Researchers found a phishing campaign using Phorpiex malware to spread Global Group ransomware. The attack employs deceptive file names to trick users into downloading a Windows shortcut that encrypts files offline, making recovery nearly impossible. It also erases backup files to cover its tracks.

Researchers found that Sicarii ransomware has a decryption flaw, rendering victims' data unrecoverable even if they pay the ransom. The malware generates a new RSA key for each attack, discarding the private key, leaving no viable recovery option. Caution is advised for organizations considering ransom payments.

The LockBit 4.0 leak provides critical insights into the chaotic nature of ransomware-as-a-service (RaaS) groups, revealing that many affiliates operate without oversight and often act unpredictably. This disorganization complicates defenses and incident response efforts, emphasizing the necessity of proactive preparation over negotiation. The evolving landscape suggests increasing fragmentation among ransomware groups, making them harder to attribute and defend against.