white-space:nowrap">1000000</td><td style="min-width:300px">They paralyze production lines</td><td style="white-space:nowrap">2026-04-29</td><td style="white-space:nowrap"><a href="https://www.firmenpresse.de/pressinfo2247849-check-point-warnt-cyberkriminelle-nehmen-fertigungssektor-ins-visier.html" target="_blank" rel="nofollow">firmenpresse.de</a></td></tr><tr><td style="min-width:40px">9</td><td style="min-width:200px">4SELLERS</td><td style="white-space:nowrap">Quilin</td><td style="white-space:nowrap">1000000</td><td style="min-width:300px">Temporary restrictions related to internal licensing service, restored within a few hours. Customers experienced some functions/services not fully available, and internal processes</td><td style="white-space:nowrap">2026-04-30</td><td style="white-space:nowrap"><a href="https://borncity.com/blog/2026/05/15/cyberangriff-auf-4sellers-wohl-keine-kundensysteme-betroffen-teil-2" target="_blank" rel="nofollow">borncity.com</a></td></tr><tr><td style="min-width:40px">10</td><td style="min-width:200px">LinkedIn, Comcast, and Delta Air Lines</td><td style="white-space:nowrap">Vibe coded ransomware</td><td style="white-space:nowrap">1000000</td><td style="min-width:300px">destroys your files instead of holding them hostage. it&#x27;s a day&#x27;s doing lost at worst.</td><td style="white-space:nowrap">2026-05-01</td><td style="white-space:nowrap"><a href="https://www.fark.com/comments/14052932/Uh-oh-there-is-a-new-ransomware-so-badly-coded-it-destroys-your-files-instead-of-holding-them-hostage-So-at-least-you-dont-have-to-worry-about-it-getting-out-to-everyone-else-so-I-guess-there-is-a-plus" target="_blank" rel="nofollow">fark.com</a></td></tr><tr><td style="min-width:40px">11</td><td style="min-width:200px">NTBSatu</td><td style="white-space:nowrap">—</td><td style="white-space:nowrap">0.1</td><td style="min-width:300px">The NTBSatu site was allegedly attacked by ransomware, making it inaccessible since May 1 2026. The site only displays a white screen.</td><td style="white-space:nowrap">2026-05-01</td><td style="white-space:nowrap"><a href="https://lombok.tribunnews.com/news/104971/situs-media-ntbsatu-diserang-ransomware-aji-mataram-desak-perlindungan-terhadap-kebebasan-pers" target="_blank" rel="nofollow">lombok.tribunnews.com</a></td></tr><tr><td style="min-width:40px">12</td><td style="min-width:200px">City of Quiberon</td><td style="white-space:nowrap">Qilin</td><td style="white-space:nowrap">1000000</td><td style="min-width:300px">The attack involved taking control of the computer system, stealing and encrypting data, rendering it unusable. Some municipal services were temporarily disrupted or difficult to reach.</td><td style="white-space:nowrap">2026-05-03</td><td style="white-space:nowrap"><a href="https://www.ouest-france.fr/societe/cyberattaque/la-ville-de-quiberon-victime-dune-cyberattaque-la-municipalite-a-refuse-le-paiement-dune-rancon-5554e50e-4edf-11f1-88ee-769cab556f2f" target="_blank" rel="nofollow">ouest-france.fr</a></td></tr><tr><td style="min-width:40px">13</td><td style="min-width:200px">West Pharmaceutical Services</td><td style="white-space:nowrap">—</td><td style="white-space:nowrap">1</td><td style="min-width:300px">disrupted parts of its global business operations. The attack hit shipping, manufacturing, and shared service functions, with some systems encrypted.</td><td style="white-space:nowrap">2026-05-04</td><td style="white-space:nowrap"><a href="https://cybernews.com/security/west-pharmaceutical-ransomware-attack-operations-disrupted" target="_blank" rel="nofollow">cybernews.com</a></td></tr><tr><td style="min-width:40px">14</td><td style="min-width:200px">Accretech America Inc.</td><td style="white-space:nowrap">—</td><td style="white-space:nowrap">1</td><td style="min-width:300px">shut down the network to prevent further damage and stopped using various systems.</td><td style="white-space:nowrap">2026-05-04</td><td style="white-space:nowrap"><a href="https://www.excite.co.jp/news/article/Scannetsecurity_55262" target="_blank" rel="nofollow">excite.co.jp</a></td></tr><tr><td style="min-width:40px">15</td><td style="min-width:200px">Arbeitsgemeinschaft Wirtschaftslichkeitprüfung Niedersachsen (Arwini)</td><td style="white-space:nowrap">Kairos</td><td style="white-space:nowrap">1000000</td><td style="min-width:300px">Data was tapped, and a data outflow confirmed. Contact, health, and billing information of patients potentially affected by the cyberattack.</td><td style="white-space:nowrap">2026-05-05</td><td style="white-space:nowrap"><a href="https://www.sueddeutsche.de/panorama/kriminalitaet-polizei-bestaetigt-datenklau-bei-rezept-pruefer-dpa.urn-newsml-dpa-com-20090101-260519-930-101170" target="_blank" rel="nofollow">sueddeutsche.de</a></td></tr><tr><td style="min-width:40px">16</td><td style="min-width:200px">null</td><td style="white-space:nowrap">Karakurt, Conti, Royal, Akira, TommyLeaks, SchoolBoys Ransomware</td><td style="white-space:nowrap">15800000</td><td style="min-width:300px">disrupted 911 emergency dispatch systems, stole children&#x27;s health information, exposed thousands of Social Security numbers, dates of birth, and home addresses, and leaked sensitive</td><td style="white-space:nowrap">2026-05-06</td><td style="white-space:nowrap"><a href="https://techcrunch.com/2026/05/06/doj-says-ransomware-gang-tapped-into-russian-government-databases" target="_blank" rel="nofollow">techcrunch.com</a></td></tr><tr><td style="min-width:40px">17</td><td style="min-width:200px">A large industry in Thessaloniki</td><td style="white-space:nowrap">—</td><td style="white-space:nowrap">1</td><td style="min-width:300px">could not serve the market for 30 days, after a cyber attack it had received.</td><td style="white-space:nowrap">2026-05-06</td><td style="white-space:nowrap"><a href="https://www.reporter.gr/eidhseis/epicheirhseis/development-of-automation-systems/674192-odyssey-cybersecurity-plano-anaptyksis-se-ellada-ee-kai-ipa" target="_blank" rel="nofollow">reporter.gr</a></td></tr><tr><td style="min-width:40px">18</td><td style="min-width:200px">UAE organizations</td><td style="white-space:nowrap">Lockbit 3.0</td><td style="white-space:nowrap">1000000</td><td style="min-width:300px">Critical infrastructure has experienced attempted disruptions, particularly in data centers and energy sector operations, and some resulting in significant data leaks.</td><td style="white-space:nowrap">2026-05-07</td><td style="white-space:nowrap"><a href="https://famedelivered.com/uae-cyber-threat-landscape-2026-ai-driven-attacks-ransomware-surge-and-exploited-vulnerabilities-in-ivanti-microsoft-and" target="_blank" rel="nofollow">famedelivered.com</a></td></tr><tr><td style="min-width:40px">19</td><td style="min-width:200px">null</td><td style="white-space:nowrap">—</td><td style="white-space:nowrap">1000000</td><td style="min-width:300px">In some cases, malware blocks access to the system, after which the attackers demand a ransom for data recovery.</td><td style="white-space:nowrap">2026-05-07</td><td style="white-space:nowrap"><a href="https://magnitogorsk.bezformata.com/listnews/opasniy-shablon/159385103" target="_blank" rel="nofollow">magnitogorsk.bezformata.com</a></td></tr><tr><td style="min-width:40px">20</td><td style="min-width:200px">Scope Systems</td><td style="white-space:nowrap">—</td><td style="white-space:nowrap">1000000</td><td style="min-width:300px">Dozens of Australian mining companies are scrambling to access their key technology systems after a major software supplier to the sector was breached.</td><td style="white-space:nowrap">2026-05-08</td><td style="white-space:nowrap"><a href="https://www.afr.com/technology/miners-data-targeted-as-hackers-hold-software-provider-to-ransom-20260508-p5zv16" target="_blank" rel="nofollow">afr.com</a></td></tr><tr><td style="min-width:40px">21</td><td style="min-width:200px">UnoAerre</td><td style="white-space:nowrap">—</td><td style="white-space:nowrap">3800000</td><td style="min-width:300px">The attack paralyzed servers and internal workstations, effectively blocking the production chain and paralyzing an entire industrial reality for almost twenty-four hours.</td><td style="white-space:nowrap">2026-05-10</td><td style="white-space:nowrap"><a href="https://www.zazoom.it/2026-05-10/unoaerre-sotto-lattacco-degli-hacker-richiesto-riscatto-da-milioni-di-bitcoin/19157271" target="_blank" rel="nofollow">zazoom.it</a></td></tr><tr><td style="min-width:40px">22</td><td style="min-width:200px">Independent Public Provincial Hospital in Szczecin</td><td style="white-space:nowrap">LockBit</td><td style="white-space:nowrap">1000000</td><td style="min-width:300px">The attack forced a complete shutdown of production lines across three facilities for 72 hours, and customer order processing systems remained offline for five days.</td><td style="white-space:nowrap">2026-05-11</td><td style="white-space:nowrap"><a href="https://alertmedyczny.pl/mz-i-csirt-cez-szkola-szpitale-po-ataku-ransomware-w-szczecinie" target="_blank" rel="nofollow">alertmedyczny.pl</a></td></tr><tr><td style="min-width:40px">23</td><td style="min-width:200px">Foxconn</td><td style="white-space:nowrap">Nitrogen</td><td style="white-space:nowrap">1000000</td><td style="min-width:300px">briefly disrupting operations and forcing some staff to work on paper or stay home.</td><td style="white-space:nowrap">2026-05-15</td><td style="white-space:nowrap"><a href="https://patch.com/wisconsin/mountpleasant/patch-am-how-ransomware-gang-briefly-disrupted-foxconn-s-moun-nodx-20260515" target="_blank" rel="nofollow">patch.com</a></td></tr><tr><td style="min-width:40px">24</td><td style="min-width:200px">null</td><td style="white-space:nowrap">Mouse Locked</td><td style="white-space:nowrap">1</td><td style="min-width:300px">all files are encrypted, there is no effective solution yet. Try other methods to recover customer data, but such high-intensity ransomware encryption is often difficult to recover</td><td style="white-space:nowrap">2026-05-17</td><td style="white-space:nowrap"><a href="https://soft.zol.com.cn/1178/11787730.html" target="_blank" rel="nofollow">soft.zol.com.cn</a></td></tr><tr><td style="min-width:40px">25</td><td style="min-width:200px">Asahi GHD</td><td style="white-space:nowrap">LockBit</td><td style="white-space:nowrap">1000000</td><td style="min-width:300px">The attack forced a complete shutdown of production lines across three facilities for 72 hours, and customer order processing systems remained offline for five days.</td><td style="white-space:nowrap">2026-05-18</td><td style="white-space:nowrap"><a href="https://www.weeklybcn.com/journal/news/detail/20260521_215266.html" target="_blank" rel="nofollow">weeklybcn.com</a></td></tr><tr><td style="min-width:40px">26</td><td style="min-width:200px">Acme Manufacturing Corp</td><td style="white-space:nowrap">LockBit 3.0</td><td style="white-space:nowrap">2500000000</td><td style="min-width:300px">The attack forced a complete shutdown of production lines across three facilities for 72 hours, and customer order processing systems remained offline for five days.</td><td style="white-space:nowrap">2026-05-20</td><td style="white-space:nowrap"><a href="https://www.gettysburgtimes.com/news/business/why-no-business-is-too-small-for-cybercriminals/article_d5dad58c-c425-44fc-962a-cb3e037d5e09.html" target="_blank" rel="nofollow">gettysburgtimes.com</a></td></tr><tr><td style="min-width:40px">27</td><td style="min-width:200px">Delano Public Schools</td><td style="white-space:nowrap">—</td><td style="white-space:nowrap">1</td><td style="min-width:300px">The attack shuttered schools on Wednesday, shut down online systems, and limited internet access to hard lines.</td><td style="white-space:nowrap">2026-05-20</td><td style="white-space:nowrap"><a href="https://bringmethenews.com/minnesota-news/delano-schools-back-in-session-thursday-following-cyber-attack" target="_blank" rel="nofollow">bringmethenews.com</a></td></tr></tbody></table></div>
Datasets

Loading...

Query used
Run your own query →

2,000 free credits · No card required

Events found
Web pages reviewed
79.8%
Observable recall
Showing of verified events Dataset generated by CatchAll · Updated monthly

Unlock the full dataset

Run your own query →

2,000 free credits · No card required

Secure strategic advantage with real-world signals for your teams and models

What you don't know can hurt you. Let's change that.

Book a Demo