IT services firm in South Asia hit by ransomware attack
Incident
Summary
Hide ▲
Show ▼
The IT services firm in South Asia suffered a Spirals ransomware intrusion that moved from initial access to data theft and encryption in less than 24 hours, putting operations and extortion exposure at immediate risk. The attacker reached the network through an exposed IIS server and used a web shell to expand access. The intrusion combined credential theft, lateral movement, and ransomware deployment into a fast-moving compromise.
Related Happenings
IT services firm in South Asia data exposed after Spirals breach
Data Leak
H score31
First: 16.07.2026 13:00
Last: 16.07.2026 13:00
Sources 1
How related:
A new ransomware actor called Spirals completed a corporate intrusion, from initial access to data theft and encryption, in less than 24 hours.
About this happening:
Spirals stole data from an IT services firm in South Asia, creating extortion leverage and a threat of public exposure. The intrusion moved from initial access to...
IT services firm in South Asia data exposed after Spirals breach
Data LeakHow related: A new ransomware actor called Spirals completed a corporate intrusion, from initial access to data theft and encryption, in less than 24 hours.
About this happening: Spirals stole data from an IT services firm in South Asia, creating extortion leverage and a threat of public exposure. The intrusion moved from initial access to...
GodDamn ransomware PoisonX BYOVD activity
Malware Activity
H score14
First: 09.07.2026 13:43
Last: 09.07.2026 13:43
Sources 1
About this happening:
GodDamn ransomware, part of the Hyadina family, has evolved into a Windows intrusion chain that uses AnyDesk, credential theft, and the PoisonX kernel driver t...
GodDamn ransomware PoisonX BYOVD activity
Malware ActivityAbout this happening: GodDamn ransomware, part of the Hyadina family, has evolved into a Windows intrusion chain that uses AnyDesk, credential theft, and the PoisonX kernel driver t...
Luxury jewelry retailer hit by ransomware attack
Incident
H score45
First: 07.07.2026 16:27
Last: 07.07.2026 16:27
Sources 1
About this happening:
A luxury jewelry retailer suffered a help-desk social engineering intrusion in May 2025 that led to account takeover and the theft of at least 77 gigabytes of data...
Luxury jewelry retailer hit by ransomware attack
IncidentAbout this happening: A luxury jewelry retailer suffered a help-desk social engineering intrusion in May 2025 that led to account takeover and the theft of at least 77 gigabytes of data...
Major U.S. services company hit by ransomware attack linked to DragonForce
Incident
H score38
First: 16.06.2026 13:18
Last: 16.06.2026 13:18
Sources 1
About this happening:
A DragonForce ransomware incident hit a major U.S. services firm in December 2025, with attackers maintaining access for one to two months and hiding command-and...
Major U.S. services company hit by ransomware attack linked to DragonForce
IncidentAbout this happening: A DragonForce ransomware incident hit a major U.S. services firm in December 2025, with attackers maintaining access for one to two months and hiding command-and...
Medusa ransomware post-compromise deployment
Malware Activity
H score48
First: 07.04.2026 09:35
Last: 07.04.2026 09:35
Sources 1
About this happening:
Medusa ransomware is being deployed rapidly after initial access, turning intrusions into fast-moving extortion events and shrinking defenders' response time. The malware acti...
Medusa ransomware post-compromise deployment
Malware ActivityAbout this happening: Medusa ransomware is being deployed rapidly after initial access, turning intrusions into fast-moving extortion events and shrinking defenders' response time. The malware acti...
Timeline
-
16.07.2026 13:00 2 articles · 1h ago
IT services firm in South Asia hit by ransomware attack
Initial DisclosureThe compromise started with an exposed IIS server and an ASP.NET web shell that gave the operator a foothold inside the victim network. Within hours, the intruder was already steering access, stealing credentials, and preparing the environment for encryption.
Show sources
- New Spirals ransomware encrypts victim network in under 24 hours — www.bleepingcomputer.com — 16.07.2026 13:00
- New Spirals ransomware encrypts victim network in under 24 hours — www.bleepingcomputer.com — 16.07.2026 13:00