Skip to main content
Cyber News & CTI Reports :: 2026-03-12 | England Hockey investigating ransomware data breach
Contact Page | Privacy Policy

2026-03-12 | England Hockey investigating ransomware data breach

1. AI Summary

England Hockey is investigating a potential data breach after the AiLock ransomware gang listed it as a victim, claiming to have stolen 129GB of data. The organization is working with external specialists and authorities to determine what happened. AiLock is a relatively new ransomware operation that uses double-extortion tactics and encrypts files with ChaCha20 and NTRUEncrypt.

2. IOCs

IOC Type Value Description Relevant MITRE ATT&CK Techniques
Fileextension
.AILock
 File extension appended by the AiLock ransomware to encrypted files T1486
Malwarename AiLock Ransomware gang targeting England Hockey T1486

3. MITRE ATT&CK

Code Title
T1486 Data Encrypted for Impact - The ransomware encrypts files, appending the .AILock extension.
T1566 Phishing - The article mentions players should be vigilant for phishing attempts.
T1485 Data Destruction - The ransomware threatens to destroy recovery tools.
T1564.001 Hide Artifacts: File Attribute Modification - Ransomware often modifies file attributes.
T1564.002 Hide Artifacts: Hidden Files - Ransomware often hides encrypted files.
T1003 OS Credential Dumping - Common in ransomware attacks.
T1059 Command and Scripting Interpreter - Often used in ransomware attacks.
T1090 Proxy - Common in C2 communications.
T1134 Access Token Manipulation - Common in ransomware attacks.
T1020 Automated Exfiltration - The threat actor plans to automate data exfiltration.

4. Targets

Type Value
Sector sports/government

5. Article Details

6. Original text

England Hockey, the governing body for field hockey in England, is investigating a potential data breach after the

AiLock
ransomware gang listed it as a victim on its data leak site. The threat actor allegedly stole 129GB of data from the organization’s systems and announced that it will soon publish the files, unless a ransom is paid. England Hockey is aware of the threat actor’s claims and has prioritized an inquiry that involves both internal teams and external experts to determine what happened. “We are aware of an incident involving England Hockey and are currently investigating the matter as a priority,” the field hockey organization said in a statement for BleepingComputer. “As part of this investigation, we recently became aware of a post from the group claiming to be responsible for this incident,” a representative said. “We are working with external specialists to help understand what this means. We are also cooperating with all relevant authorities, including law enforcement,” England Hockey The organization is responsible for running, regulating, and developing the sport of field hockey nationwide, from grassroots participation to elite national teams. It has a membership of more than 800 clubs across the country, 150,000 registered club players, and 15,000 coaches, umpires, and officials. England Hockey states that it cannot comment on specific details at the moment because of the ongoing investigation. “We take data security matters extremely seriously, and understanding what, if any, data may have been impacted in this incident is a top priority of our ongoing investigation,” assured England Hockey.
AiLock
claims England Hockey breach Source: BleepingComputer
AiLock
is a relatively new ransomware operation that engages in double-extortion attacks.

It was documented on April 1st, 2025, by researchers at cybersecurity company Zscaler, who noted that the threat actor was "leveraging sophisticated extortion tactics targeting enterprise networks." The hackers reportedly use privacy law violations as leverage in negotiations. They give victims 72 hours to respond and start negotiating, and wait five days for the payment under the threat of leaking stolen data and destroying recovery tools. According to past analysis from S2W Talon’s researcher Huiseong Yang , the ransomware uses ChaCha20 and NTRUEncrypt to lock files, appending the

.
AiLock
extension to the encrypted copies, and leaving ransom notes in all impacted directories. While England Hockey hasn’t confirmed a data breach yet, players in the country should be vigilant for suspicious account activity and phishing attempts, and treat unsolicited communications with caution.