Ransomware: incransom claims Mecanizados y Montajes Aeronáuticos (mymgroup.es) (ES) — Manufacturing

On 23 May 2026, a ransomware incident was publicly reported involving Mecanizados y Montajes Aeronáuticos (mymgroup.es), a Spanish manufacturing firm. The attack was claimed by the incransom group and published on the ransomware.live leak site. While this is not a regulatory change itself, it serves as a significant indicator under the Cyber Resilience Act (CRA) framework, which imposes strict cybersecurity requirements on products with digital elements. The CRA mandates that manufacturers and importers ensure their connected devices and software are secure by design, and that vulnerabilities are reported promptly.

This event primarily affects organizations in the manufacturing sector, particularly those in aerospace and defense supply chains, as well as any EU-based company producing or using digital components in industrial equipment. Compliance teams in these sectors must assess whether their own products or systems are at risk from similar ransomware tactics, especially if they rely on third-party software or legacy systems. The CRA’s incident reporting obligations may also apply if the attack involves a product with digital elements that could impact other users.

Compliance teams should immediately review their incident response plans to ensure they align with CRA reporting timelines, which require notifying ENISA within 24 hours of becoming aware of a significant incident. They should also conduct a risk assessment of their supply chain, focusing on third-party components that could be exploited via ransomware. Finally, teams should verify that their software update and vulnerability disclosure processes meet CRA’s security-by-design standards, and consider engaging with industry peers to share threat intelligence on incransom’s tactics.