87 links
tagged with all of: ransomware + cybersecurity
Click any tag below to further narrow down your results
Links
Andy Frain Services, a security firm, revealed that a ransomware attack by the Black Basta group has affected over 100,000 individuals, with sensitive information likely compromised. The breach, discovered in October 2024, involved the theft of 750 GB of data, prompting the company to offer credit monitoring and identity restoration services to those impacted.
U.S. authorities have charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his involvement in managing the LockerGoga, MegaCortex, and Nefilim ransomware operations, which targeted over 250 companies globally, causing significant financial damage. Tymoshchuk faces multiple charges including conspiracy for computer fraud and unauthorized access, while a reward of up to $11 million is offered for information leading to his arrest.
Profero successfully decrypted DarkBit ransomware, enabling recovery of a victim's files without ransom payment. The attack, linked to Iranian state-sponsored actors, involved a unique encryption method that Profero exploited, ultimately leading to significant data recovery due to the sparse nature of the affected VMware ESXi server files. Profero is offering assistance to future victims but will not publicly release the decryptor.
Nucor Corporation has reported a cyberattack that has disrupted its production operations. The company detected unauthorized access to its IT systems, prompting it to take systems offline and alert law enforcement while working with cybersecurity experts to investigate the incident.
Ransomware groups like Black Basta and FunkSec are increasingly using AI to enhance their extortion tactics, resulting in significant financial losses, such as $724 million stolen using TrickBot malware. The report highlights the growing prevalence of extortion methods, including DDoS attacks, and offers insights into regional trends and mitigation strategies.
Insight Partners has confirmed that a ransomware attack in January compromised the personal data of over 12,000 individuals, including employees and limited partners. The breach, initially described as a "sophisticated social engineering attack," involved unauthorized access to HR and finance servers, with details of the stolen data remaining undisclosed. The firm has since enhanced its security measures and offered credit monitoring to those affected.
PowerSchool has reported that the hacker behind a December cyberattack is now extorting individual school districts, threatening to release stolen student and teacher data unless a ransom is paid. Despite previously paying a ransom to prevent such an incident, PowerSchool acknowledges that the threat actor has not kept their promise to delete the data, leading to renewed extortion attempts against affected schools.
The article discusses the emergence of Matanbuchus 3.0, a new variant of ransomware that operates as a Malware-as-a-Service (MaaS) offering. This evolution in ransomware capabilities enables cybercriminals to launch more sophisticated attacks with less technical expertise, raising concerns about the potential for widespread damage across various sectors.
Downtime from an ICS/OT ransomware attack can average $4.73 million, yet many organizations lack adequate incident response plans. SANS offers resources, including a white paper and training, to help organizations develop effective ransomware response strategies tailored to critical infrastructure, emphasizing life safety and operational continuity. Expert-led webcasts and courses further equip teams with the skills needed to protect industrial operations from cybersecurity threats.
DaVita, a leading kidney dialysis provider in the U.S., reported a ransomware attack that encrypted parts of its network and affected some operations over the weekend. The company activated response protocols to contain the incident and continues to provide patient care while investigating the breach's full scope, which may involve stolen patient data.
Manpower, a major staffing agency, has disclosed a data breach affecting nearly 145,000 individuals after attackers accessed its systems in late December 2024. The RansomHub ransomware group claimed responsibility for the attack, reportedly stealing around 500GB of sensitive data, including personal client information. In response, Manpower is enhancing its IT security and offering affected individuals free credit monitoring services.
A Russian hacker associated with the REvil ransomware group received a suspended sentence and time served for his involvement in cybercrimes that targeted businesses worldwide. The case highlights the complexities of international cybercrime prosecution and the challenges of enforcing justice across borders.
The article delves into the Gentlemen ransomware, exploring its modus operandi and the tactics employed by its operators. It highlights the impact of such ransomware on victims and discusses the broader implications for cybersecurity and ransomware trends.
Researchers from ESET have identified PromptLock, the first known AI-powered ransomware, which is currently a non-functional proof-of-concept. This prototype utilizes OpenAI's gpt-oss-20b model to generate malicious Lua scripts and operates within a controlled environment, highlighting the potential dangers of AI in cybercrime despite no active infections being reported.
Japanese police have released a free decryptor for Phobos and 8-Base ransomware victims, allowing them to recover encrypted files without paying a ransom. The decryptor, confirmed to work effectively, can be downloaded from official platforms despite being flagged as malware by some web browsers. It supports multiple file extensions and may work for files with other extensions as well.
Mainline Health Systems and Select Medical Holdings have reported data breaches affecting over 100,000 individuals. Mainline Health's breach was linked to the Inc Ransom ransomware group, while Select Medical's data exposure resulted from a security incident involving a former vendor.
Farmers Insurance has reported a data breach that compromised the personal information of more than one million individuals, including names, addresses, dates of birth, and Social Security numbers. The breach was discovered shortly after the data theft occurred, but it remains unclear whether a third-party vendor was involved in a ransomware attack.
Senator Ron Wyden has criticized Microsoft for delivering "dangerous, insecure software" that contributed to a ransomware attack on Ascension, a major hospital network, and has urged the FTC to investigate the company's cybersecurity practices. Wyden highlighted longstanding vulnerabilities, particularly the use of the outdated RC4 encryption algorithm, and accused Microsoft of prioritizing profits over security while failing to provide adequate protections for its users. He argues that Microsoft's dominance in the enterprise operating system market poses a significant national security risk due to its negligence in addressing these issues.
The Zurich-based non-profit health foundation Radix suffered a ransomware attack that compromised the data of several Swiss federal offices. The Sarcoma ransomware group released 1.3TB of stolen data on the dark web after ransom demands were ignored, although the Swiss National Cyber Security Center confirmed that Radix did not have direct access to federal systems.
IdeaLab has confirmed that sensitive data was stolen during a ransomware attack last October, attributed to the Hunters International group. The breach affected current and former employees and contractors, with 137,000 files leaked on the dark web, prompting the company to offer identity theft protection to impacted individuals.
The article discusses a ransomware attack targeting SimpleHelp, compromising its infrastructure and impacting users. This incident highlights the ongoing threats posed by ransomware and the importance of cybersecurity measures for businesses and service providers.
The Alcohol & Drug Testing Service (TADTS) has reported a data breach affecting approximately 750,000 individuals, following a ransomware attack in July 2024. Compromised data includes sensitive personal information such as Social Security numbers, financial details, and health insurance information.
A ransomware attack in Ohio has disrupted the operations of a local government agency, affecting over 45,000 residents. The attack has prompted an investigation and raised concerns about cybersecurity measures in place to protect sensitive information.
A study by Dutch researcher Tom Meurs reveals that ransomware attackers significantly increase their demands when they find evidence of cyber-insurance, with insured victims paying up to 5.5 times more than uninsured ones. The research also highlights that companies with robust backup systems are much less likely to pay ransoms, but many still choose to do so for faster recovery or reputational concerns. The findings suggest that double-extortion tactics may become increasingly prevalent among cybercriminals.
Australia has implemented new rules requiring organizations with an annual turnover of over AUS$3 million to report any ransomware payments made. Reports must be submitted to the Australian Signals Directorate within 72 hours and include detailed information about the payment and the cyber incident. Non-compliance could lead to civil penalties.
Ransomware strains, such as DarkSide, often have built-in failsafes preventing installation on computers with certain virtual keyboards, particularly those in Russian or Ukrainian languages. By installing these keyboards, users may protect themselves from specific malware, compelling cybercriminals to reconsider their targets due to potential legal repercussions in their home countries. However, this method is not a foolproof solution against all malware threats.
A surge in Akira ransomware attacks targeting SonicWall SSL VPN connections has been observed since mid-July 2025, primarily exploiting unpatched versions of SonicOS. Attackers gain unauthorized access, often bypassing Multi-Factor Authentication (MFA), and can quickly escalate to data encryption and exfiltration within hours. SonicWall has issued patches for a critical zero-day vulnerability, but many devices remain vulnerable as of 2025.
Medusa ransomware has been linked to a significant data breach at Comcast, exposing sensitive customer information. The breach highlights the increasing vulnerabilities of large corporations to cyberattacks and the need for enhanced security measures.
A ransomware attack in Virginia has compromised personal information, including social security numbers, of residents. The county is investigating the breach and has begun notifying affected individuals as they work to enhance cybersecurity measures.
A ransomware attack on Business Systems House (BSH), a payroll provider previously working with Broadcom, resulted in the theft of employee data. Although Broadcom has since switched payroll providers, the breach exposed sensitive information of current and former employees, prompting notifications and security recommendations from the company and its former payroll partner ADP.
Over 103,000 individuals have been impacted by a data breach at Cornwell Quality Tools, a tool manufacturer based in Ohio. The Cactus ransomware group claimed responsibility for the attack, which involved the publication of sensitive materials, including corporate documents and driver's license copies. This incident follows a previous attack by the Hive ransomware gang in 2022.
Data I/O, a technology manufacturer, has reported a ransomware incident that has caused operational outages, though the full impact of the breach remains unclear. The company recently posted a decrease in sales, reflecting challenges it faces amidst the ongoing cybersecurity threats affecting multiple organizations.
DaVita, a kidney dialysis firm, has confirmed that it was the victim of a ransomware attack that compromised the personal data of approximately 2.7 million individuals. The breach has raised significant concerns regarding the protection of sensitive health information and the potential consequences for those affected.
The Rhysida ransomware group claims to have stolen 2.5 TB of files from the Oregon Department of Environmental Quality (DEQ) after the agency denied any evidence of a data breach. Following a cyberattack that disrupted various services, the hackers threatened to auction the stolen data unless a ransom of 30 bitcoin ($2.5 million) is paid.
Operation Endgame has successfully disrupted a significant global ransomware infrastructure, leading to the apprehension of key individuals involved in cybercrime activities. This operation underscores the collaborative efforts of law enforcement agencies and cybersecurity experts to combat the rising threat of ransomware attacks worldwide.
Muddled Libra, a cybercrime group, has adapted its tactics in 2025, focusing on social engineering techniques such as vishing to gain access to organizations. Their operations have intensified, especially in sectors like government and retail, leveraging ransomware-as-a-service partnerships for extortion. Effective countermeasures include implementing conditional access policies and user awareness training to mitigate their impact.
Clop ransomware group is targeting Oracle customers with extortion emails, demanding payments in exchange for not releasing stolen data. These emails are part of a broader trend of ransomware attacks aimed at various organizations, highlighting the ongoing threat of cyber extortion in the corporate sector.
A Qilin ransomware attack on NHS supplier Synnovis has been linked to the death of a patient due to delays in blood test results. The attack disrupted services across multiple healthcare facilities, resulting in significant patient harm and the cancellation of thousands of medical appointments. The incident highlights ongoing cybersecurity challenges faced by the NHS and the potential life-threatening consequences of such cyberattacks.
Security professionals are overwhelmed by the volume of threat intelligence data, with 61% reporting that their teams are inundated and 60% lacking sufficient skilled analysts to make sense of it all. This situation hampers proactive security measures, leading to a predominantly reactive approach to cyber threats, particularly concerning in industries like manufacturing that face significant risks from ransomware attacks. Recommendations suggest reframing threat intelligence as a process rather than just raw data to enhance security efforts.
Hellcat ransomware has been found targeting firms by stealing Jira credentials, leading to significant data breaches. The malware is designed to extract sensitive information and poses a serious threat to organizations that rely on Jira for project management and collaboration. Cybersecurity experts are urging companies to enhance their defenses against such sophisticated attacks.
The FBI and CISA have issued a warning regarding the Interlock ransomware, which is specifically targeting critical infrastructure sectors in the United States. This ransomware employs advanced techniques to disrupt operations and demands large ransoms, posing a significant threat to essential services. Organizations are urged to enhance their cybersecurity measures to mitigate the risks associated with such attacks.
A significant ransomware campaign has exploited over 1,200 unique AWS access keys to encrypt files in S3 storage buckets, leaving ransom notes demanding payment in Bitcoin. The attackers are using AWS's own encryption features to hide their activities, making it difficult for victims to detect breaches or recover their data.
A ransomware attack targeting a hospital was thwarted by ThreatLocker, which utilized application allowlisting and storage control to prevent unauthorized software from running and protect sensitive data. The cybercriminals, frustrated by the security measures, were unable to deploy their tools or execute their plan. This incident highlights how ThreatLocker effectively defends against such cyber threats.
Ransomware gang Hunters International has announced its decision to shut down operations, citing various challenges faced in the cybercrime landscape. The group's closure reflects the increasing pressure from law enforcement and cybersecurity measures aimed at combating ransomware attacks.
Marks & Spencer is experiencing significant disruptions due to a ransomware attack linked to the threat group known as Scattered Spider. The cyberattack, which began with the theft of sensitive data, has impacted the company's payment systems and operations, leading to the involvement of cybersecurity firms for response and investigation. Scattered Spider, recognized for sophisticated social engineering tactics, has escalated its activities and recently targeted multiple organizations.
Ongoing Akira ransomware attacks are successfully breaching SonicWall SSL VPN accounts even with one-time password (OTP) multi-factor authentication enabled. This exploitation is linked to previously stolen OTP seeds and an improper access control vulnerability (CVE-2024-40766), prompting SonicWall to recommend that administrators reset VPN credentials and ensure devices are running the latest firmware.
A new hybrid ransomware strain called Storm 0501 has emerged, showcasing a complex attack chain that combines elements of both ransomware and traditional cyberattacks. This development raises concerns about the evolving nature of cybersecurity threats, as attackers become increasingly sophisticated in their methods. Organizations are urged to bolster their defenses in response to this growing menace.
SatanLock ransomware has ceased its operations, marking an end to its activities after a significant data breach that had compromised sensitive information. The cybercriminal group has reportedly begun leaking the stolen data, raising concerns about the potential impact on affected organizations and individuals.
The article discusses Ianis Antropenko, a key figure in the Russian cybercrime group associated with the Zeppelin ransomware. It explores his background and the implications of his activities on cybersecurity, particularly focusing on the tactics used by the group to exploit vulnerabilities and extort victims.
A ransomware attack by Ignoble Scorpius utilized compromised VPN credentials to infiltrate a manufacturing company, leading to significant data exfiltration and the deployment of BlackSuit ransomware across their infrastructure. Unit 42 intervened, expanding the client's security measures and successfully negating a $20 million ransom demand while providing strategic recommendations for future protection against similar threats.
A fake version of ChatGPT, disguised as an InVideo AI tool, is tricking users into downloading ransomware. This malicious software locks users out of their systems and demands a ransom for access. The incident highlights the urgent need for vigilance against such deceptive schemes in the AI landscape.
The article critiques common myths surrounding ransomware incidents, emphasizing that paying ransoms is often a frequent and misguided response that can lead to prolonged operational issues and further victimization by cybercriminals. It advocates for organizations to adopt robust containment measures and transparency regarding cyber incidents to effectively combat the growing ransomware threat.
A 45-year-old individual has been arrested in Moldova for alleged involvement in DoppelPaymer ransomware attacks, extortion, and money laundering targeting organizations in the Netherlands. This arrest follows a coordinated operation involving multiple law enforcement agencies in February 2023 that identified several members of the ransomware group.
Ahold Delhaize confirmed that a ransomware attack led to the theft of sensitive data from its internal systems, with attackers claiming to have exfiltrated 6 TB of information. The company has restored its operations but is working to assess the impact of the breach and notify affected individuals.
A ransomware attack on Swedish IT supplier Miljödata has left 200 municipalities offline, with the attackers demanding a ransom of 1.5 Bitcoin (approximately $168,000). The disruption highlights the risks of centralized IT services, as sensitive data may have been accessed and critical local government operations have been severely impacted. Sweden's Minister for Civil Defence has indicated that new cybersecurity legislation may be on the horizon in response to the incident.
Young Consulting, now operating as Connexure, has reported that over 1 million individuals were affected by a data breach attributed to a ransomware attack by the BlackSuit group. The breach, which occurred between April 10 and 13, 2024, compromised sensitive data including Social Security numbers and insurance information, with the victim count being updated multiple times since the incident. The company is offering credit monitoring and identity theft restoration services to those affected.
Lee Enterprises reported that a recent ransomware attack impacted nearly 40,000 individuals, compromising personal information such as names and Social Security numbers. The company is offering affected individuals 12 months of free credit monitoring and identity protection services following the breach.
NYU researchers developed a proof-of-concept AI-powered ransomware, dubbed Ransomware 3.0, which utilizes large language models to create customized attacks targeting specific files on victim systems. The project unexpectedly gained attention when security analysts mistakenly identified it as a real threat, prompting discussions about the implications of AI in ransomware development. While the malware is not functional outside a lab setting, researchers warn that the techniques could inspire actual cybercriminals to create similar threats.
Mimic collaborated with REI to enhance the security of its extensive Active Directory against ransomware threats. The partnership aims to safeguard REI's critical assets as the company continues to expand its retail and e-commerce operations.
The article discusses the pressure tactics employed by LockBit ransomware affiliates, highlighting their rarely successful attempts to extract payments from victims. It outlines the strategies used to intimidate and coerce targeted organizations into complying with ransom demands, emphasizing the challenges faced by both attackers and victims in this high-stakes environment.
Humac, a leading Apple reseller in the Nordics, has been listed on the Kraken ransomware group's dark web site, with claims of stolen financial and customer data. Cybernews researchers have verified that the leaked data sample appears legitimate, raising concerns about the impact on the company's operations.
Pharmaceutical firm Inotiv has reported a ransomware attack, with the Qilin Group claiming responsibility for the breach. The incident has raised concerns about the security of sensitive data within the healthcare sector.
Legends International has informed customers and employees of a data breach resulting from a cyberattack. Compromised information includes personally identifiable information such as Social Security numbers, dates of birth, and payment details, although the specifics of the attack and the number of affected individuals remain unclear.
Over 160,000 individuals were affected by a data breach at Wayne Memorial Hospital in Georgia, where hackers stole sensitive personal information, including Social Security numbers and financial data. The breach occurred between May 30 and June 3, 2024, during which ransomware was used to compromise the hospital's network. WMH is offering affected individuals 12 months of free credit monitoring and identity theft protection services.
A new ransomware group named Chaos has emerged following the dismantling of the BlackSuit gang, continuing the ongoing cycle of cybercrime. Chaos has been targeting organizations primarily in the US, demanding substantial ransoms, and offering assurances of data decryption and vulnerability reports in exchange for payment. Cisco's Talos Security Group reported that the group has been engaging in aggressive "big-game hunting" tactics since its inception in February.
The article discusses a new variant of ransomware known as HybridPetya, which has the capability to bypass UEFI Secure Boot protections. This evolution of ransomware echoes previous strains like Petya and NotPetya, highlighting the ongoing threat to cybersecurity and the need for enhanced protective measures.
NASCAR confirmed that personal information, including names and Social Security numbers, was stolen during a ransomware attack that occurred between March 31 and April 3, 2025. The Medusa ransomware group has claimed responsibility, demanding a $4 million ransom for the return of the stolen data, while NASCAR offers impacted individuals credit monitoring services.
The LockBit ransomware gang experienced a data breach that resulted in their dark web affiliate panels being defaced and a MySQL database dump being released, revealing sensitive information including negotiation messages with victims and plaintext passwords of affiliates. The breach potentially undermines the gang's reputation further following previous law enforcement actions against them. The incident highlights ongoing vulnerabilities within ransomware operations.
Singapore has issued a critical alert regarding a new ransomware strain dubbed "Dire Wolf," which is reportedly targeting global technology and manufacturing sectors. The country's cybersecurity agency warned organizations to enhance their defenses against potential attacks, given the increasing sophistication of the ransomware landscape.
Cybercriminals are impersonating job seekers to deliver ransomware through malicious resumes. By establishing trust on platforms like LinkedIn and using phishing tactics, they manipulate recruiters into opening harmful files. Security experts advise organizations to implement stricter measures to protect against these sophisticated social engineering attacks.
Anubis ransomware has introduced a wiper module that destroys files beyond recovery, increasing pressure on victims to pay the ransom. This new feature was discovered in recent samples, marking a significant escalation in the malicious capabilities of this ransomware-as-a-service operation, which began its affiliate program in early 2024. Anubis employs various tactics to avoid detection and enhance its effectiveness, including phishing attacks to initiate infections.
Ransomware groups are exploiting the legitimate Kickidler employee monitoring software for reconnaissance and credential theft after breaching networks. The software enables attackers to capture keystrokes and identify off-site cloud backups, facilitating further malicious activities such as encrypting VMware ESXi infrastructure. Cybersecurity experts recommend tightening controls on remote monitoring and management tools to prevent these types of attacks.
Ransomware is evolving with the integration of GenAI and LLMs, leading to more sophisticated attacks such as AI-driven phishing and quadruple extortion. Experts discuss how groups like CL0P and FunkSec utilize AI to enhance their operations and pressure victims, while emphasizing the need for defenders to implement AI-aware security measures across various platforms. Strategies for securing identities and leveraging API visibility against emerging threats are also highlighted.
A ransomware gang has claimed responsibility for a cyberattack on Kettering Health, a healthcare provider in Ohio. The breach has raised concerns about the security of sensitive patient data and highlights the ongoing threat of ransomware attacks in the healthcare sector.
A new type of ransomware has been discovered that utilizes artificial intelligence, marking a significant advancement in cybercrime. This AI-powered malware can exfiltrate data, encrypt files, or even destroy them, posing a serious threat to individuals and organizations alike. Experts are warning that the integration of AI into ransomware could lead to more sophisticated attacks in the future.
Nova Scotia Power confirmed a ransomware attack that compromised the personal and financial information of approximately 280,000 customers, including details such as names, addresses, and bank account numbers. The company has stated that it did not pay the ransom and is working with cybersecurity experts to assess the breach, while also warning customers about potential phishing attempts following the incident.
A recent investigation into a Fog ransomware attack has revealed the use of an unusual toolset, highlighting the evolving tactics of cybercriminals. The analysis points to sophisticated methods that bypass traditional security measures, raising concerns about the effectiveness of current defenses against such threats.
A ransomware attack has compromised the US healthcare sector, impacting organizations such as AOA, DaVita, and Bell Ambulance. These breaches have raised concerns regarding the security of patient data and the potential disruption to healthcare services. The situation underscores the growing threat of cyberattacks on critical infrastructure in the healthcare domain.
Sensata Technologies has reported a ransomware attack that compromised personal information of its employees after hackers accessed the network for over a week. The stolen data includes sensitive details such as Social Security numbers, financial account information, and medical records, affecting at least 362 residents in Maine.
Interlock ransomware has leaked sensitive data from a cyberattack on the city of St. Paul, exposing critical information and raising concerns about cybersecurity and data protection. The breach highlights the ongoing threats posed by ransomware attacks to municipal systems.
Hitachi Vantara took its servers offline to contain an Akira ransomware attack that disrupted some of its systems and affected multiple government projects. The company is working with cybersecurity experts to investigate the incident and restore services while confirming that its cloud services remain unaffected. The Akira ransomware operation, which has targeted numerous organizations globally, was identified as the source of the breach.
Landmark Admin and Young Consulting have reported data breaches affecting approximately 2.6 million individuals. Landmark Admin's ransomware attack compromised sensitive personal information of over 1.6 million people, while Young Consulting updated its breach impact to over 1 million, revealing unauthorized access to personal data.
A new ransomware strain named KillSec is targeting healthcare institutions in Brazil, compromising their systems and demanding ransoms. The attacks have raised concerns about the security of sensitive patient data and the operational integrity of healthcare services amidst the ongoing pandemic. Authorities are urging institutions to bolster their cybersecurity measures to combat these threats.
The UK government plans to ban public sector organizations from paying ransoms to cybercriminals, aiming to deter ransomware attacks on entities like the NHS, councils, and schools. This initiative is part of the upcoming Cyber Resilience Bill, which seeks to enhance cybersecurity regulations and impose significant fines for non-compliance. The government emphasizes that ransomware poses a serious threat to public services and is committed to disrupting the criminal business model behind these attacks.
Europol has announced that a $50,000 reward purportedly offered for information on two members of the Qilin ransomware group is a scam. The agency clarified that the message circulating on Telegram did not originate from them.
A cybercriminal group, J Group, claims to have breached FAI Aviation Group, a German charter operator, leaking approximately 3TB of sensitive data including patient information, employee records, and internal documents. The breach raises concerns about identity theft and potential misuse of the leaked information, particularly in the context of the company's medical services.
Ransomware profits have significantly decreased as only 23% of victims now pay hackers, marking a continued decline in payment resolution rates. Factors contributing to this trend include improved cybersecurity measures and increased pressure from authorities on organizations not to pay. Additionally, ransomware groups are shifting focus to medium-sized firms, while the use of remote access and software vulnerabilities as attack vectors is on the rise.