CONSENSUS WIRE
← Back to Crime & Security

RansomHouse Claims Breach of Cybersecurity Firm Trellix

Crime & SecurityAI-Generated & Algorithmically Scored·

AI-generated from multiple sources. Verify before acting on this reporting.

The RansomHouse ransomware group has claimed responsibility for a cyberattack on Trellix, a major cybersecurity firm, stating it has accessed internal services and management dashboards. The group announced the breach on May 8, 2026, in a post on its leak site, demanding a ransom payment in exchange for not releasing stolen data.

Trellix, formed from the merger of McAfee Enterprise and FireEye, provides endpoint protection, threat intelligence, and security operations services to enterprises and government agencies worldwide. The company has not publicly confirmed the breach or commented on the group’s claims. RansomHouse, known for targeting high-profile organizations, said it infiltrated Trellix’s network and exfiltrated sensitive data, including customer information and internal communications.

The group posted screenshots of internal dashboards and network maps as proof of access. It warned that if Trellix does not pay the demanded ransom within a specified timeframe, the stolen data will be published online. RansomHouse has a history of targeting technology and security firms, often leveraging the irony of breaching companies that sell security products to pressure victims into paying.

Cybersecurity experts say breaches of security firms are particularly damaging because they can expose vulnerabilities in the very tools used to defend against attacks. Such incidents can also erode trust among Trellix’s clients, many of whom rely on its products to protect their own networks. The attack highlights the growing sophistication of ransomware groups and their willingness to target organizations with strong defenses.

Trellix customers and partners are likely to be concerned about the potential exposure of their data. The company may face regulatory scrutiny if customer information was compromised. U.S. authorities have not yet commented on the incident, and it is unclear whether the breach is part of a larger campaign targeting multiple organizations.

The situation remains fluid as Trellix has not issued a statement regarding the attack. Security analysts are monitoring the situation closely, waiting to see if the group follows through on its threat to release data. The outcome of this incident could influence how other organizations approach ransomware negotiations and incident response strategies.