ZYMP IT Security — April 15, 2026
England Hockey Investigating 129GB Ransomware Data Breach
RANSOMWARE
England Hockey, the governing body for field hockey in England, is investigating a potential data breach after the AiLock ransomware gang listed it as a victim on its data leak site. The threat actor allegedly stole 129GB of data from the organization’s systems and announced that it will soon publish the files unless a ransom is paid. England Hockey has prioritized an inquiry involving both internal teams and external experts to determine what happened.
The organization is responsible for running, regulating, and developing field hockey nationwide, with a membership of more than 800 clubs across the country, 150,000 registered club players, and 15,000 coaches, umpires, and officials. England Hockey states that it cannot comment on specific details at the moment due to the ongoing investigation but emphasizes that understanding what, if any, data may have been impacted is a top priority.
AiLock is a relatively new ransomware operation documented by researchers at Zscaler in April 2025. The group engages in double-extortion attacks, using privacy law violations as leverage in negotiations. They give victims 72 hours to respond and start negotiating, and wait five days for payment under the threat of leaking stolen data and destroying recovery tools. The ransomware uses ChaCha20 and NTRUEncrypt to lock files, appending the .AILock extension to encrypted copies.
Dutch Healthcare IT Provider ChipSoft Hit by Ransomware Attack
HEALTHCARE
Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers. ChipSoft is a large provider of Electronic Health Record (EHR) systems in the Netherlands, with its flagship platform HiX used by many Dutch hospitals. The country’s computer emergency response team for cybersecurity in healthcare (Z-CERT) announced that a ransomware incident had impacted ChipSoft.
As a precaution, ChipSoft disabled all connections to its Zorgportaal, HiX Mobile, and Zorgplatform digital health services. Confirmed reports about system outages concern Sint Jans Gasthuis in Weert, the Laurentius in Roermond, the VieCuri hospital in Venlo, and the Flevo Hospital in Almere. The IT services provider assured healthcare center operators that it is taking all measures to limit adverse consequences, while advising them to disconnect from its systems until cleanup is completed.
Cyberattacks on healthcare IT system providers can be particularly damaging and lucrative for threat actors, as these companies operate information hubs for multiple healthcare centers managing troves of sensitive data. It has been reported that the attack at ChipSoft also impacted several Belgian hospitals. Last month, healthcare IT firm CareCloud disclosed a data breach incident that exposed sensitive data and caused a multi-hour service disruption.
Rockstar Games Targeted by ShinyHunters Ransomware Group
RANSOMWARE
Rockstar Games, the New York-based video game publishing company founded in 1998 and known for its action-adventure games, has become a victim of a ransomware attack orchestrated by the ShinyHunters ransomware group. The threat actor has added Rockstar Games to its dark web leak site, threatening to publish or sell stolen data if the gaming giant does not pay up. Rockstar Games has confirmed the breach, though the exact nature and quantity of data exposed remains under investigation.
Rockstar Games operates through more than 12 studios worldwide in countries including Canada, Scotland, London, and India. The company is one of the most recognizable names in the gaming industry, with titles including the Grand Theft Auto series and Red Dead Redemption. A ransomware attack on such a high-profile target represents a significant escalation, as the company holds valuable intellectual property and potentially sensitive development data that could be devastating if exposed.
ShinyHunters is a known ransomware group that has previously targeted various organizations. Their tactics typically involve stealing sensitive data and threatening to leak it unless a ransom payment is made. The attack on Rockstar Games highlights how even the largest and most sophisticated organizations can fall victim to ransomware operations. This incident follows a broader trend of ransomware groups targeting high-value companies in hopes of securing larger payouts.
Handala’s Surge Signals New Wave of State-Sponsored Cyberattacks
STATE-SPONSORED
Handala, also known as Handala Hack, has sharply increased its activity, claiming 23 ransomware victims in March alone. That single month accounts for more than half of the group’s total claimed victims in 2026 so far (33), and represents a significant jump from 2025, when the group claimed 50 victims across the entire year. At least a third of Handala’s victims in March are based in Israel, a notable escalation compared to previous months where the region averaged fewer than four victims.
US federal agencies have connected domains managed by Handala to Iran’s Ministry of Intelligence and Security. This surge comes despite direct disruption efforts by the US Department of Justice, which seized several domains associated with Handala. Yet the group has continued operations. Recent victims span multiple sectors, including healthcare, education, research, financial services, and utilities. Handala has also demonstrated a willingness to target high-profile individuals, claiming responsibility for breaches affecting a US intelligence leader’s personal account.
What makes Handala particularly concerning is the blurring of lines between ransomware and hacktivism. While their tactics resemble those of a ransomware group—conducting data exfiltration, threatening to leak sensitive information, and positioning to profit from stolen data—the underlying intent appears less about financial gain and more about disruption, influence, and reputational damage at scale. This places Handala in a category of threat actors: hacktivist collectives operating with ransomware-like tactics backed by state resources.
Adobe Confirms Massive Data Breach Exposing 13 Million Customer Support Tickets
DATA BREACH
A threat actor who goes by the name Mr. Racoon has claimed responsibility for a data breach involving a huge quantity of sensitive corporate and customer data from Adobe, the California-based software company founded in 1982 and known for its web design, vector creation, photo editing, and audio and video software. The data breach has exposed 13 million customer support tickets, 15,000 employee records, internal company documents, and Adobe’s bug bounty program submissions.
Adobe has major development operations in Newton, Seattle, San Francisco, and Austin. The exposure of customer support tickets is particularly concerning as these often contain personal information, account details, and potentially sensitive user communications. The breach of internal company documents could reveal proprietary information, while the compromise of bug bounty program submissions might expose vulnerabilities that could be exploited by malicious actors.
The scale of this breach—13 million customer support tickets alone—represents one of the largest data exposures in recent months. For a company of Adobe’s size and resources, falling victim to such a significant breach raises questions about data security practices and the effectiveness of current cybersecurity measures. The breach follows a broader trend of threat actors targeting major technology companies, which often hold vast amounts of valuable data that can be monetized or used for further attacks.
ZY Media Productions
IT • Music • Technology