100 links
tagged with ransomware
Click any tag below to further narrow down your results
Links
Profero successfully decrypted DarkBit ransomware, enabling recovery of a victim's files without ransom payment. The attack, linked to Iranian state-sponsored actors, involved a unique encryption method that Profero exploited, ultimately leading to significant data recovery due to the sparse nature of the affected VMware ESXi server files. Profero is offering assistance to future victims but will not publicly release the decryptor.
Jaguar Land Rover's recent cyberattack is projected to have cost the UK £1.9 billion, marking it as potentially the most economically damaging cyber event in the country's history. The attack led to a month-long shutdown of production and internal systems, affecting over 5,000 organizations, while the government provided a £1.5 billion loan guarantee to support the carmaker's recovery. Analysts attribute the financial impact to lost sales, production delays, and wider supply chain disruptions.
U.S. authorities have charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his involvement in managing the LockerGoga, MegaCortex, and Nefilim ransomware operations, which targeted over 250 companies globally, causing significant financial damage. Tymoshchuk faces multiple charges including conspiracy for computer fraud and unauthorized access, while a reward of up to $11 million is offered for information leading to his arrest.
Attackers are exploiting a critical authentication bypass vulnerability (CVE-2025-2825) in CrushFTP file transfer software, allowing unauthenticated access to unpatched versions. CrushFTP has urged users to update their software immediately, while security monitoring platforms report numerous exploitation attempts against exposed servers. A workaround is available for those unable to update right away, but vulnerability remains a significant concern, especially given past attacks linked to ransomware gangs.
An Iranian individual has pleaded guilty to participating in the RobbinHood ransomware attacks, which targeted various organizations, leading to significant financial losses. He now faces a potential sentence of up to 30 years in prison for his crimes.
Andy Frain Services, a security firm, revealed that a ransomware attack by the Black Basta group has affected over 100,000 individuals, with sensitive information likely compromised. The breach, discovered in October 2024, involved the theft of 750 GB of data, prompting the company to offer credit monitoring and identity restoration services to those impacted.
The Scattered Spider ransomware group has decided to cease operations due to intense law enforcement pressure following significant cyberattacks on companies like Jaguar Land Rover and Salesforce. In a farewell message, they apologize to their victims and hint at a possible return with a new venture called "ShinySp1d3r RaaS."
The VanHelsing ransomware-as-a-service operation leaked its source code, including the affiliate panel and Windows encryptor builder, after an ex-developer attempted to sell it on a hacking forum. While the leak provides some useful tools for threat actors, it lacks key components like the Linux builder and databases, which could have aided law enforcement efforts. This incident highlights the ongoing trend of ransomware source code leaks facilitating new cyber attacks.
German police have identified Vitaly Nikolaevich Kovalev as the notorious leader of the Trickbot ransomware group, known as "Stern." This revelation comes after years of investigations into the cybercrime cartel, which has targeted thousands of victims and stolen hundreds of millions of dollars. An Interpol red notice has been issued for Kovalev, who is believed to be in Russia and protected from extradition.
Ransomware groups like Black Basta and FunkSec are increasingly using AI to enhance their extortion tactics, resulting in significant financial losses, such as $724 million stolen using TrickBot malware. The report highlights the growing prevalence of extortion methods, including DDoS attacks, and offers insights into regional trends and mitigation strategies.
The Everest ransomware group has taken responsibility for a significant cyberattack on Collins Aerospace, affecting its MUSE check-in software and causing significant disruptions at major European airports. The attackers exfiltrated a large database and set an eight-day ransom deadline, highlighting the growing threat to aviation infrastructure.
Insight Partners has confirmed that a ransomware attack in January compromised the personal data of over 12,000 individuals, including employees and limited partners. The breach, initially described as a "sophisticated social engineering attack," involved unauthorized access to HR and finance servers, with details of the stolen data remaining undisclosed. The firm has since enhanced its security measures and offered credit monitoring to those affected.
A ransomware group known as Medusa has breached Albavision, a major media company, stealing sensitive data and demanding a ransom for its return. The attack showcases the increasing threat of cybercrime targeting prominent organizations, emphasizing the need for robust cybersecurity measures.
PowerSchool has reported that the hacker behind a December cyberattack is now extorting individual school districts, threatening to release stolen student and teacher data unless a ransom is paid. Despite previously paying a ransom to prevent such an incident, PowerSchool acknowledges that the threat actor has not kept their promise to delete the data, leading to renewed extortion attempts against affected schools.
The LockBit 4.0 leak provides critical insights into the chaotic nature of ransomware-as-a-service (RaaS) groups, revealing that many affiliates operate without oversight and often act unpredictably. This disorganization complicates defenses and incident response efforts, emphasizing the necessity of proactive preparation over negotiation. The evolving landscape suggests increasing fragmentation among ransomware groups, making them harder to attribute and defend against.
Nucor Corporation has reported a cyberattack that has disrupted its production operations. The company detected unauthorized access to its IT systems, prompting it to take systems offline and alert law enforcement while working with cybersecurity experts to investigate the incident.
The article discusses the emergence of Matanbuchus 3.0, a new variant of ransomware that operates as a Malware-as-a-Service (MaaS) offering. This evolution in ransomware capabilities enables cybercriminals to launch more sophisticated attacks with less technical expertise, raising concerns about the potential for widespread damage across various sectors.
Downtime from an ICS/OT ransomware attack can average $4.73 million, yet many organizations lack adequate incident response plans. SANS offers resources, including a white paper and training, to help organizations develop effective ransomware response strategies tailored to critical infrastructure, emphasizing life safety and operational continuity. Expert-led webcasts and courses further equip teams with the skills needed to protect industrial operations from cybersecurity threats.
Flashpoint’s 2025 Midyear Threat Index highlights a significant increase in cyber threats, emphasizing the urgency for security teams to prioritize infostealers, ransomware, and vulnerabilities. It also discusses the risks of relying solely on public sources for threat intelligence and offers strategies for more effective threat prioritization.
DaVita, a leading kidney dialysis provider in the U.S., reported a ransomware attack that encrypted parts of its network and affected some operations over the weekend. The company activated response protocols to contain the incident and continues to provide patient care while investigating the breach's full scope, which may involve stolen patient data.
Manpower, a major staffing agency, has disclosed a data breach affecting nearly 145,000 individuals after attackers accessed its systems in late December 2024. The RansomHub ransomware group claimed responsibility for the attack, reportedly stealing around 500GB of sensitive data, including personal client information. In response, Manpower is enhancing its IT security and offering affected individuals free credit monitoring services.
A Russian hacker associated with the REvil ransomware group received a suspended sentence and time served for his involvement in cybercrimes that targeted businesses worldwide. The case highlights the complexities of international cybercrime prosecution and the challenges of enforcing justice across borders.
Researchers from ESET have identified PromptLock, the first known AI-powered ransomware, which is currently a non-functional proof-of-concept. This prototype utilizes OpenAI's gpt-oss-20b model to generate malicious Lua scripts and operates within a controlled environment, highlighting the potential dangers of AI in cybercrime despite no active infections being reported.
The article delves into the Gentlemen ransomware, exploring its modus operandi and the tactics employed by its operators. It highlights the impact of such ransomware on victims and discusses the broader implications for cybersecurity and ransomware trends.
Japanese police have released a free decryptor for Phobos and 8-Base ransomware victims, allowing them to recover encrypted files without paying a ransom. The decryptor, confirmed to work effectively, can be downloaded from official platforms despite being flagged as malware by some web browsers. It supports multiple file extensions and may work for files with other extensions as well.
Mainline Health Systems and Select Medical Holdings have reported data breaches affecting over 100,000 individuals. Mainline Health's breach was linked to the Inc Ransom ransomware group, while Select Medical's data exposure resulted from a security incident involving a former vendor.
Farmers Insurance has reported a data breach that compromised the personal information of more than one million individuals, including names, addresses, dates of birth, and Social Security numbers. The breach was discovered shortly after the data theft occurred, but it remains unclear whether a third-party vendor was involved in a ransomware attack.
Senator Ron Wyden has criticized Microsoft for delivering "dangerous, insecure software" that contributed to a ransomware attack on Ascension, a major hospital network, and has urged the FTC to investigate the company's cybersecurity practices. Wyden highlighted longstanding vulnerabilities, particularly the use of the outdated RC4 encryption algorithm, and accused Microsoft of prioritizing profits over security while failing to provide adequate protections for its users. He argues that Microsoft's dominance in the enterprise operating system market poses a significant national security risk due to its negligence in addressing these issues.
A ransomware attack in Ohio has disrupted the operations of a local government agency, affecting over 45,000 residents. The attack has prompted an investigation and raised concerns about cybersecurity measures in place to protect sensitive information.
The Zurich-based non-profit health foundation Radix suffered a ransomware attack that compromised the data of several Swiss federal offices. The Sarcoma ransomware group released 1.3TB of stolen data on the dark web after ransom demands were ignored, although the Swiss National Cyber Security Center confirmed that Radix did not have direct access to federal systems.
IdeaLab has confirmed that sensitive data was stolen during a ransomware attack last October, attributed to the Hunters International group. The breach affected current and former employees and contractors, with 137,000 files leaked on the dark web, prompting the company to offer identity theft protection to impacted individuals.
The Flashpoint 2025 Global Threat Intelligence Report provides insights into the evolving cyber threat landscape, highlighting key threats such as infostealers and the influence of geopolitical tensions. It offers detailed analysis of adversary tactics, including ransomware-as-a-service, and presents actionable intelligence to enhance security resilience and risk mitigation.
The article discusses a ransomware attack targeting SimpleHelp, compromising its infrastructure and impacting users. This incident highlights the ongoing threats posed by ransomware and the importance of cybersecurity measures for businesses and service providers.
Sensitive data has been stolen in a ransomware attack on West Lothian Council's education network, prompting the council to inform parents and staff. While the stolen data primarily pertains to operational issues, there is a possibility that personal information, including confidential records, has been compromised. Investigations are ongoing, and the council has advised vigilance against potential misuse of the data.
The Alcohol & Drug Testing Service (TADTS) has reported a data breach affecting approximately 750,000 individuals, following a ransomware attack in July 2024. Compromised data includes sensitive personal information such as Social Security numbers, financial details, and health insurance information.
Thai police conducted a raid at the Antai Holiday Hotel in Pattaya, uncovering a criminal gang involved in ransomware and illegal gambling. The operation led to the arrest of at least 20 foreign nationals, including six Chinese men who were distributing ransomware links, highlighting the intersection of cybercrime with traditional organized crime.
Sensata, a US sensor manufacturer, has reported that a ransomware attack on April 6 has disrupted its operations, affecting shipping, manufacturing, and support functions. The company is working to restore its systems and has initiated an investigation with cybersecurity professionals, though the full impact and details of the attack remain unclear. Sensata's disclosure highlights the growing threat of ransomware in industries that are critical to supply chains.
Volvo Group North America has notified employees of a data breach caused by a ransomware attack on third-party supplier Miljödata. The breach, which impacted thousands of individuals, included the theft of sensitive personal information such as names, Social Security numbers, and email addresses. In response, Volvo is offering affected individuals 18 months of free identity protection and credit monitoring services.
A ransomware attack in Virginia has compromised personal information, including social security numbers, of residents. The county is investigating the breach and has begun notifying affected individuals as they work to enhance cybersecurity measures.
M&S confirmed that a sophisticated impersonation attack led to a ransomware breach of their network, attributed to the DragonForce ransomware operation. The attackers tricked a third-party IT support company into resetting an employee's password, allowing access to M&S systems, which resulted in data theft and system shutdowns. M&S has not disclosed whether a ransom was paid or not, citing public interest concerns.
Medusa ransomware has been linked to a significant data breach at Comcast, exposing sensitive customer information. The breach highlights the increasing vulnerabilities of large corporations to cyberattacks and the need for enhanced security measures.
Scattered Spider hackers have been targeting VMware ESXi hypervisors in U.S. companies across various sectors through sophisticated social engineering techniques, rather than exploiting software vulnerabilities. Their attack methodology enables them to gain significant control over virtualized environments, leading to data exfiltration and ransomware deployment. Google Threat Intelligence Group has outlined protective measures organizations can take to defend against these attacks.
A surge in Akira ransomware attacks targeting SonicWall SSL VPN connections has been observed since mid-July 2025, primarily exploiting unpatched versions of SonicOS. Attackers gain unauthorized access, often bypassing Multi-Factor Authentication (MFA), and can quickly escalate to data encryption and exfiltration within hours. SonicWall has issued patches for a critical zero-day vulnerability, but many devices remain vulnerable as of 2025.
Ransomware strains, such as DarkSide, often have built-in failsafes preventing installation on computers with certain virtual keyboards, particularly those in Russian or Ukrainian languages. By installing these keyboards, users may protect themselves from specific malware, compelling cybercriminals to reconsider their targets due to potential legal repercussions in their home countries. However, this method is not a foolproof solution against all malware threats.
Ingram Micro is experiencing significant outages due to a ransomware attack attributed to the SafePay group, which has compromised internal systems and led to the shutdown of their online services. The attack is believed to have been initiated through compromised credentials used to access the company's GlobalProtect VPN, though Ingram Micro has not publicly confirmed the full extent of the attack. As of now, the company is working to restore affected systems and has begun processing certain orders again.
Everest ransomware has claimed a small breach involving Mailchimp, where the attackers accessed a limited number of accounts. The incident highlights ongoing vulnerabilities in email marketing platforms and raises concerns about user data security. Mailchimp is working to address the breach and enhance security measures to protect its users.
Japanese retailer Muji has halted online orders due to a ransomware attack that crippled its logistics partner, Askul. The attack has disrupted various services, leaving customers facing error messages and causing cancellations of pending orders. Both companies are investigating the incident but have not disclosed details about the ransomware group involved or any potential data breaches.
Australia has implemented new rules requiring organizations with an annual turnover of over AUS$3 million to report any ransomware payments made. Reports must be submitted to the Australian Signals Directorate within 72 hours and include detailed information about the payment and the cyber incident. Non-compliance could lead to civil penalties.
A study by Dutch researcher Tom Meurs reveals that ransomware attackers significantly increase their demands when they find evidence of cyber-insurance, with insured victims paying up to 5.5 times more than uninsured ones. The research also highlights that companies with robust backup systems are much less likely to pay ransoms, but many still choose to do so for faster recovery or reputational concerns. The findings suggest that double-extortion tactics may become increasingly prevalent among cybercriminals.
Yes24, South Korea's leading K-pop ticketing platform, suffered a ransomware attack, rendering its website and app inaccessible and causing widespread cancellations of events. Fans are advised to be cautious of phishing attempts and wait for updates on refunds and compensation.
McLaren Health Care has reported a significant data breach affecting the personal information of approximately 743,000 individuals. The breach occurred between July and August 2024, following a previous ransomware attack in 2023 that compromised the data of over 2 million people. The exposed information includes names and Social Security numbers among other sensitive details.
Over 103,000 individuals have been impacted by a data breach at Cornwell Quality Tools, a tool manufacturer based in Ohio. The Cactus ransomware group claimed responsibility for the attack, which involved the publication of sensitive materials, including corporate documents and driver's license copies. This incident follows a previous attack by the Hive ransomware gang in 2022.
Data I/O, a technology manufacturer, has reported a ransomware incident that has caused operational outages, though the full impact of the breach remains unclear. The company recently posted a decrease in sales, reflecting challenges it faces amidst the ongoing cybersecurity threats affecting multiple organizations.
DaVita, a kidney dialysis firm, has confirmed that it was the victim of a ransomware attack that compromised the personal data of approximately 2.7 million individuals. The breach has raised significant concerns regarding the protection of sensitive health information and the potential consequences for those affected.
The Rhysida ransomware group claims to have stolen 2.5 TB of files from the Oregon Department of Environmental Quality (DEQ) after the agency denied any evidence of a data breach. Following a cyberattack that disrupted various services, the hackers threatened to auction the stolen data unless a ransom of 30 bitcoin ($2.5 million) is paid.
Cloudflared is a tunneling application that allows secure remote access to hosts and deployment of web applications without exposing them to the internet. However, it has also been misused by ransomware groups for maintaining unauthorized access within compromised environments. The article discusses various detection methods for identifying malicious Cloudflared instances, including analyzing account IDs and monitoring for anomalous activities.
Operation Endgame has successfully disrupted a significant global ransomware infrastructure, leading to the apprehension of key individuals involved in cybercrime activities. This operation underscores the collaborative efforts of law enforcement agencies and cybersecurity experts to combat the rising threat of ransomware attacks worldwide.
Muddled Libra, a cybercrime group, has adapted its tactics in 2025, focusing on social engineering techniques such as vishing to gain access to organizations. Their operations have intensified, especially in sectors like government and retail, leveraging ransomware-as-a-service partnerships for extortion. Effective countermeasures include implementing conditional access policies and user awareness training to mitigate their impact.
Marks & Spencer anticipates a £300 million hit to its operating profits for the 2025/26 financial year due to an ongoing cyberattack, which has caused significant disruption to its operations and online sales. Despite the challenges, CEO Stuart Machin emphasized the company's commitment to recovery and long-term growth, viewing the incident as an opportunity for transformation. Customer data was compromised in the attack, attributed to the ransomware group Scattered Spider, although sensitive payment information was not affected.
A ransomware attack on Business Systems House (BSH), a payroll provider previously working with Broadcom, resulted in the theft of employee data. Although Broadcom has since switched payroll providers, the breach exposed sensitive information of current and former employees, prompting notifications and security recommendations from the company and its former payroll partner ADP.
Clop ransomware group is targeting Oracle customers with extortion emails, demanding payments in exchange for not releasing stolen data. These emails are part of a broader trend of ransomware attacks aimed at various organizations, highlighting the ongoing threat of cyber extortion in the corporate sector.
UAP has confirmed a ransomware attack that compromised personal data and email correspondence of its users. The breach raises concerns over data security and the potential misuse of sensitive information. UAP is currently investigating the incident and taking measures to enhance security protocols.
RTÉ is investigating a potential cyber security threat after being alerted by the National Cyber Security Centre (NCSC), which indicated that RTÉ may be among several state bodies targeted. While the specific nature of the threat is unclear, there are indications of a possible ransomware element, and a deadline for the threat has been set for August 4th. The NCSC has noted an increase in cyber attack risks in Ireland following previous incidents.
Hellcat ransomware has been found targeting firms by stealing Jira credentials, leading to significant data breaches. The malware is designed to extract sensitive information and poses a serious threat to organizations that rely on Jira for project management and collaboration. Cybersecurity experts are urging companies to enhance their defenses against such sophisticated attacks.
DragonForce ransomware group has claimed responsibility for a cyberattack on Belk, resulting in the theft of over 150 gigabytes of data. The attack, which occurred in May, led to significant disruptions in both online and physical operations for the department store chain. Belk has since taken measures to secure its systems, including disconnecting affected networks and rebuilding compromised systems.
Recent cyberattacks on major retailers like United Natural Foods and Marks & Spencer have left customers unable to fulfill orders and resulted in empty store shelves. These breaches not only halt sales but also risk exposing personal customer data, increasing vulnerability to future phishing and fraud attempts.
Security professionals are overwhelmed by the volume of threat intelligence data, with 61% reporting that their teams are inundated and 60% lacking sufficient skilled analysts to make sense of it all. This situation hampers proactive security measures, leading to a predominantly reactive approach to cyber threats, particularly concerning in industries like manufacturing that face significant risks from ransomware attacks. Recommendations suggest reframing threat intelligence as a process rather than just raw data to enhance security efforts.
A Qilin ransomware attack on NHS supplier Synnovis has been linked to the death of a patient due to delays in blood test results. The attack disrupted services across multiple healthcare facilities, resulting in significant patient harm and the cancellation of thousands of medical appointments. The incident highlights ongoing cybersecurity challenges faced by the NHS and the potential life-threatening consequences of such cyberattacks.
Ongoing Akira ransomware attacks are successfully breaching SonicWall SSL VPN accounts even with one-time password (OTP) multi-factor authentication enabled. This exploitation is linked to previously stolen OTP seeds and an improper access control vulnerability (CVE-2024-40766), prompting SonicWall to recommend that administrators reset VPN credentials and ensure devices are running the latest firmware.
Marks & Spencer is experiencing significant disruptions due to a ransomware attack linked to the threat group known as Scattered Spider. The cyberattack, which began with the theft of sensitive data, has impacted the company's payment systems and operations, leading to the involvement of cybersecurity firms for response and investigation. Scattered Spider, recognized for sophisticated social engineering tactics, has escalated its activities and recently targeted multiple organizations.
The Justice Department has announced a series of coordinated actions aimed at disrupting the operations of the BlackSuit and Royal ransomware groups, targeting their infrastructure and financial networks. These efforts are part of a broader strategy to combat cybercrime and protect businesses and individuals from ransomware attacks.
ShinyHunters has launched a new data leak site called Trinity of Chaos, targeting organizations that have fallen victim to ransomware attacks. This site aims to publicly expose sensitive information, continuing the group's trend of high-profile data breaches and data leaks, particularly in the wake of recent ransomware incidents affecting various sectors.
The FBI and CISA have issued a warning regarding the Interlock ransomware, which is specifically targeting critical infrastructure sectors in the United States. This ransomware employs advanced techniques to disrupt operations and demands large ransoms, posing a significant threat to essential services. Organizations are urged to enhance their cybersecurity measures to mitigate the risks associated with such attacks.
ShadowCrypt is a project that enhances ransomware protection by camouflaging files with system-like extensions and hiding them in system directories, utilizing Windows shortcut files for easy access. It builds upon research from the paper "Hiding in the Crowd" and offers improved functionalities such as streamlined hiding processes, versatile recovery options, and integration with the right-click context menu for user convenience. The project aims to provide a cost-effective and user-friendly solution for secure file management on Windows systems.
Interlock ransomware is making waves in the UK as it targets various organizations, exploiting vulnerabilities to encrypt files and demand ransom. This new strain is linked to the Nodesnake RAT, which enhances the attack's effectiveness by providing additional remote access capabilities to attackers. Cybersecurity experts are urging organizations to bolster their defenses against these evolving threats.
A credential harvesting campaign targeting ScreenConnect super administrators has been identified, leveraging low-volume spear phishing tactics with the EvilGinx framework. The operation aims to capture super admin credentials for potential ransomware deployment, utilizing sophisticated techniques to bypass traditional security measures. Mimecast has implemented protective measures and recommends user education and technical controls to mitigate the threat.
Charon ransomware is targeting the Middle East using advanced persistent threat (APT) attack methodologies. This new variant of ransomware is designed to evade detection and is part of a broader trend of increasing cyber threats in the region. Organizations are urged to enhance their security measures to combat these sophisticated attacks.
Ransomware gang Hunters International has announced its decision to shut down operations, citing various challenges faced in the cybercrime landscape. The group's closure reflects the increasing pressure from law enforcement and cybersecurity measures aimed at combating ransomware attacks.
A ransomware attack targeting a hospital was thwarted by ThreatLocker, which utilized application allowlisting and storage control to prevent unauthorized software from running and protect sensitive data. The cybercriminals, frustrated by the security measures, were unable to deploy their tools or execute their plan. This incident highlights how ThreatLocker effectively defends against such cyber threats.
Cyberattacks surged during the summer of 2025, with ransomware groups targeting healthcare and retail sectors, while nation-state actors engaged in geopolitical cyber activities. Major incidents included the rise of the Interlock and Qilin ransomware groups, significant data breaches in retail, and the exploitation of Microsoft SharePoint vulnerabilities in a widespread campaign. Organizations are urged to improve their defenses by patching vulnerabilities, training personnel, and monitoring for lateral movement post-intrusion.
A significant ransomware campaign has exploited over 1,200 unique AWS access keys to encrypt files in S3 storage buckets, leaving ransom notes demanding payment in Bitcoin. The attackers are using AWS's own encryption features to hide their activities, making it difficult for victims to detect breaches or recover their data.
A fake version of ChatGPT, disguised as an InVideo AI tool, is tricking users into downloading ransomware. This malicious software locks users out of their systems and demands a ransom for access. The incident highlights the urgent need for vigilance against such deceptive schemes in the AI landscape.
A ransomware attack by Ignoble Scorpius utilized compromised VPN credentials to infiltrate a manufacturing company, leading to significant data exfiltration and the deployment of BlackSuit ransomware across their infrastructure. Unit 42 intervened, expanding the client's security measures and successfully negating a $20 million ransom demand while providing strategic recommendations for future protection against similar threats.
Ascension, a major U.S. healthcare system, has disclosed a data breach affecting personal and health information of patients due to a vulnerability in third-party software used by a former partner. The breach impacted over 114,000 individuals in Texas and included sensitive data such as Social Security numbers and medical records. Ascension is offering two years of free identity monitoring services to those affected.
The article discusses Ianis Antropenko, a key figure in the Russian cybercrime group associated with the Zeppelin ransomware. It explores his background and the implications of his activities on cybersecurity, particularly focusing on the tactics used by the group to exploit vulnerabilities and extort victims.
SatanLock ransomware has ceased its operations, marking an end to its activities after a significant data breach that had compromised sensitive information. The cybercriminal group has reportedly begun leaking the stolen data, raising concerns about the potential impact on affected organizations and individuals.
EvilCorp, a sanctioned Russian cybercriminal group, has been linked to RansomHub, a rapidly growing ransomware-as-a-service operation. The collaboration between these entities raises concerns about potential sanctions for RansomHub, as their combined tactics involve using malware like SocGholish to infiltrate systems and execute ransomware attacks. This connection could complicate the landscape for organizations responding to ransomware incidents and increase scrutiny from law enforcement.
Medusa ransomware has claimed responsibility for a breach involving NASCAR, highlighting the ongoing threat of cyberattacks on high-profile organizations. The attack is part of a broader trend of increasing ransomware incidents targeting various sectors, raising concerns about data security and operational disruptions.
A new hybrid ransomware strain called Storm 0501 has emerged, showcasing a complex attack chain that combines elements of both ransomware and traditional cyberattacks. This development raises concerns about the evolving nature of cybersecurity threats, as attackers become increasingly sophisticated in their methods. Organizations are urged to bolster their defenses in response to this growing menace.
A significant cyberattack has targeted a major grocery chain, disrupting operations and raising concerns about the security of the company's systems. The incident highlights the growing threat of ransomware and the vulnerabilities within the retail sector. Investigations are ongoing to assess the full impact and prevent future attacks.
Threat actors have been distributing a trojanized version of the KeePass password manager, known as KeeLoader, for at least eight months, which installs Cobalt Strike beacons and steals credentials. This campaign has been linked to ransomware attacks on VMware ESXi servers and utilizes malicious advertisements to promote fake software sites. Users are warned to download software only from legitimate sources to avoid such threats.
Entropy triage is a novel method developed by MOXFIVE to repair files corrupted by failed ransomware encryption using Shannon entropy to select usable data blocks. By automating the reconstruction process, this technique has achieved over 90% success in restoring virtual disks that standard decryptors cannot fix. However, it requires specialized skills and has limitations regarding the type of data it can recover.
A 45-year-old individual has been arrested in Moldova for alleged involvement in DoppelPaymer ransomware attacks, extortion, and money laundering targeting organizations in the Netherlands. This arrest follows a coordinated operation involving multiple law enforcement agencies in February 2023 that identified several members of the ransomware group.
Ahold Delhaize confirmed that a ransomware attack led to the theft of sensitive data from its internal systems, with attackers claiming to have exfiltrated 6 TB of information. The company has restored its operations but is working to assess the impact of the breach and notify affected individuals.
Manpower confirmed that a ransomware attack on its Lansing franchise resulted in the theft of personal information from 144,189 individuals. The breach, attributed to the RansomHub extortion group, involved unauthorized access to sensitive data, prompting the company to offer affected individuals credit monitoring services. ManpowerGroup maintains that its corporate systems were not compromised and is supporting the franchise in its response to the incident.
A ransomware attack on Swedish IT supplier Miljödata has left 200 municipalities offline, with the attackers demanding a ransom of 1.5 Bitcoin (approximately $168,000). The disruption highlights the risks of centralized IT services, as sensitive data may have been accessed and critical local government operations have been severely impacted. Sweden's Minister for Civil Defence has indicated that new cybersecurity legislation may be on the horizon in response to the incident.
Asahi Brewery is grappling with the aftermath of a ransomware attack that may have compromised personal data, following an initial assurance that customer and employee information was secure. The attack, attributed to the Qilin ransomware group, has severely disrupted operations, delaying shipments and financial reporting, as the company investigates the extent of the data breach. Recovery efforts are ongoing, but a timeline for full restoration remains uncertain.
The article critiques common myths surrounding ransomware incidents, emphasizing that paying ransoms is often a frequent and misguided response that can lead to prolonged operational issues and further victimization by cybercriminals. It advocates for organizations to adopt robust containment measures and transparency regarding cyber incidents to effectively combat the growing ransomware threat.
Young Consulting, now operating as Connexure, has reported that over 1 million individuals were affected by a data breach attributed to a ransomware attack by the BlackSuit group. The breach, which occurred between April 10 and 13, 2024, compromised sensitive data including Social Security numbers and insurance information, with the victim count being updated multiple times since the incident. The company is offering credit monitoring and identity theft restoration services to those affected.
A turf war has erupted between ransomware groups DragonForce and RansomHub, both involved in recent cyberattacks on UK retailers. This conflict poses increased risks for companies, as competing groups may target the same victims, leading to potential double extortion. Experts indicate that the rivalry stems from DragonForce's rebranding and expansion of services, which has heightened tensions in the ransomware-as-a-service market.