⚫RansomwareHIGH
Trigona ransomware attacks use custom exfiltration tool to steal data
Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more efficiently. [...]
⚫Ransomware40 stories
Ransomware
Latest cybersecurity ransomware news, analysis, and intelligence.
⚫RansomwareHIGH
'The Gentlemen' Rapidly Rises to Ransomware Prominence
Not nearly as polite as the name suggests, the ransomware gang has impressed researchers with its speed in scaling up operations — and its sophistication.
⚫RansomwareHIGH
Kyber ransomware gang toys with post-quantum encryption on Windows
A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum encryption. [...]
⚫RansomwareHIGH
Ransomware Negotiator Pleads Guilty to BlackCat Scheme
A cautionary tale illustrates why the person negotiating should never be involved with any part of the ransom payment process, experts noted.
⚫RansomwareHIGH
Third US Security Expert Admits Helping Ransomware Gang
Third US Security Expert Admits Helping Ransomware Gang
⚫RansomwareHIGH
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC. According to new research published by Check Point, the command-and-control (C2 or C&C) server linked to SystemBC has led to the dis
⚫RansomwareHIGH
Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023
A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting ransomware attacks against U.S. companies in 2023. Angelo Martino, 41, of Land O'Lakes, Florida, teamed up with the operators of the BlackCat ransomware starting in April 2023 to assist the e-crime gang i
⚫RansomwareHIGH
Former ransomware negotiator pleads guilty to BlackCat attacks
41-year-old Angelo Martino, a former employee of cybersecurity incident response company DigitalMint, has pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023. [...]
⚫RansomwareMEDIUM
Half of the 6 Million Internet-Facing FTP Servers Lack Encryption
Half of the 6 Million Internet-Facing FTP Servers Lack Encryption
⚫RansomwareHIGH
Hackers Abuse QEMU for Defense Evasion
Hackers Abuse QEMU for Defense Evasion
⚫RansomwareMEDIUM
The backup myth that is putting businesses at risk
The backup myth that is putting businesses at risk
⚫RansomwareHIGH
NAKIVO v11.2: Ransomware Defense, Faster Replication, vSphere 9, and Proxmox VE 9.0 Support
NAKIVO Inc. announced the general availability of NAKIVO Backup & Replication v11.2, focused on fast, reliable, and proactive data protection. [...]
⚫RansomwareHIGH
NAKIVO v11.2: Ransomware Defense, Faster Replication, vSphere 9, and Proxmox VE 9.0 Support
NAKIVO v11.2: Ransomware Defense, Faster Replication, vSphere 9, and Proxmox VE 9.0 Support
⚫RansomwareHIGH
Payouts King ransomware uses QEMU VMs to bypass endpoint security
The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. [...]
⚫RansomwareHIGH
Payouts King ransomware uses QEMU VMs to bypass endpoint security
Payouts King ransomware uses QEMU VMs to bypass endpoint security
⚫RansomwareHIGH
Data Breach at Tennessee Hospital Affects 337,000
Data Breach at Tennessee Hospital Affects 337,000
⚫RansomwareMEDIUM
Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users
The feature allows enterprise users to compose and read end-to-end encrypted messages natively on their mobile devices. The post Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users appeared first on SecurityWeek.
⚫RansomwareMEDIUM
Google rolls out Gmail end-to-end encryption on mobile devices
Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools. [...]
⚫RansomwareHIGH
Healthcare IT solutions provider ChipSoft hit by ransomware attack
Healthcare IT solutions provider ChipSoft hit by ransomware attack
⚫RansomwareMEDIUM
Threat Actors Get Crafty With Emojis to Escape Detection
When 🤖 means "bot available," 🧰 signifies "toolkit," or 💰💰💰 translates to "big ransom," bad actors can evade filters and keep it all on the down-low.
⚫RansomwareHIGH
German Police Unmask REvil Ransomware Leader
Shchukin is accused of extorting more than $2 million as the head of the GandCrab and REvil ransomware operations. The post German Police Unmask REvil Ransomware Leader appeared first on SecurityWeek.
⚫RansomwareHIGH
German authorities identify REvil and GandCrab ransomware bosses
The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. [...]
⚫RansomwareHIGH
German authorities identify REvil and GangCrab ransomware bosses
The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. [...]
⚫RansomwareHIGH
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
⚫RansomwareHIGH
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BYOVD) technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend Micro. Qilin at
⚫RansomwareHIGH
Germany Doxes UNKN, Head of RU Ransomware Gangs REvil, GandCrab
An elusive hacker who went by the handle “UNKN” and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of comp
⚫RansomwareHIGH
Evolution of Ransomware: Multi-Extortion Ransomware Attacks
Multi-extortion ransomware relies on stolen data to pressure victims with public leaks. Penta Security explains how its D.AMO platform keeps exfiltrated files encrypted and useless to attackers. [...]
⚫RansomwareMEDIUM
Man admits to locking thousands of Windows devices in extortion plot
A former core infrastructure engineer has pleaded guilty to locking Windows admins out of 254 servers as part of a failed extortion plot targeting his employer, an industrial company headquartered in Somerset County, New Jersey. [...]
⚫RansomwareHIGH
Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense
A chief medical information officer provided a peek into what hospitals face when they inevitably suffer a ransomware attack—whether it leads to short or long-term outages.
⚫RansomwareHIGH
Iran Deploys 'Pseudo-Ransomware,' Revives Pay2Key Operations
Iranian APTs are blurring the lines between state-sponsored and cybercriminal activities to target high-impact US organizations.
⚫RansomwareMEDIUM
Smashing Security podcast #460: Never knock on the door of a nuclear submarine base and ask for a selfie
A disgruntled data analyst decides that the best response to losing his contract is to steal the entire company payroll database and demand $2.5 million in Bitcoin - signing his extortion emails from a company called "Loot." Meanwhile, two people drive up to the entrance of the UK's nuclear submarin
⚫RansomwareHIGH
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
⚫RansomwareHIGH
INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime
INTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used in connection with phishing, malware, and ransomware campaigns, as part of the agency's ongoing efforts to dismantle criminal networks, disrupt emerging threats, and safeguard victims from scams. The effort i
⚫RansomwareMEDIUM
Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026
Meta has announced plans to discontinue support for end-to-end encryption (E2EE) for chats on Instagram after May 8, 2026. "If you have chats that are impacted by this change, you will see instructions on how you can download any media or messages you may want to keep," the social media giant said i
⚫RansomwareMEDIUM
How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs
Phishing has quietly turned into one of the hardest enterprise threats to expose early. Instead of crude lures and obvious payloads, modern campaigns rely on trusted infrastructure, legitimate-looking authentication flows, and encrypted traffic that conceals malicious behavior from traditional detec
⚫RansomwareHIGH
AI-generated Slopoly malware used in Interlock ransomware attack
A new malware strain dubbed Slopoly, likely created using generative AI tools, allowed a threat actor to remain on a compromised server for more than a week and steal data in an Interlock ransomware attack. [...]
⚫RansomwareHIGH
AiLock Ransomware Claims England Hockey Data Breach, Investigation Launched
England Hockey, the national governing body for field hockey, is currently investigating a significant data breach claim made by the AiLock ransomware gang, which has listed the organization as a victim on its dark web leak site. This incident underscores the escalating threat ransomware poses to diverse sectors, compelling security teams to re-evaluate their defenses against sophisticated data exfiltration and extortion tactics.
⚫RansomwareHIGH
Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks
Cybersecurity researchers have disclosed details of a suspected artificial intelligence (AI)-generated malware codenamed Slopoly put to use by a financially motivated threat actor named Hive0163. "Although still relatively unspectacular, AI-generated malware such as Slopoly shows how easily threat a
⚫RansomwareHIGH
US charges another ransomware negotiator linked to BlackCat attacks
The U.S. Department of Justice charged another former DigitalMint employee for his involvement in an insider scheme in which ransomware negotiators secretly partnered with the BlackCat (ALPHV) ransomware operation. [...]
⚫RansomwareCRITICAL
VoltZite Ransomware Targets Power Grid Operators Across North America in Coordinated Campaign
A sophisticated ransomware campaign dubbed VoltZite is actively targeting electric utility operators across the US and Canada, exploiting unpatched OT/SCADA vulnerabilities. Three utilities have confirmed operational disruptions, and CISA has issued an emergency advisory urging immediate action.