The notorious Anubis ransomware gang has listed Disneyland Paris as its newest sufferer. Hackread.com can affirm that the group posted particulars of the alleged breach on its darkish internet leak website, stating that the stolen knowledge archive totals 64GB.
Anubis is a ransomware-as-a-service (RaaS) operation that surfaced in December 2024, evolving from an earlier take a look at model named “Sphinx.” It has no connection to the Android banking trojan or Python backdoor that share the identical title.
The gang affords profit-sharing fashions for its associates: 80% from encrypted ransom funds, 60% from knowledge leaks, and 50% from entry resales. Development Micro just lately reported that the group is utilizing a “Constructed-in Wiper,” a characteristic that fully erases/wipes off knowledge from compromised techniques.
Concerning the Disneyland Paris incident, the group described it as “the biggest knowledge leak within the historical past of Disneyland Park.” They acknowledged that 39,000 recordsdata associated to development and renovation actions on the park have been obtained. In keeping with them, the information was acquired throughout a breach involving one in all Disneyland’s associate corporations.
“Through the leak of knowledge of the associate firm, 39,000 recordsdata associated to the development and renovation of the Disneyland Paris location ended up in our fingers,” the group wrote.
To assist their declare, the operators introduced they’d launch a portion of the information inside the subsequent 5 hours. Up to now, photographs and movies have been uploaded to their website, allegedly displaying detailed drawings of varied park points of interest.
The archive, as per Anubis’ claims contains plans for Frozen, Crush’s Coaster, Pirates of the Caribbean, Large Thunder Mountain, Autopia, Buzz Lightyear, Orbitron, Casey Jr., Phantom Manor, Ratatouille, and extra.
Further photographs present engineering-related work on the website. To emphasize the importance of the breach, the group famous that Disneyland usually indicators NDAs with workers, strictly prohibiting them from sharing inner materials publicly.
Nevertheless, the put up doesn’t specify whether or not any buyer or customer info is included within the recordsdata. It additionally doesn’t make clear if a ransom demand has been issued to Disneyland Paris. On its official Twitter (now X) account, the group was seen bragging concerning the incident on June 12, 2025.
For now, the breach stays unverified. Hackread.com has contacted Disneyland Paris for remark. This text will likely be up to date if a response is obtained.
