The notorious Anubis ransomware gang has listed Disneyland Paris as its newest sufferer. Hackread.com can affirm that the group posted particulars of the alleged breach on its darkish internet leak web site, stating that the stolen knowledge archive totals 64GB.
Anubis is a ransomware-as-a-service (RaaS) operation that surfaced in December 2024, evolving from an earlier take a look at model named “Sphinx.” It has no connection to the Android banking trojan or Python backdoor that share the identical identify.
The gang affords profit-sharing fashions for its associates: 80% from encrypted ransom funds, 60% from knowledge leaks, and 50% from entry resales. Development Micro not too long ago reported that the group is utilizing a “Constructed-in Wiper,” a characteristic that fully erases/wipes off knowledge from compromised methods.
Concerning the Disneyland Paris incident, the group described it as “the most important knowledge leak within the historical past of Disneyland Park.” They said that 39,000 recordsdata associated to building and renovation actions on the park had been obtained. In response to them, the info was acquired throughout a breach involving one among Disneyland’s companion corporations.
“Throughout the leak of knowledge of the companion firm, 39,000 recordsdata associated to the development and renovation of the Disneyland Paris location ended up in our palms,” the group wrote.
To help their declare, the operators introduced they’d launch a portion of the info inside the subsequent 5 hours. Thus far, photos and movies have been uploaded to their web site, allegedly exhibiting detailed drawings of varied park points of interest.
The archive, as per Anubis’ claims contains plans for Frozen, Crush’s Coaster, Pirates of the Caribbean, Large Thunder Mountain, Autopia, Buzz Lightyear, Orbitron, Casey Jr., Phantom Manor, Ratatouille, and extra.
Extra photos present engineering-related work on the web site. To emphasize the importance of the breach, the group famous that Disneyland usually indicators NDAs with staff, strictly prohibiting them from sharing inner materials publicly.
Nonetheless, the submit doesn’t specify whether or not any buyer or customer info is included within the recordsdata. It additionally doesn’t make clear if a ransom demand has been issued to Disneyland Paris. On its official Twitter (now X) account, the group was seen bragging concerning the incident on June 12, 2025.
For now, the breach stays unverified. Hackread.com has contacted Disneyland Paris for remark. This text might be up to date if a response is acquired.
