Ransomware Attacks and Operational Disruptions Tracker
27
April–May 2026
Security & Stability
Confirmed ransomware attacks and cyber incidents that caused operational disruptions, structured each month from cybersecurity publications, threat intelligence feeds, government advisories, and company disclosures. Each record covers the targeted organisation, industry sector, ransomware group or threat actor where identified, nature of the operational impact (system outages, service disruptions, data exfiltration), ransom demand or payment where disclosed, and the incident date. Events confirmed only by threat actor leak sites without corroborating news or official disclosure are categorised separately.
Ransomware attacks on companies causing operational disruption in the past month
CISOs and security operations teams use it to track active ransomware groups and attack patterns across sectors. Cyber insurance underwriters assess frequency and severity of ransomware events by industry vertical through it. Incident response firms use it for situational awareness during active campaigns. Journalists and researchers covering cybercrime use it as a structured, sourced record of confirmed attacks.
3545
<table class="catchall-table"><thead><tr><th style="min-width:40px">#</th><th style="min-width:200px">Affected Company</th><th style="min-width:130px;white-space:nowrap">Ransomware Family</th><th style="min-width:120px;white-space:nowrap">Ransom Amount</th><th style="min-width:300px">Disruption Description</th><th style="min-width:120px;white-space:nowrap">Attack Date</th><th style="min-width:120px;white-space:nowrap">Source</th></tr></thead><tbody><tr><td style="min-width:40px">1</td><td style="min-width:200px">Kent District Library</td><td style="white-space:nowrap">—</td><td style="white-space:nowrap">1</td><td style="min-width:300px">Network outage closed all Kent District Library branches for days. Public computers, printers, copiers, gaming labs unavailable.</td><td style="white-space:nowrap">2026-04-24</td><td style="white-space:nowrap"><a href="https://www.wzzm13.com/article/news/local/no-answers-as-cherry-health-kdl-tech-outages-drag-on-for-days/69-a56c285a-6b90-4f75-b6e1-fdf10e7a1036" target="_blank" rel="nofollow">wzzm13.com</a></td></tr><tr><td style="min-width:40px">2</td><td style="min-width:200px">Ikeja Electric</td><td style="white-space:nowrap">ByteToBreach</td><td style="white-space:nowrap">1</td><td style="min-width:300px">Disrupted critical systems, customer billing and energy metering systems, backup systems also affected. Metering platforms from multiple providers were disabled.</td><td style="white-space:nowrap">2026-04-28</td><td style="white-space:nowrap"><a href="https://www.citypeopleonline.com/billing-metering-disrupted-as-hackers-hit-ikeja-electric" target="_blank" rel="nofollow">citypeopleonline.com</a></td></tr><tr><td style="min-width:40px">3</td><td style="min-width:200px">Norrmejerier</td><td style="white-space:nowrap">—</td><td style="white-space:nowrap">1000000</td><td style="min-width:300px">knocked out the whole network. Everything stood still, from the time the milk enters tankers to being pasteurized and packaged. Milk had to be discarded, production stopped</td><td style="white-space:nowrap">2026-04-28</td><td style="white-space:nowrap"><a href="https://vdtidningen.se/allt-stannade-norrmejeriers-vd-om-cyberattacken-som-hotade-hela-affaren" target="_blank" rel="nofollow">vdtidningen.se</a></td></tr><tr><td style="min-width:40px">4</td><td style="min-width:200px">Carnival Corporation</td><td style="white-space:nowrap">—</td><td style="white-space:nowrap">1</td><td style="min-width:300px">—</td><td style="white-space:nowrap">2026-04-28</td><td style="white-space:nowrap"><a href="https://www.travelandtourworld.com/news/article/carnival-corporation-investigates-possible-ransomware-attack-latest-update" target="_blank" rel="nofollow">travelandtourworld.com</a></td></tr><tr><td style="min-width:40px">5</td><td style="min-width:200px">VECT Ransomware Acts as Data Wiper</td><td style="white-space:nowrap">VECT</td><td style="white-space:nowrap">—</td><td style="min-width:300px">destroys everything bigger than 128kb, making retrieval without a backup impossible.</td><td style="white-space:nowrap">2026-04-29</td><td style="white-space:nowrap"><a href="https://www.dekrantenkoppen.be/detail/3483461/vect-is-being-marketed-as-ransomware-but-it-functions-as-a-data-destruction-tool-experts-warn-this-broken-ransomware-is-now-acting-as-a-data-wiper-so-protect-your-files-now.html" target="_blank" rel="nofollow">dekrantenkoppen.be</a></td></tr><tr class="catchall-blurred"><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td></tr><tr class="catchall-blurred"><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td></tr><tr class="catchall-blurred"><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td></tr></tbody></table>
<h3>How does CatchAll confirm an incident is a ransomware attack rather than another type of cyber event?</h3><p>Inclusion requires at least one authoritative source – a company disclosure, government advisory, or credible threat intelligence report – confirming ransomware involvement. Incidents labelled only as 'cyber incidents' without confirmed ransomware attribution are categorised separately.</p><h3>Are attacks on critical infrastructure flagged separately?</h3><p>Yes. Events involving critical infrastructure sectors are tagged with a sector classification, making it straightforward to filter for healthcare, energy, water, or government targets.</p><h3>How does this differ from Ransomware.live?</h3><p>Ransomware.live focuses on victim listings from ransomware group leak sites. This Tracker covers operationally disruptive attacks reported through news and official disclosures, including attacks where the victim has not appeared on a leak site.</p><h3>What is the refresh rate of this dataset?</h3><p>We rerun this dataset once a month. You can create your own dataset that updates as frequently as every one hour on <a href="https://platform.newscatcherapi.com/catchall">platform.newscatcherapi.com/catchall</a></p>