Malwarebytes

DECEMBER 2, 2024

The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world.

Ransomware 137

Ransomware Backups Small Business Malware 137

Security Affairs

NOVEMBER 18, 2024

A ransomware attack on Great Plains Regional Medical Center compromised personal data of 133,000 individuals, exposing sensitive information. On September 8, 2024, Great Plains Regional Medical Center (Oklahoma) suffered a ransomware attack. “On September 8, 2024, we suffered a ransomware attack on our computer system.

Ransomware 126

Ransomware Insurance Encryption Healthcare 126

Security Affairs

MARCH 10, 2025

Another American hospital falls victim to a ransomware attack; the RansomHouse gang announced the hack of Loretto Hospital in Chicago.” ” The RansomHouse gang announced the hack of Loretto Hospital in Chicago, the groups claims to have stolen 1.5TB of sensitive data. Ransomware attacks on U.S.

Hacking 118

Hacking Healthcare Backups Ransomware 118

Security Affairs

MAY 4, 2025

A 36-year-old Yemeni man behind Black Kingdom ransomware is indicted in the U.S. authorities have indicted Rami Khaled Ahmed (aka Black Kingdom, of Sanaa, Yemen), a 36-year-old Yemeni national, suspected of being the administrator of the Black Kingdom ransomware operation. for 1,500 attacks on Microsoft Exchange servers.

Ransomware 115

Ransomware Encryption VPN Malware 115

Security Affairs

NOVEMBER 12, 2024

New Ymir ransomware was deployed in attacks shortly after systems were breached by RustyStealer malware, Kaspersky warns. Kaspersky researchers discovered a new ransomware family, called Ymir ransomware , which attackers deployed after breaching systems via PowerShell commands. ” reads the report published by Kaspersky.

Ransomware 121

Ransomware Malware Encryption Hacking 121

Security Affairs

JUNE 6, 2025

A joint advisory from the US and Australian authorities states that Play ransomware has hit approximately 900 organizations over the past three years. In December 2023, CISA, the FBI, and ACSC warned of Play ransomware’s operation that hit 300 victims by October 2023. ” The Play ransomware group follows a double extortion model.

Ransomware 97

Ransomware Encryption Antivirus Malware 97

The Last Watchdog

MARCH 28, 2025

Mar 28, 2025, CyberNewswire — From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging cyberthreats to plague enterprises. Traditionally, the primary target of ransomware has been the victims device. Palo Alto, Calif.,

Antivirus 147

Antivirus Ransomware Social Engineering Engineering 147

Joseph Steinberg

JUNE 9, 2022

The Tenafly, New Jersey, Public School District has canceled final exams for its high school students after a ransomware cyberattack crippled the district’s computer infrastructure. The ransomware attack on Tenafly’s school system is a reminder of a sad, ironic, reality.

Ransomware 363

Ransomware Artificial Intelligence Cybercrime Education 363

Krebs on Security

JUNE 16, 2021

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims. The CLOP gang seized on those flaws to deploy ransomware to a significant number of Accellion’s FTA customers , including U.S.

Ransomware 361

Ransomware Cybercrime Malware Encryption 361

Security Affairs

MARCH 10, 2025

Microsoft researchers reported that North Korea-linked APT tracked as Moonstone Sleet has employed the Qilin ransomware in limited attacks. Microsoft observed a North Korea-linked APT group, tracked as Moonstone Sleet, deploying Qilin ransomware in limited attacks since February 2025. ” Microsoft wrote on X. .

Ransomware 120

Ransomware Healthcare VPN Malware 120

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. Reached by phone today, Jansson said he quit the company in August, right around the time Gunnebo disclosed the thwarted ransomware attack.

Hacking 358

Hacking Ransomware Banking Accountability 358

Security Affairs

NOVEMBER 9, 2024

A critical flaw, tracked as CVE-2024-40711, in Veeam Backup & Replication (VBR) was also recently exploited to deploy Frag ransomware. In mid-October, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware.

Backups 134

Backups Ransomware VPN Accountability 134

Security Affairs

FEBRUARY 13, 2025

A November 2024 RA World ransomware attack on an Asian software firm used a tool linked to China-linked threat actors. Broadcom researchers reported that threat actors behind an RA World ransomware attack against an Asian software and services firm employed a tool that was explosively associated in the past with China-linked APT groups.

Ransomware 120

Ransomware Software Cybercrime Encryption 120

Security Affairs

OCTOBER 29, 2024

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. ” reads the advisory.

VPN 131

VPN Ransomware Firewall Internet 131

The Last Watchdog

JUNE 21, 2020

Ransomware is undoubtedly one of the most unnerving phenomena in the cyber threat landscape. Related: What local government can do to repel ransomware Ransomware came into existence in 1989 as a primitive program dubbed the AIDS Trojan that was spreading via 5.25-inch inch diskettes. inch diskettes. FBI spoofs 2012 – 2013.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

APRIL 25, 2025

The Interlock ransomware gang claimed responsibility for the attack on the leading kidney dialysis company DaVita and leaked alleged stolen data. “On April 12, 2025, DaVita became aware of a ransomware incident affecting and encrypting certain on-premises systems. The DaVita network was encrypted by InterLock Ransomware.

Ransomware 101

Ransomware Encryption Insurance Marketing 101

Security Affairs

NOVEMBER 4, 2024

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the personal and financial data of 500,000 individuals. On July 29, 2024, the City published an update on the City’s website and confirmed that the City of Columbus suffered a ransomware attack. The gang claimed they had stolen databases containing 6.5

Ransomware 116

Ransomware Identity Theft Data breaches Cyber threats 116

Security Affairs

FEBRUARY 20, 2025

NailaoLocker ransomware is a new threat that targeted European healthcare organizations from June to October 2024. NailaoLocker ransomware is written in C++,the researchers said that the malware is not sophisticated and is poorly designed. The ransomware appends the . locked extension to the filenames of encrypted files.

Healthcare 87

Healthcare Ransomware VPN Malware 87

Security Affairs

FEBRUARY 11, 2025

Authorities dismantled the 8Base ransomware gang, shutting down its dark web data leak and negotiation sites. An international law enforcement operation, codenamed Operation Phobos Aetor, dismantled the 8Base ransomware gang. The ransomware component is then decrypted and loaded into the SmokeLoader process memory.

Ransomware 73

Ransomware Encryption Backups Malware 73

Krebs on Security

FEBRUARY 16, 2022

The ICRC said the hacked servers contained data relating to the organization’s Restoring Family Links services, which works to reconnect people separated by war, violence, migration and other causes. .” In their online statement about the hack (updated on Feb. Image: Ke-la.com. ” On Jan. “The company pay $1.35

Hacking 304

Hacking Ransomware Media Accountability 304

Security Affairs

JUNE 8, 2022

Black Basta ransomware gang implemented a new feature to encrypt VMware ESXi virtual machines (VMs) running on Linux servers. The Black Basta ransomware gang now supports encryption of VMware ESXi virtual machines (VMs) running on Linux servers. SecurityAffairs – hacking, Black Basta ransomware).

Encryption 145

Encryption Ransomware Malware Network Security 145

Krebs on Security

SEPTEMBER 18, 2023

The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The 8Base ransomware group’s victim shaming website on the darknet.

Ransomware 321

Ransomware Accountability Encryption Internet 321

Krebs on Security

DECEMBER 7, 2019

A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack this week that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned. When asked about reports of a ransomware attack on his company, Miner simply said it was not a good time and hung up.

Ransomware 247

Ransomware Backups Insurance Wireless 247

Security Affairs

JUNE 6, 2025

Qilin ransomware now exploits Fortinet vulnerabilities to achieve remote code execution on impacted devices. Threat actors are actively exploiting Fortigate vulnerabilities (CVE-2024-21762, CVE-2024-55591, and others) to deploy Qilin ransomware. CISA confirmed that the flaw CVE-2025-24472 is known to be used in ransomware campaigns.

Ransomware 78

Ransomware Authentication Healthcare Firewall 78

Security Affairs

MARCH 17, 2025

A researcher released a free decryptor for Linux Akira ransomware, using GPU power to recover keys through brute force. Security researcher Yohanes Nugroho created a free decryptor for Linux Akira ransomware , using GPUs to brute force the decryption keys. The malware encrypts files using KCipher2 and Chacha8. Brute-forcing a 4.5

Ransomware 69

Ransomware Encryption Malware Hacking 69

Security Affairs

JANUARY 30, 2024

Energy management and industrial automation firm Schneider Electric suffered a data breach after a Cactus ransomware attack. The attack was carried out by the Cactus ransomware gang , which claims to have stolen terabytes of corporate data from the company. The Cactus ransomware relies on multiple legitimate tools (e.g.

Ransomware 142

Ransomware Hacking Data breaches Digital transformation 142

Krebs on Security

DECEMBER 16, 2019

As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. The message displayed at the top of the Maze Ransomware public shaming site. Follow the news!”

Ransomware 249

Ransomware Data breaches Healthcare Cybercrime 249

Security Affairs

OCTOBER 20, 2024

Expanding the Investigation: Deep Dive into Latest TrickMo Samples HijackLoader evolution: abusing genuine signing certificates FASTCash for Linux Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware Technical Analysis of DarkVision RAT Encrypted Symphony: Infiltrating the Cicada3301 Ransomware-as-a-Service (..)

Malware 126

Malware Ransomware Encryption Phishing 126

Security Affairs

MARCH 7, 2025

Medusa ransomware has claimed nearly 400 victims since January 2023, with attacks increasing by 42% between 2023 and 2024. The Symantec Threat Hunter Team reported that the Medusa ransomware operators have claimed nearly 400 victims since January 2023. Experts tracked the Medusa ransomware activity as Spearwing.

Ransomware 64

Ransomware Antivirus Healthcare Encryption 64

Security Affairs

MARCH 13, 2025

The Medusa ransomware operation hit over 300 organizations in critical infrastructure sectors in the United States until February 2025. The FBI, CISA, and MS-ISAC have issued a joint advisory detailing Medusa ransomware tactics, techniques, and indicators of compromise (IOCs) based on FBI investigations as recent as February 2025.

Ransomware 71

Ransomware Encryption Cryptocurrency Insurance 71

Security Affairs

MARCH 2, 2025

The Qilin ransomware group claims responsibility for attacking the newspaper Lee Enterprises, stealing 350GB of data. The Qilin ransomware group claimed responsibility for the recent cyberattack on Lee Enterprises, which impacted dozens of local newspapers. Lee Enterprises , Inc. is a publicly traded American media company.

Ransomware 79

Ransomware Cybercrime Encryption Healthcare 79

Security Affairs

MARCH 14, 2025

Operators behind the SuperBlack ransomware exploited two vulnerabilities in Fortinet firewalls for recent attacks. Between January and March, researchers at Forescout Research Vedere Labs observed a threat actors exploiting two Fortinet vulnerabilities to deploy the SuperBlack ransomware. SuperBlack modifies LockBit 3.0s

Firewall 67

Firewall Ransomware VPN Encryption 67

Security Affairs

MAY 27, 2025

Sophos warns that a DragonForce ransomware operator chained three vulnerabilities in SimpleHelp to target a managed service provider. Sophos researchers reported that a DragonForce ransomware operator exploited three chained vulnerabilities in SimpleHelp software to attack a managed service provider.

Ransomware 106

Ransomware Software Retail Data breaches 106

Security Affairs

JANUARY 28, 2025

ENGlobal reported to the SEC that personal information was compromised in a ransomware attack that took place in November 2024. ENGlobal disclosed a ransomware attack that occurredin November, in a SEC filingthe company confirmed that threat actors gained access to personal information. ” reads the FORM 8-K filed with SEC.

Ransomware 67

Ransomware Encryption Hacking Technology 67

Security Affairs

OCTOBER 20, 2024

CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog Nation-state actor exploited three Ivanti CSA zero-days Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’ macOS HM Surf flaw in TCC allows bypass Safari privacy settings Iran-linked actors target critical infrastructure organizations (..)

Data breaches 119

Data breaches Cybercrime Cyber Insurance Marketing 119

The Last Watchdog

OCTOBER 23, 2024

Cybersecurity training for small businesses is critical, and SMBs should invest in training programs to help employees recognize threats such as phishing attacks, ransomware, and other malicious activities. LastPass reports that 80% of all hacking-related breaches leveraged either stolen and/or weak passwords.

Small Business 162

Small Business Data breaches Backups Passwords 162

Krebs on Security

JUNE 3, 2019

have been held hostage by a ransomware strain known as “ Robbinhood.” ” Media publications have cited sources saying the Robbinhood version that hit Baltimore city computers was powered by “ Eternal Blue ,” a hacking tool developed by the U.S. National Security Agency (NSA) and leaked online in 2017.

Ransomware 252

Ransomware Accountability Malware Government 252