Click any tag below to further narrow down your results
Links
Canon confirmed its U.S. subsidiary was targeted in the Oracle E-Business Suite hacking campaign. The incident affected only a web server, and no Canon data has been leaked so far. Other companies, including Cox Enterprises and Mazda, also reported impacts from the same campaign.
This report highlights the increasing cyber threats targeting small and medium businesses (SMBs), with a focus on credential abuse and ransomware. It details the rise of business email compromise and ransomware-as-a-service, emphasizing the need for stronger security measures like passwordless authentication.
Threat actors are exploiting exposed MongoDB servers, demanding ransoms around $500 in Bitcoin to restore compromised data. A recent study found over 208,500 public MongoDB instances, with many already wiped and ransom notes left behind. Security experts recommend stronger authentication and regular updates to prevent these attacks.
Sedgwick has confirmed a ransomware attack that compromised a file transfer system at its subsidiary, Sedgwick Government Solutions, which serves various U.S. government agencies. The company stated that the attack was contained and did not affect its broader network or data.
Two U.S. cybersecurity professionals, Ryan Goldberg and Kevin Martin, admitted to their involvement in BlackCat ransomware attacks that extorted over $1.2 million from various companies in 2023. Despite their expertise in cybersecurity, they used their skills to conduct ransomware attacks, leading to federal charges that could result in lengthy prison sentences.
A ransomware attack on Conduent has compromised the personal information of at least 15.4 million people in Texas and another 10.5 million in Oregon, significantly more than initially reported. The stolen data includes names, Social Security numbers, and medical information. Conduent is still notifying affected individuals and has faced criticism for its lack of transparency.
This article examines the traits that make ransomware groups effective, highlighting the role of automation, customization, and advanced tools. It discusses how these elements contribute to their financial success and ability to bypass defenses, ultimately shaping security strategies for enterprises.
Google has introduced new AI detection tools and ransomware defenses for its Workspace for Education platform. These updates aim to help K-12 schools combat rising cyber threats, though concerns remain about the platform's compliance and oversight capabilities.
DXS International, a tech provider for NHS England, reported a cyberattack that compromised its office servers. A ransomware group claimed responsibility, alleging they stole 300 gigabytes of data, though the extent of the breach and any impact on patient information remains unclear.
Askul, a Japanese e-commerce and logistics company, suffered a ransomware attack in October, compromising over 700,000 records. The RansomHouse group claimed responsibility and leaked data after the company refused to pay a ransom. The breach affected both customer and business partner information, disrupting logistics and operations.
The US Treasury reported that ransomware payments reached over $4.5 billion from 2022 to 2024. The median payment increased from $124,097 in 2022 to $175,000 in 2023, with the financial services, manufacturing, and healthcare sectors being the most targeted. Akira ransomware group led in incidents, while ALPHV/BlackCat received the highest payments.
Fintech firm Marquis is seeking compensation from SonicWall after a breach at the firewall provider exposed critical data, enabling hackers to steal customer information during a ransomware attack. Marquis confirmed that it stored a backup of its firewall configuration in SonicWall's cloud, linking the two incidents. SonicWall has requested evidence to support Marquis' claims.
The Everest ransomware group claims to have stolen over 1TB of data from ASUS, including sensitive camera source code and internal tools. ASUS confirmed the breach originated from a third-party supplier, asserting that it does not affect customer products or user privacy.
Comhairle nan Eilean Siar is still recovering from a ransomware attack that occurred in November 2023. Two years later, key systems remain unrepaired, and audit reports highlight ongoing cybersecurity weaknesses and staffing challenges. The council's response was deemed effective, but significant work and improvements are still needed.
This article outlines the increasing cybersecurity threats facing small and medium-sized businesses by 2026. It highlights the need for stronger defenses due to rising ransomware attacks, new regulations, and insurance requirements. A Readiness Roadmap is provided to help organizations prepare for these challenges.
Japanese companies, including Asahi Holdings and Askul, are struggling to recover from ransomware attacks that have caused significant operational disruptions. Many firms are experiencing prolonged recovery times, shipment delays, and potential data breaches, highlighting vulnerabilities in their cybersecurity defenses.
This article details how cybercriminals misuse legitimate Remote Access Tools (RATs) like AnyDesk and UltraViewer in ransomware attacks. It breaks down the stages of these attacks, from initial access through to encryption, highlighting how attackers exploit these tools to maintain stealth and control.
The Akira ransomware group hacked Fieldtex Products, stealing over 14 GB of data, including sensitive health information. The breach, disclosed by Fieldtex, impacts 238,615 individuals, with data such as names, addresses, and insurance details compromised.
Nitrogen ransomware has a major flaw that prevents victims' files from being decrypted, even if they pay the ransom. A programming error causes the gang's decryptor to overwrite the necessary public key, leaving both victims and criminals without access to the data. This coding mistake highlights the destructive potential of ransomware.
Three former employees from DigitalMint and Sygnia have been indicted for their roles in BlackCat ransomware attacks against five U.S. companies. They face serious charges, including extortion and computer damage, with potential prison sentences totaling up to 50 years. The group allegedly stole data, encrypted systems, and demanded ransoms ranging from $300,000 to $10 million.
The Everest ransomware group claims to have hacked Nissan, releasing screenshots of internal files and directory structures. They are demanding a response within five days or they will leak the data online. This incident adds to Nissan's history of cybersecurity breaches.
A 15-year-old hacker known as Rey has been linked to the Scattered LAPSUS$ Hunters group. His identity was revealed through an investigation that traced personal details and social media interactions, despite Rey's claims of wanting to leave the group and working with law enforcement.
A FinCEN report reveals ransomware incidents peaked in 2023, with victims paying over $2.1 billion in ransoms from January 2022 to December 2024. Law enforcement actions against major gangs like ALPHV/BlackCat and LockBit contributed to a decline in both incidents and payments in 2024. Manufacturing, financial services, and healthcare were the most targeted sectors.
Covenant Health suffered a data breach in May 2025, affecting over 478,000 individuals. The Qilin ransomware group claimed responsibility and released stolen data, which includes personal and health information. The breach was initially reported to involve only 7,800 individuals.
BridgePay Network Solutions confirmed a ransomware attack has disrupted its payment gateway, leading to widespread service outages across the U.S. Merchants reported being unable to process card payments, forcing many to accept cash only. The company is working with federal law enforcement and forensic teams, asserting that no payment card data was compromised.
Fintech firm Marquis reported a ransomware attack that compromised customer data for dozens of U.S. banks and credit unions. At least 400,000 individuals had their personal and financial information stolen, primarily due to a vulnerability in Marquis's SonicWall firewall. The number of affected customers is expected to increase as more notifications are filed.
Conduent revealed a cyberattack that may have compromised sensitive data of around 10 million individuals. The breach, linked to the SafePay ransomware group, lasted nearly three months and exposed various personal and health information, particularly affecting residents in states like Texas and Washington.
A data breach at Vitas Hospice exposed personal information of over 319,000 current and former patients, including names, addresses, and Social Security numbers. It's uncertain if the breach involved ransomware, as no group has claimed responsibility.
The OnSolve CodeRED emergency alert system experienced a ransomware attack by the Inc Ransom group, leading to significant disruptions and a data breach. Affected cities and law enforcement agencies reported an inability to send emergency notifications, prompting a swift response from OnSolve to transition customers to a new platform.
Ingram Micro reported that a July 2025 ransomware attack affected 42,521 employees and job applicants, exposing personal and employment-related data. The attack, claimed by the group SafePay, led to significant operational disruptions and customer dissatisfaction due to poor communication.
LKQ Corporation has confirmed a data breach affecting over 9,000 individuals due to a cyberattack targeting Oracle's E-Business Suite. The compromised information includes sensitive personal details like Social Security Numbers and Employer Identification Numbers. The company reported that several terabytes of data were stolen, and this incident follows a previous attack on LKQ last year.
Researchers have identified a new ransomware called Reynolds that includes a built-in component to exploit a vulnerable driver for evading security measures. This tactic, known as bring your own vulnerable driver (BYOVD), allows the ransomware to disable security programs and operate undetected. The attack also involved a suspicious loader and remote access tools for persistent control over compromised systems.
Kyowon Group, a major South Korean conglomerate, confirmed a ransomware attack that compromised customer data. The incident affected around 600 of its 800 servers, and while some data was stolen, the company has not confirmed if customer information was included. They are currently investigating the breach and working to restore services.
MIT Sloan has withdrawn a paper claiming that over 80% of ransomware attacks are driven by AI after criticism from cybersecurity experts. The paper faced backlash for its lack of evidence and methodology, leading to accusations of misleading research.
Logitech confirmed a data breach after being named a victim in the Cl0p ransomware attack related to Oracle's EBS vulnerabilities. The breach may involve limited employee and consumer data, but the company asserts that sensitive information like credit card details was not affected. Logitech does not expect significant financial repercussions from this incident.
The Akira ransomware group has generated over $244 million since its emergence in March 2023. They target businesses and critical infrastructure, using various tactics like exploiting vulnerabilities in SonicWall and Veeam, to encrypt files and extort victims. Recent attacks demonstrate their ability to bypass security measures and exfiltrate data quickly.
The Richmond Behavioral Health Authority reported a ransomware attack that compromised the personal information of over 113,000 individuals. Stolen data includes names, Social Security numbers, and health information. The Qilin ransomware group has claimed responsibility for the attack.
Profero successfully decrypted DarkBit ransomware, enabling recovery of a victim's files without ransom payment. The attack, linked to Iranian state-sponsored actors, involved a unique encryption method that Profero exploited, ultimately leading to significant data recovery due to the sparse nature of the affected VMware ESXi server files. Profero is offering assistance to future victims but will not publicly release the decryptor.
U.S. authorities have charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his involvement in managing the LockerGoga, MegaCortex, and Nefilim ransomware operations, which targeted over 250 companies globally, causing significant financial damage. Tymoshchuk faces multiple charges including conspiracy for computer fraud and unauthorized access, while a reward of up to $11 million is offered for information leading to his arrest.
Andy Frain Services, a security firm, revealed that a ransomware attack by the Black Basta group has affected over 100,000 individuals, with sensitive information likely compromised. The breach, discovered in October 2024, involved the theft of 750 GB of data, prompting the company to offer credit monitoring and identity restoration services to those impacted.
Ransomware groups like Black Basta and FunkSec are increasingly using AI to enhance their extortion tactics, resulting in significant financial losses, such as $724 million stolen using TrickBot malware. The report highlights the growing prevalence of extortion methods, including DDoS attacks, and offers insights into regional trends and mitigation strategies.
Insight Partners has confirmed that a ransomware attack in January compromised the personal data of over 12,000 individuals, including employees and limited partners. The breach, initially described as a "sophisticated social engineering attack," involved unauthorized access to HR and finance servers, with details of the stolen data remaining undisclosed. The firm has since enhanced its security measures and offered credit monitoring to those affected.
PowerSchool has reported that the hacker behind a December cyberattack is now extorting individual school districts, threatening to release stolen student and teacher data unless a ransom is paid. Despite previously paying a ransom to prevent such an incident, PowerSchool acknowledges that the threat actor has not kept their promise to delete the data, leading to renewed extortion attempts against affected schools.
Nucor Corporation has reported a cyberattack that has disrupted its production operations. The company detected unauthorized access to its IT systems, prompting it to take systems offline and alert law enforcement while working with cybersecurity experts to investigate the incident.
The article discusses the emergence of Matanbuchus 3.0, a new variant of ransomware that operates as a Malware-as-a-Service (MaaS) offering. This evolution in ransomware capabilities enables cybercriminals to launch more sophisticated attacks with less technical expertise, raising concerns about the potential for widespread damage across various sectors.
Downtime from an ICS/OT ransomware attack can average $4.73 million, yet many organizations lack adequate incident response plans. SANS offers resources, including a white paper and training, to help organizations develop effective ransomware response strategies tailored to critical infrastructure, emphasizing life safety and operational continuity. Expert-led webcasts and courses further equip teams with the skills needed to protect industrial operations from cybersecurity threats.
DaVita, a leading kidney dialysis provider in the U.S., reported a ransomware attack that encrypted parts of its network and affected some operations over the weekend. The company activated response protocols to contain the incident and continues to provide patient care while investigating the breach's full scope, which may involve stolen patient data.
Manpower, a major staffing agency, has disclosed a data breach affecting nearly 145,000 individuals after attackers accessed its systems in late December 2024. The RansomHub ransomware group claimed responsibility for the attack, reportedly stealing around 500GB of sensitive data, including personal client information. In response, Manpower is enhancing its IT security and offering affected individuals free credit monitoring services.
A Russian hacker associated with the REvil ransomware group received a suspended sentence and time served for his involvement in cybercrimes that targeted businesses worldwide. The case highlights the complexities of international cybercrime prosecution and the challenges of enforcing justice across borders.
Researchers from ESET have identified PromptLock, the first known AI-powered ransomware, which is currently a non-functional proof-of-concept. This prototype utilizes OpenAI's gpt-oss-20b model to generate malicious Lua scripts and operates within a controlled environment, highlighting the potential dangers of AI in cybercrime despite no active infections being reported.
The article delves into the Gentlemen ransomware, exploring its modus operandi and the tactics employed by its operators. It highlights the impact of such ransomware on victims and discusses the broader implications for cybersecurity and ransomware trends.
Japanese police have released a free decryptor for Phobos and 8-Base ransomware victims, allowing them to recover encrypted files without paying a ransom. The decryptor, confirmed to work effectively, can be downloaded from official platforms despite being flagged as malware by some web browsers. It supports multiple file extensions and may work for files with other extensions as well.
Mainline Health Systems and Select Medical Holdings have reported data breaches affecting over 100,000 individuals. Mainline Health's breach was linked to the Inc Ransom ransomware group, while Select Medical's data exposure resulted from a security incident involving a former vendor.
Farmers Insurance has reported a data breach that compromised the personal information of more than one million individuals, including names, addresses, dates of birth, and Social Security numbers. The breach was discovered shortly after the data theft occurred, but it remains unclear whether a third-party vendor was involved in a ransomware attack.
Senator Ron Wyden has criticized Microsoft for delivering "dangerous, insecure software" that contributed to a ransomware attack on Ascension, a major hospital network, and has urged the FTC to investigate the company's cybersecurity practices. Wyden highlighted longstanding vulnerabilities, particularly the use of the outdated RC4 encryption algorithm, and accused Microsoft of prioritizing profits over security while failing to provide adequate protections for its users. He argues that Microsoft's dominance in the enterprise operating system market poses a significant national security risk due to its negligence in addressing these issues.
A ransomware attack in Ohio has disrupted the operations of a local government agency, affecting over 45,000 residents. The attack has prompted an investigation and raised concerns about cybersecurity measures in place to protect sensitive information.
The Zurich-based non-profit health foundation Radix suffered a ransomware attack that compromised the data of several Swiss federal offices. The Sarcoma ransomware group released 1.3TB of stolen data on the dark web after ransom demands were ignored, although the Swiss National Cyber Security Center confirmed that Radix did not have direct access to federal systems.
IdeaLab has confirmed that sensitive data was stolen during a ransomware attack last October, attributed to the Hunters International group. The breach affected current and former employees and contractors, with 137,000 files leaked on the dark web, prompting the company to offer identity theft protection to impacted individuals.
The article discusses a ransomware attack targeting SimpleHelp, compromising its infrastructure and impacting users. This incident highlights the ongoing threats posed by ransomware and the importance of cybersecurity measures for businesses and service providers.
The Alcohol & Drug Testing Service (TADTS) has reported a data breach affecting approximately 750,000 individuals, following a ransomware attack in July 2024. Compromised data includes sensitive personal information such as Social Security numbers, financial details, and health insurance information.
A ransomware attack in Virginia has compromised personal information, including social security numbers, of residents. The county is investigating the breach and has begun notifying affected individuals as they work to enhance cybersecurity measures.
Medusa ransomware has been linked to a significant data breach at Comcast, exposing sensitive customer information. The breach highlights the increasing vulnerabilities of large corporations to cyberattacks and the need for enhanced security measures.
A surge in Akira ransomware attacks targeting SonicWall SSL VPN connections has been observed since mid-July 2025, primarily exploiting unpatched versions of SonicOS. Attackers gain unauthorized access, often bypassing Multi-Factor Authentication (MFA), and can quickly escalate to data encryption and exfiltration within hours. SonicWall has issued patches for a critical zero-day vulnerability, but many devices remain vulnerable as of 2025.
Ransomware strains, such as DarkSide, often have built-in failsafes preventing installation on computers with certain virtual keyboards, particularly those in Russian or Ukrainian languages. By installing these keyboards, users may protect themselves from specific malware, compelling cybercriminals to reconsider their targets due to potential legal repercussions in their home countries. However, this method is not a foolproof solution against all malware threats.
Australia has implemented new rules requiring organizations with an annual turnover of over AUS$3 million to report any ransomware payments made. Reports must be submitted to the Australian Signals Directorate within 72 hours and include detailed information about the payment and the cyber incident. Non-compliance could lead to civil penalties.
A study by Dutch researcher Tom Meurs reveals that ransomware attackers significantly increase their demands when they find evidence of cyber-insurance, with insured victims paying up to 5.5 times more than uninsured ones. The research also highlights that companies with robust backup systems are much less likely to pay ransoms, but many still choose to do so for faster recovery or reputational concerns. The findings suggest that double-extortion tactics may become increasingly prevalent among cybercriminals.
Over 103,000 individuals have been impacted by a data breach at Cornwell Quality Tools, a tool manufacturer based in Ohio. The Cactus ransomware group claimed responsibility for the attack, which involved the publication of sensitive materials, including corporate documents and driver's license copies. This incident follows a previous attack by the Hive ransomware gang in 2022.
Data I/O, a technology manufacturer, has reported a ransomware incident that has caused operational outages, though the full impact of the breach remains unclear. The company recently posted a decrease in sales, reflecting challenges it faces amidst the ongoing cybersecurity threats affecting multiple organizations.
DaVita, a kidney dialysis firm, has confirmed that it was the victim of a ransomware attack that compromised the personal data of approximately 2.7 million individuals. The breach has raised significant concerns regarding the protection of sensitive health information and the potential consequences for those affected.
The Rhysida ransomware group claims to have stolen 2.5 TB of files from the Oregon Department of Environmental Quality (DEQ) after the agency denied any evidence of a data breach. Following a cyberattack that disrupted various services, the hackers threatened to auction the stolen data unless a ransom of 30 bitcoin ($2.5 million) is paid.
Operation Endgame has successfully disrupted a significant global ransomware infrastructure, leading to the apprehension of key individuals involved in cybercrime activities. This operation underscores the collaborative efforts of law enforcement agencies and cybersecurity experts to combat the rising threat of ransomware attacks worldwide.
Muddled Libra, a cybercrime group, has adapted its tactics in 2025, focusing on social engineering techniques such as vishing to gain access to organizations. Their operations have intensified, especially in sectors like government and retail, leveraging ransomware-as-a-service partnerships for extortion. Effective countermeasures include implementing conditional access policies and user awareness training to mitigate their impact.
A ransomware attack on Business Systems House (BSH), a payroll provider previously working with Broadcom, resulted in the theft of employee data. Although Broadcom has since switched payroll providers, the breach exposed sensitive information of current and former employees, prompting notifications and security recommendations from the company and its former payroll partner ADP.
Clop ransomware group is targeting Oracle customers with extortion emails, demanding payments in exchange for not releasing stolen data. These emails are part of a broader trend of ransomware attacks aimed at various organizations, highlighting the ongoing threat of cyber extortion in the corporate sector.
Hellcat ransomware has been found targeting firms by stealing Jira credentials, leading to significant data breaches. The malware is designed to extract sensitive information and poses a serious threat to organizations that rely on Jira for project management and collaboration. Cybersecurity experts are urging companies to enhance their defenses against such sophisticated attacks.
Security professionals are overwhelmed by the volume of threat intelligence data, with 61% reporting that their teams are inundated and 60% lacking sufficient skilled analysts to make sense of it all. This situation hampers proactive security measures, leading to a predominantly reactive approach to cyber threats, particularly concerning in industries like manufacturing that face significant risks from ransomware attacks. Recommendations suggest reframing threat intelligence as a process rather than just raw data to enhance security efforts.
A Qilin ransomware attack on NHS supplier Synnovis has been linked to the death of a patient due to delays in blood test results. The attack disrupted services across multiple healthcare facilities, resulting in significant patient harm and the cancellation of thousands of medical appointments. The incident highlights ongoing cybersecurity challenges faced by the NHS and the potential life-threatening consequences of such cyberattacks.
Ongoing Akira ransomware attacks are successfully breaching SonicWall SSL VPN accounts even with one-time password (OTP) multi-factor authentication enabled. This exploitation is linked to previously stolen OTP seeds and an improper access control vulnerability (CVE-2024-40766), prompting SonicWall to recommend that administrators reset VPN credentials and ensure devices are running the latest firmware.
Marks & Spencer is experiencing significant disruptions due to a ransomware attack linked to the threat group known as Scattered Spider. The cyberattack, which began with the theft of sensitive data, has impacted the company's payment systems and operations, leading to the involvement of cybersecurity firms for response and investigation. Scattered Spider, recognized for sophisticated social engineering tactics, has escalated its activities and recently targeted multiple organizations.
The FBI and CISA have issued a warning regarding the Interlock ransomware, which is specifically targeting critical infrastructure sectors in the United States. This ransomware employs advanced techniques to disrupt operations and demands large ransoms, posing a significant threat to essential services. Organizations are urged to enhance their cybersecurity measures to mitigate the risks associated with such attacks.
Ransomware gang Hunters International has announced its decision to shut down operations, citing various challenges faced in the cybercrime landscape. The group's closure reflects the increasing pressure from law enforcement and cybersecurity measures aimed at combating ransomware attacks.
A ransomware attack targeting a hospital was thwarted by ThreatLocker, which utilized application allowlisting and storage control to prevent unauthorized software from running and protect sensitive data. The cybercriminals, frustrated by the security measures, were unable to deploy their tools or execute their plan. This incident highlights how ThreatLocker effectively defends against such cyber threats.
A significant ransomware campaign has exploited over 1,200 unique AWS access keys to encrypt files in S3 storage buckets, leaving ransom notes demanding payment in Bitcoin. The attackers are using AWS's own encryption features to hide their activities, making it difficult for victims to detect breaches or recover their data.
A fake version of ChatGPT, disguised as an InVideo AI tool, is tricking users into downloading ransomware. This malicious software locks users out of their systems and demands a ransom for access. The incident highlights the urgent need for vigilance against such deceptive schemes in the AI landscape.
A ransomware attack by Ignoble Scorpius utilized compromised VPN credentials to infiltrate a manufacturing company, leading to significant data exfiltration and the deployment of BlackSuit ransomware across their infrastructure. Unit 42 intervened, expanding the client's security measures and successfully negating a $20 million ransom demand while providing strategic recommendations for future protection against similar threats.
The article discusses Ianis Antropenko, a key figure in the Russian cybercrime group associated with the Zeppelin ransomware. It explores his background and the implications of his activities on cybersecurity, particularly focusing on the tactics used by the group to exploit vulnerabilities and extort victims.
SatanLock ransomware has ceased its operations, marking an end to its activities after a significant data breach that had compromised sensitive information. The cybercriminal group has reportedly begun leaking the stolen data, raising concerns about the potential impact on affected organizations and individuals.
A new hybrid ransomware strain called Storm 0501 has emerged, showcasing a complex attack chain that combines elements of both ransomware and traditional cyberattacks. This development raises concerns about the evolving nature of cybersecurity threats, as attackers become increasingly sophisticated in their methods. Organizations are urged to bolster their defenses in response to this growing menace.
A 45-year-old individual has been arrested in Moldova for alleged involvement in DoppelPaymer ransomware attacks, extortion, and money laundering targeting organizations in the Netherlands. This arrest follows a coordinated operation involving multiple law enforcement agencies in February 2023 that identified several members of the ransomware group.
Ahold Delhaize confirmed that a ransomware attack led to the theft of sensitive data from its internal systems, with attackers claiming to have exfiltrated 6 TB of information. The company has restored its operations but is working to assess the impact of the breach and notify affected individuals.
A ransomware attack on Swedish IT supplier Miljödata has left 200 municipalities offline, with the attackers demanding a ransom of 1.5 Bitcoin (approximately $168,000). The disruption highlights the risks of centralized IT services, as sensitive data may have been accessed and critical local government operations have been severely impacted. Sweden's Minister for Civil Defence has indicated that new cybersecurity legislation may be on the horizon in response to the incident.
The article critiques common myths surrounding ransomware incidents, emphasizing that paying ransoms is often a frequent and misguided response that can lead to prolonged operational issues and further victimization by cybercriminals. It advocates for organizations to adopt robust containment measures and transparency regarding cyber incidents to effectively combat the growing ransomware threat.
Young Consulting, now operating as Connexure, has reported that over 1 million individuals were affected by a data breach attributed to a ransomware attack by the BlackSuit group. The breach, which occurred between April 10 and 13, 2024, compromised sensitive data including Social Security numbers and insurance information, with the victim count being updated multiple times since the incident. The company is offering credit monitoring and identity theft restoration services to those affected.
NYU researchers developed a proof-of-concept AI-powered ransomware, dubbed Ransomware 3.0, which utilizes large language models to create customized attacks targeting specific files on victim systems. The project unexpectedly gained attention when security analysts mistakenly identified it as a real threat, prompting discussions about the implications of AI in ransomware development. While the malware is not functional outside a lab setting, researchers warn that the techniques could inspire actual cybercriminals to create similar threats.
Mimic collaborated with REI to enhance the security of its extensive Active Directory against ransomware threats. The partnership aims to safeguard REI's critical assets as the company continues to expand its retail and e-commerce operations.
Lee Enterprises reported that a recent ransomware attack impacted nearly 40,000 individuals, compromising personal information such as names and Social Security numbers. The company is offering affected individuals 12 months of free credit monitoring and identity protection services following the breach.
The article discusses the pressure tactics employed by LockBit ransomware affiliates, highlighting their rarely successful attempts to extract payments from victims. It outlines the strategies used to intimidate and coerce targeted organizations into complying with ransom demands, emphasizing the challenges faced by both attackers and victims in this high-stakes environment.
Humac, a leading Apple reseller in the Nordics, has been listed on the Kraken ransomware group's dark web site, with claims of stolen financial and customer data. Cybernews researchers have verified that the leaked data sample appears legitimate, raising concerns about the impact on the company's operations.
Pharmaceutical firm Inotiv has reported a ransomware attack, with the Qilin Group claiming responsibility for the breach. The incident has raised concerns about the security of sensitive data within the healthcare sector.
NASCAR confirmed that personal information, including names and Social Security numbers, was stolen during a ransomware attack that occurred between March 31 and April 3, 2025. The Medusa ransomware group has claimed responsibility, demanding a $4 million ransom for the return of the stolen data, while NASCAR offers impacted individuals credit monitoring services.