Find notable cyber news and cases, enriched with sources, timelines, and signals.

IT services firm in South Asia hit by ransomware attack

Incident
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

The IT services firm in South Asia suffered a Spirals ransomware intrusion that moved from initial access to data theft and encryption in less than 24 hours, putting operations and extortion exposure at immediate risk. The attacker reached the network through an exposed IIS server and used a web shell to expand access. The intrusion combined credential theft, lateral movement, and ransomware deployment into a fast-moving compromise.

Related Happenings

IT services firm in South Asia data exposed after Spirals breach

Data Leak
H score31 First: 16.07.2026 13:00 Last: 16.07.2026 13:00 Sources 1

How related: A new ransomware actor called Spirals completed a corporate intrusion, from initial access to data theft and encryption, in less than 24 hours.

About this happening: Spirals stole data from an IT services firm in South Asia, creating extortion leverage and a threat of public exposure. The intrusion moved from initial access to...

GodDamn ransomware PoisonX BYOVD activity

Malware Activity
H score14 First: 09.07.2026 13:43 Last: 09.07.2026 13:43 Sources 1

About this happening: GodDamn ransomware, part of the Hyadina family, has evolved into a Windows intrusion chain that uses AnyDesk, credential theft, and the PoisonX kernel driver t...

Luxury jewelry retailer hit by ransomware attack

Incident
H score45 First: 07.07.2026 16:27 Last: 07.07.2026 16:27 Sources 1

About this happening: A luxury jewelry retailer suffered a help-desk social engineering intrusion in May 2025 that led to account takeover and the theft of at least 77 gigabytes of data...

Major U.S. services company hit by ransomware attack linked to DragonForce

Incident
H score38 First: 16.06.2026 13:18 Last: 16.06.2026 13:18 Sources 1

About this happening: A DragonForce ransomware incident hit a major U.S. services firm in December 2025, with attackers maintaining access for one to two months and hiding command-and...

Medusa ransomware post-compromise deployment

Malware Activity
H score48 First: 07.04.2026 09:35 Last: 07.04.2026 09:35 Sources 1

About this happening: Medusa ransomware is being deployed rapidly after initial access, turning intrusions into fast-moving extortion events and shrinking defenders' response time. The malware acti...

Timeline

  1. 16.07.2026 13:00 2 articles · 1h ago

    IT services firm in South Asia hit by ransomware attack

    Initial Disclosure

    The compromise started with an exposed IIS server and an ASP.NET web shell that gave the operator a foothold inside the victim network. Within hours, the intruder was already steering access, stealing credentials, and preparing the environment for encryption.

    Show sources