A new ransomware gang called Genesis yesterday took credit for ransomware attacks against nine US companies. Two of the targets listed on Genesis’ data leak site, Healthy Living Market & Café and River City Eye Care, reported data breaches last month.
Road to Hana, Inc, an organic grocery store chain that does business as Healthy Living Market & Café, said a September 2025 ransomware attack compromised names, Social Security numbers, direct deposit info, medical records, and addresses of an undisclosed number of people.
River City Eye Care, and optometrist in Portland, OR, said a data breach compromised an undisclosed number of names, phone numbers, dates of birth, and addresses, plus Social Security numbers and driver’s license numbers for a small number of patients.
Genesis says it stole 400 GB of data from Healthy Living including financial, payroll, and HR info; and 200 GB from River City Eye including medical records.
Neither company has verified Genesis’ claims. We do not know how many people the companies notified, if either company paid a ransom, how much Genesis demanded, or how attackers breached the companies’ networks. Comparitech contacted both Healthy Living and River City Eye for comment and will update this article if they reply.
“We became aware of potential unusual activity in our network,” says River City’s notice (PDF) to victims. “Our investigation determined that, on or around September 8, 2025, certain files were copied from our network without authorization.”
“On or about 9/22/2025, Healthy Living was the victim of a ransomware attack during which a threat actor gained unauthorized access to one of our local servers and potentially accessed files containing personally identifiable information, including names, addresses, social security numbers, direct deposit information, and medical records,” says Healthy Living’s notice (PDF) to staff.
Neither company’s notice mentions any offer of free credit monitoring or identity theft protection for data breach victims.
Who is Genesis?
Genesis is a new ransomware group that yesterday listed its first nine data breach claims on its data leak site. In addition to the two companies mentioned above, they are all American including two legal firms, two financial firms, two manufacturers, and a retailer. None of the other targets have publicly acknowledged cyber attacks at time of writing.
Both of Genesis’ attack claims against legal firms were previously claimed by other ransomware groups. Ransomware group Play took credit for a breach at Roth & Scholl last month, and Kraken claimed responsibility for a breach at Ronemus & Vilensky this month. Neither firm disclosed a breach. It’s possible that the firms were hacked by multiple ransomware groups, but also plausible that at least one of the gangs is made false claims.
Across all nine of Genesis’ attacks, it says it has stolen 2.2 TB of data.
Ransomware attacks in the USA
Comparitech researchers have logged 381 confirmed ransomware attacks against organizations in the United States in 2025 to date. We’re monitoring another 2,565 unconfirmed attack claims that haven’t been publicly acknowledged by the targeted organizations.
In the confirmed attacks, ransomware groups have breached more than 15.2 million records. The average ransom demand is $984,600. Eleven confirmed attacks hit food and beverage companies like Healthy Living, and 66 hit healthcare providers like River City Eye.
Other recently confirmed ransomware attacks include:
- Envoy Air confirmed an attack by Cl0p, which exploited a vulnerability in Oracle software
- Jewett-Cameron Trading Co notified the SEC or a ransomware attack by unknown hackers
- DALB notified 846 people of a May 2025 data breach claimed by Akira
Ransomware attacks can both lock down computer systems and steal the data stored on them. Ransomware gangs then demand a ransom to restore systems and secure stolen data. Organizations that refuse face extended downtime, permanent data loss, and putting data subjects at increased risk of fraud.
