The Arcus ransomware group has allegedly added two new victims to its dark web leak site, targeting organizations in completely different sectors and geographical locations. The group has claimed responsibility for cyberattacks against a food service company in Colombia and a medical supply firm in the United Kingdom, initiating a public countdown for each.
The attacks, which appeared on the group’s portal on July 22, 2025, threaten to first sell and then publicly leak the allegedly stolen data if the ransom demands are not met within the stipulated deadlines. This double-extortion tactic is common among modern ransomware gangs, designed to increase pressure on victims to pay. The targeted entities are diverse, indicating that no industry is safe from these opportunistic attacks.
The victims listed by the Arcus group are:
- 🇨🇴 SubsCorp: A company based in Barranquilla, Colombia, that operates within the Special Food Services sector.
- 🇬🇧 Protech Medical: A United Kingdom-based supplier of medical equipment, specializing in pre-heparinised blood gas syringes and capillary tubes for immediate shipment from their warehouse.
