United States
International Game Technology (IGT)
International Game Technology (IGT), a global leader in digital gaming, sports betting and fintech solutions for casinos and online platforms, confirmed a significant cybersecurity incident on November 17.
In a filing with the U.S. Securities and Exchange Commission (SEC) last Tuesday, the company reported experiencing operational disruptions following unauthorized access to its internal IT systems and applications. IGT stated that it immediately activated its incident response (IR) plan and launched an investigation with support from external advisors. While the company did not disclose the nature of the attack, taking systems offline is a common response to ransomware activity.
Meanwhile, the Qilin ransomware gang has added IGT to its dark web leak site, claiming it stole 10 GB of data — an estimated 21,600 files. Although the group did not publish sample data, it labeled the archive as “publicated,” suggesting the stolen files may already be circulating online.
SourceHow it could affect your business
Ransomware actors often target businesses for whom even brief outages can cause significant disruption. A robust business continuity and disaster recovery (BCDR) strategy, combined with rapid threat detection, is essential for keeping businesses running and supporting swift disaster recovery.
United States
Marine Foods Express
In another incident tied to the Russian-speaking cybercrime organization Qilin, the group has allegedly compromised Marine Foods Express, one of the largest seafood import, processing and distribution companies in the southern U.S.
The Texas-based supplier, which supports an extensive regional wholesale network, was listed on Qilin’s leak site on November 19. According to the group’s post, significant operational data and internal documents were exfiltrated before the ransomware was deployed.
Although the full scope of the breach has not yet been confirmed, the nature of Marine Foods Express’ business — and the sensitive logistics data it manages — suggests there could be downstream disruptions. Restaurants, retailers and supply chain partners that depend on the company’s cold-chain operations may face delays if internal systems or distribution workflows are impacted.
SourceHow it could affect your business
Ransomware attacks are becoming more common, affecting organizations of all sizes and industries. To stay resilient, businesses need strong, proactive threat detection and immutable backup systems that can withstand encryption attempts. These measures keep operations running even when attackers try to disrupt critical systems.
Latin America & the Caribbean
Petrobras
In one of the most significant recent cyberattacks in Latin America, a Russia-linked ransomware group claims it stole 90 GB of sensitive seismic and exploration data from Petrobras (Petróleo Brasileiro S.A.), Brazil’s state-controlled petroleum giant.
The Everest Group, another Russia-related ransomware gang, posted on its dark web leak site that it had targeted Petrobras and exfiltrated data. The group claims the stolen files contain highly detailed technical information, including ship positioning, equipment configurations, hydrophone readings and depth measurements. They have given Petrobras six days to make contact and negotiate before the data is released publicly or sold to other cybercriminals.
Meanwhile, Petrobras stated that it has no record of unauthorized access to its internal systems. However, the company acknowledged an isolated incident involving one of its exploration service providers. According to Petrobras, this external intrusion does not affect its operations, clients or employees.
SourceHow it could affect your business
Attacks like this show how a breach in a third-party provider could impact even the largest and most secure organizations. When vendors handle sensitive data or support critical operations, their vulnerabilities become your vulnerabilities. Businesses should thoroughly vet partner security practices, limit the data shared with external providers and continuously monitor third-party access to reduce the risk of indirect compromise.
Asia & Pacific
LG Energy Solution
LG Energy Solution, a subsidiary of Korean multinational LG, has confirmed that it experienced a ransomware attack.
According to the company, the attack targeted one specific overseas facility and did not impact its headquarters or other global sites. LG Energy Solution said the affected location has since returned to normal operations after recovery measures were implemented. The company is continuing security monitoring and conducting an internal investigation as a precaution.
Meanwhile, the Akira ransomware gang has added LG Energy Solution to its leak site, claiming it stole 1.7 TB of data. The group claims the cache contains corporate documents, employee information databases and other sensitive files. According to the Federal Bureau of Investigation (FBI), Akira has already amassed more than $244 million in ransomware proceeds to date.
SourceHow it could affect your business
Paying a ransom is never a safe option. Ransomware groups often return to extort victims again, and payment does not guarantee that stolen data won’t be misused later. Investing in strong prevention and a reliable recovery strategy is far safer than relying on criminals to honor their promises.
North America
The Attorney General’s Office of the State of Guanajuato
Ransomware once again dominates the week’s most critical cyber headlines. The Attorney General’s Office of the State of Guanajuato in Mexico confirmed a ransomware attack claimed by the Tekir APT group.
The attack began on November 8, when the Fiscalía General del Estado de Guanajuato’s digital infrastructure collapsed after its servers were maliciously encrypted. The incident took the entire network offline, forcing multiple departments to revert to manual operations. As a result, victim support services, document processing and administrative procedures across the state experienced significant delays.
The attackers claim to have stolen more than 250 GB of confidential information. According to reports, the exfiltrated files include official identifications, internal communications and classified judicial documents — raising serious concerns about personal privacy and the integrity of ongoing investigations.
SourceHow it could affect your business
Ransomware can shut down critical systems without warning, disrupting every part of operations. Organizations need robust business continuity plans and thoroughly tested fallback workflows to ensure continued operation even when key systems go offline.
