Datasets

Loading...

2,000 free credits · No card required

Events found
Web pages reviewed
Coverage
Showing of verified events Dataset generated by CatchAll · Updated monthly

Unlock the full dataset

Run your own query →

2,000 free credits · No card required

Who uses this data

FAQ
Ransomware Attacks and Operational Disruptions Tracker
161
June 2026
Security & Stability
Confirmed ransomware attacks and cyber incidents that caused operational disruptions, structured each month from cybersecurity publications, threat intelligence feeds, government advisories, and company disclosures. Each record covers the affected organisation, ransomware family or threat actor where identified, ransom amount where disclosed, a description of the operational disruption (including system outages, service interruptions, and business impact), and the attack date. Source links are not available for this dataset — the source column is included in the schema but contains no URLs. Events confirmed only by threat actor leak sites without corroborating news or official disclosure are categorised separately.
Ransomware attacks on companies causing operational disruption in June 2026
CISOs and security operations teams use it to track active ransomware groups and attack patterns across sectors. Cyber insurance underwriters assess frequency and severity of ransomware events by industry vertical through it. Incident response firms use it for situational awareness during active campaigns. Journalists and researchers covering cybercrime use it as a structured, sourced record of confirmed attacks.
7597
<table class="catchall-table"><thead><tr><th style="min-width:40px">#</th><th style="min-width:280px">Event</th><th style="min-width:160px">Affected Company</th><th style="min-width:160px">Operational Impact</th><th style="min-width:160px">Location</th><th style="min-width:160px">Industry</th><th style="min-width:160px">Ransom Amount</th><th style="min-width:160px">Attack Date</th><th style="min-width:160px">Ransomware Group</th><th style="min-width:160px">Ransom Currency</th><th style="min-width:160px">Recovery Time</th><th style="min-width:160px">Ransomware Variant</th></tr></thead><tbody><tr><td style="min-width:40px">1</td><td style="min-width:280px">Ransomware attack on Dokuz Eylül University Hospital</td><td style="min-width:160px">Dokuz Eylül University Faculty of Medicine Hospital</td><td style="min-width:160px">Brief disruption to digital infrastructure, affecting patient registration, data access, and clinical workflows.</td><td style="min-width:160px">Izmir</td><td style="min-width:160px">healthcare</td><td style="min-width:160px">2,000,000</td><td style="min-width:160px">2026-06-21</td><td style="min-width:160px">BlackCat/ALPHV</td><td style="min-width:160px">USD</td><td style="min-width:160px">less than a day</td><td style="min-width:160px">ALPHV</td></tr><tr><td style="min-width:40px">2</td><td style="min-width:280px">Ransomware attack on CHSF of Corbeil-Essonnes</td><td style="min-width:160px">CHSF of Corbeil-Essonnes</td><td style="min-width:160px">Several weeks of operation in degraded mode; 15 million patients potentially affected.</td><td style="min-width:160px">Corbeil-Essonnes, France</td><td style="min-width:160px">healthcare</td><td style="min-width:160px">2,000,000</td><td style="min-width:160px">2026-06-01</td><td style="min-width:160px">LockBit</td><td style="min-width:160px">USD</td><td style="min-width:160px">Several weeks</td><td style="min-width:160px">LockBit</td></tr><tr><td style="min-width:40px">3</td><td style="min-width:280px">Foster City Cyber Attack Causes Operational Disruption</td><td style="min-width:160px">Foster City</td><td style="min-width:160px">City network offline, staff unable to make/receive calls or emails, permitting systems down.</td><td style="min-width:160px">Foster City</td><td style="min-width:160px">government</td><td style="min-width:160px">2,000,000</td><td style="min-width:160px">2026-06-02</td><td style="min-width:160px">LockBit</td><td style="min-width:160px">USD</td><td style="min-width:160px">3 weeks</td><td style="min-width:160px">LockBit 3.0</td></tr><tr><td style="min-width:40px">4</td><td style="min-width:280px">Ransomware threats to European manufacturers</td><td style="min-width:160px">Organizations with operational technology (OT) environments</td><td style="min-width:160px">operational disruptions</td><td style="min-width:160px">Europe</td><td style="min-width:160px">manufacturing</td><td style="min-width:160px">1,000,000</td><td style="min-width:160px">2026-06-01</td><td style="min-width:160px">LockBit</td><td style="min-width:160px">USD</td><td style="min-width:160px">3 weeks</td><td style="min-width:160px">LockBit 3.0</td></tr><tr><td style="min-width:40px">5</td><td style="min-width:280px">Tokyo Electron Devices President Discusses Cyberattack Defenses</td><td style="min-width:160px">Tokyo Electron Devices</td><td style="min-width:160px">production halted</td><td style="min-width:160px">Tokyo, Japan</td><td style="min-width:160px">technology trading</td><td style="min-width:160px">1,000,000</td><td style="min-width:160px">2026-06-01</td><td style="min-width:160px">LockBit</td><td style="min-width:160px">USD</td><td style="min-width:160px">3 weeks</td><td style="min-width:160px">Conti</td></tr><tr class="catchall-blurred"><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td></tr><tr class="catchall-blurred"><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td></tr><tr class="catchall-blurred"><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td><td>████████████</td></tr></tbody></table>
<h3>How does CatchAll confirm an incident is a ransomware attack rather than another type of cyber event?</h3><p>Inclusion requires at least one authoritative source – a company disclosure, government advisory, or credible threat intelligence report – confirming ransomware involvement. Incidents labelled only as 'cyber incidents' without confirmed ransomware attribution are categorised separately.</p><h3>Are attacks on critical infrastructure flagged separately?</h3><p>Yes. Events involving critical infrastructure sectors are tagged with a sector classification, making it straightforward to filter for healthcare, energy, water, or government targets.</p><h3>How does this differ from Ransomware.live?</h3><p>Ransomware.live focuses on victim listings from ransomware group leak sites. This Tracker covers operationally disruptive attacks reported through news and official disclosures, including attacks where the victim has not appeared on a leak site.</p><h3>What is the refresh rate of this dataset?</h3><p>We rerun this dataset once a month. You can create your own dataset that updates as frequently as every one hour on <a href="https://platform.newscatcherapi.com/catchall">platform.newscatcherapi.com/catchall</a></p>

Secure strategic advantage with real-world signals for your teams and models

What you don't know can hurt you. Let's change that.

Book a Demo