Ransomware: incransom claims horizoneye.com (US) — Technology
AI Analysis
On July 1, 2026, a ransomware group known as incransom claimed responsibility for an attack on horizoneye.com, a US-based technology firm. This incident was published on the ransomware tracking site ransomware.live. While the specific regulatory framework cited is the Cyber Resilience Act (CRA), this event underscores the growing threat of ransomware to technology companies and their supply chains, particularly those handling digital products or services that fall under the CRA’s scope.
The primary affected organizations are US technology firms, especially those with digital products or services that may be subject to the CRA’s cybersecurity requirements if they operate in or export to the EU. However, any company relying on technology vendors or cloud services could face downstream risks. The CRA mandates that manufacturers and distributors of connected devices and software implement robust security measures, including vulnerability reporting and incident response.
Compliance teams should immediately verify whether their organization or its vendors are within the CRA’s scope, particularly for products with digital elements. They should review incident response plans to ensure they can report ransomware attacks to relevant authorities within 24 hours, as required by the CRA. Additionally, teams should assess third-party risk management processes, ensuring contracts include ransomware notification clauses and that backup and recovery procedures are tested regularly.
Get notified about CRA changes
Subscribe to our free weekly digest covering 24 compliance frameworks.