The Arcus ransomware group has allegedly added two new organizations from Europe to its dark web data leak portal. The threat actor listed a French school and a Spanish IT services company on their site on July 27, 2025, starting a countdown timer that threatens to release exfiltrated data in approximately one week if a ransom is not paid. This development indicates that both entities have suffered a security breach, resulting in data theft.
The latest victims added to the ransomware group’s list of targets allegedly include:
- 🇫🇷 Collège Saint Jean-Baptiste de La Salle: A Catholic educational establishment within the La Salle network in France. The school serves over 700 students and is a significant local institution.
- 🇪🇸 CCI Torrevieja: An IT services and solutions provider based in Torrevieja, Spain. The company specializes in the repair, maintenance, configuration, and sale of computer equipment for various clients.
This campaign demonstrates the broad scope of the Arcus group’s targets, hitting vastly different sectors like education and technology services. The public posting of these victims on the group’s leak site is a classic double-extortion tactic, designed to pressure the organizations into paying the ransom to prevent the public disclosure of what could be sensitive institutional, employee, or student data.
