The Anubis ransomware group has targeted Disneyland Paris, marking the amusement park as its latest victim. Reports confirm that the gang has shared details of the breach on its dark web leak site, claiming that they have obtained an archive of 64GB of stolen data.
Anubis operates as a ransomware-as-a-service (RaaS) model, having emerged in December 2024 as a successor to a prior version known as “Sphinx.” This group is distinct from the Android banking trojan and Python backdoor also named Anubis. They utilize various profit-sharing strategies, taking 80% from ransom payments, 60% from data leaks, and 50% from reselling access to compromised systems. Notably, Trend Micro recently highlighted the inclusion of a “Built-in Wiper” feature in their attacks, designed to completely erase data from affected systems.
In the case of Disneyland Paris, Anubis claimed that their breach represented “the largest data leak in Disneyland Park’s history,” boasting access to 39,000 files connected to the park’s construction and renovation activities. According to the group, the compromised data was obtained through an intrusion at one of Disneyland’s partner companies.
The group stated, “During the leak of data from the partner company, 39,000 files related to the construction and renovation of the Disneyland Paris location ended up in our hands.” They have further asserted their claims by announcing plans to release some of the data within a short timeframe. Early leaks reportedly include images and videos purportedly showcasing detailed designs of multiple attractions.
According to Anubis, the stolen archive contains blueprints for popular rides including Frozen, Crush’s Coaster, Pirates of the Caribbean, Big Thunder Mountain, and Buzz Lightyear, among others. Additional visuals highlight engineering work associated with these attractions. To underscore the seriousness of this incident, Anubis pointed out that Disneyland typically enforces non-disclosure agreements (NDAs) with employees to restrict the public sharing of internal materials.
At this juncture, there has been no information released regarding the inclusion of customer or visitor data in the breached files, nor has the gang specified whether a ransom demand has been made to Disneyland Paris. On their official social media account, the group publicly acknowledged the breach and its implications.
As it stands, the extent of the breach remains unverified. Hackread.com has reached out to Disneyland Paris for official commentary on the matter. This article will be updated should a response be received.
