Dutch paint manufacturer AkzoNobel confirmed a network breach at one of its U.S. sites, with the Anubis ransomware operation claiming responsibility and alleging theft of ~170GB (about 170,000 files) of data. Reported stolen materials include confidential client agreements, employee contact details, private emails, passport scans, and technical documents; AkzoNobel said the incident was contained and impact was limited, and it did not disclose whether negotiations are underway. Reporting also noted Anubis’ evolution as a ransomware-as-a-service (RaaS) operation and prior use of a data-wiper capability intended to destroy files beyond recovery.
Separately, the University of Mississippi Medical Center (UMMC) reported it restored normal clinic operations after a ransomware attack disrupted electronic medical records, phone lines, and multiple IT systems for nine days; no group had publicly claimed the intrusion, though officials said they were in contact with the attackers and working with authorities and specialists. Additional context on the broader ransomware landscape included a February tally of publicly disclosed incidents across sectors and geographies, and technical reporting showing how a successful brute-force login against exposed RDP can lead to domain enumeration, credential-hunting, and identification of geo-distributed infrastructure tied to a RaaS ecosystem and initial access brokers—highlighting continued risk from internet-exposed remote access services and credential-based intrusion paths.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
5 events from the most recent confirmed update back to the earliest known activity.
The Anubis ransomware gang claimed responsibility for the AkzoNobel breach, alleging it stole about 170GB of data comprising roughly 170,000 files. The purportedly exposed material includes client agreements, employee contact details, private emails, passport scans, and technical documents.
AkzoNobel confirmed that one of its U.S. sites experienced a network breach. The company indicated the incident had been contained and that the impact was limited.
UMMC said phone lines were restored, clinics reopened, and patients were being contacted to reschedule missed appointments after the ransomware-related disruption. The medical center also said it was working with the FBI, CISA, and outside specialists while communicating with the attackers and assessing next steps.
The University of Mississippi Medical Center suffered a ransomware attack that caused a nine-day disruption, blocking access to electronic medical records and taking down many IT systems. The incident forced cancellations of outpatient procedures, ambulatory surgeries, and imaging appointments, while hospital services continued under downtime procedures.
The Anubis ransomware-as-a-service operation began activity in December 2024. Reporting later noted it had used a data-wiping capability that can permanently destroy files.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.