Ransomware: akira claims Gone Fishin' Marine — Hospitality and Tourism

On 27 May 2026, a ransomware incident involving the Akira group was published on the ransomware tracking site ransomware.live, targeting Gone Fishin' Marine, an entity within the hospitality and tourism sector. This publication confirms that the victim organization has been added to the threat actor’s leak site, indicating that data exfiltration and extortion have occurred. The breach is classified under the BREACH framework, which typically signals a confirmed incident with potential data exposure.

Organizations in the hospitality and tourism sector, particularly those operating marine or leisure services, are directly affected. This includes marinas, tour operators, hotels, and related service providers that handle customer payment data, booking information, and personal identifiable information. The Akira ransomware group has historically targeted small to medium-sized businesses in these sectors, making them high-risk for similar attacks.

Compliance teams should immediately verify whether their organization has any third-party or supply chain links to Gone Fishin' Marine and assess if shared data is at risk. They should also review their incident response plans, ensure offline backups are current, and reinforce employee training on phishing and remote access vulnerabilities. Additionally, teams should monitor ransomware.live and relevant threat intelligence feeds for any mentions of their own organization or partners, and prepare breach notification procedures under GDPR or equivalent local regulations if customer data is involved.