Cyber Threat Actor: Hellcat ransomware gang
| Actor Type | Location | Known Incidents |
Criminal
|
—
|
1 incident |
|---|
Profile
The Hellcat ransomware gang, identified by the alias Hellcat, emerged publicly when it claimed responsibility for a cyber‑attack against Ascom on March 16 2025. The group announced its involvement on the social‑media platform X, linking the intrusion to its namesake ransomware. According to Ascom’s disclosure, the intrusion specifically compromised the company’s technical ticketing system while leaving other IT infrastructure and customer‑facing services untouched. The ransomware payload encrypted data within the ticketing environment, prompting the victim’s internal cybersecurity team to isolate the affected system to halt further spread. Business operations continued normally despite the containment measures, and Ascom confirmed that no immediate action was required from its partners or customers. The incident marked the first publicly documented operation attributed to the Hellcat ransomware gang.
Following the disclosure, Ascom notified relevant authorities and launched an investigation to determine the full scope of the breach, with the company stating that the inquiry remains ongoing. The organization’s IT cybersecurity team shut down the compromised ticketing system as a containment step, a measure that prevented the ransomware from propagating to other networks. Ascom maintained close communication with customers and partners throughout the response, providing updates as the investigation progressed. The gang’s claim on X was the sole public attribution linked to the incident, and no additional affiliates or state connections have been disclosed in open sources. As of the latest statement, the full impact of the Hellcat ransomware deployment on Ascom’s ticketing data has not been finalized, and further details are expected as the forensic analysis concludes.
