Anubis ransomware gang claims to have 64GB of data about Disneyland Paris that just “ended up” in their hands.
On June 20th, ransomware gang Anubis claimed Disneyland Paris as a victim on its data leak site. Anubis claims it has 64GB of data and that it is “the largest data leak in the history of Disneyland Park.”
At the time of this article's publication, the timer on Anubis' blog says the data will be uploaded in about three days.
Typically, this refers to the time period in which the affected company has to pay the ransom. However, in this case, it’s unclear whether Anubis asked for a ransom for not publishing the data. It’s also uncertain whether Anubis breached the Disneyland Paris systems themselves.
“During the leak of data of the partner company, 39,000 files related to the construction and renovation of the Disneyland Paris location ended up in our hands,” Anubis said.
So far, the data sample shared by the gang and reviewed by Cybernews doesn’t seem to be sensitive.
Mostly, it seems to be different pictures, drawings, and engineering plans of Disneyland in Paris.
“Our editorial staff cannot appreciate the importance of the contents from an engineering point of view, but we are sure that these documents will be in demand by Disneyland's competitors,” Anubis said.
In fact, the most interesting thing about the whole blog post is the fact that Anubis allegedly has an editorial staff. Cybernews’ editorial staff cannot overlook this nonsensical “fact.”
Cybernews reached out to the Disneyland press and will update the article as soon as we hear back from them. Meanwhile, here’s another hilarious quote from Anubis.
“Disneyland Paris strictly monitors media leaks and removes all such photos from the internet. Thus, they unintentionally caused the Barbra Streisand effect. This leak contains more than 4000 photos and videos of the park's behind-the-scenes work,” the gang said.
Who is Anubis ransomware
The Anubis ransomware group is new to the scene. Its official X profile suggests that it has been active since the beginning of December 2024. The group mixes old-school extortion with startup-level monetization.
They run multiple affiliate programs, offering everything from ransomware-as-a-service to access brokering, so that third parties can also profit from their attacks.
Their tools support double extortion tactics, meaning that they don’t just encrypt victims files, they also threaten to leak them unless they get paid.
Your email address will not be published. Required fields are markedmarked