The notorious Anubis ransomware gang has listed Disneyland Paris as its newest sufferer. Hackread.com can verify that the group posted particulars of the alleged breach on its darkish internet leak website, stating that the stolen knowledge archive totals 64GB.
Anubis is a ransomware-as-a-service (RaaS) operation that surfaced in December 2024, evolving from an earlier check model named “Sphinx.” It has no connection to the Android banking trojan or Python backdoor that share the identical identify.
The gang provides profit-sharing fashions for its associates: 80% from encrypted ransom funds, 60% from knowledge leaks, and 50% from entry resales. Development Micro just lately reported that the group is utilizing a “Constructed-in Wiper,” a characteristic that utterly erases/wipes off knowledge from compromised programs.
Relating to the Disneyland Paris incident, the group described it as “the most important knowledge leak within the historical past of Disneyland Park.” They said that 39,000 information associated to development and renovation actions on the park had been obtained. In keeping with them, the information was acquired throughout a breach involving one in every of Disneyland’s companion corporations.
“In the course of the leak of information of the companion firm, 39,000 information associated to the development and renovation of the Disneyland Paris location ended up in our palms,” the group wrote.
To assist their declare, the operators introduced they might launch a portion of the information throughout the subsequent 5 hours. To date, photos and movies have been uploaded to their website, allegedly displaying detailed drawings of assorted park points of interest.
The archive, as per Anubis’ claims consists of plans for Frozen, Crush’s Coaster, Pirates of the Caribbean, Massive Thunder Mountain, Autopia, Buzz Lightyear, Orbitron, Casey Jr., Phantom Manor, Ratatouille, and extra.
Extra photos present engineering-related work on the website. To emphasize the importance of the breach, the group famous that Disneyland sometimes indicators NDAs with workers, strictly prohibiting them from sharing inner materials publicly.
Nonetheless, the put up doesn’t specify whether or not any buyer or customer data is included within the information. It additionally doesn’t make clear if a ransom demand has been issued to Disneyland Paris. On its official Twitter (now X) account, the group was seen bragging in regards to the incident on June 12, 2025.
For now, the breach stays unverified. Hackread.com has contacted Disneyland Paris for remark. This text will likely be up to date if a response is obtained.
