eSecurity Planet

NOVEMBER 6, 2024

In a stunning blow to the city’s cybersecurity defenses, Columbus, Ohio, recently became the target of a massive cyberattack that exposed over half a million residents’ sensitive information. terabytes of sensitive information compromised, the breach affected approximately 500,000 residents, nearly 55% of the city’s population.

Ransomware 113

Ransomware Authentication Identity Theft Penetration Testing 113

Security Affairs

NOVEMBER 19, 2024

Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks, was extradited from South Korea to the US to face cybercrime charges. Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges.

Cybercrime 116

Cybercrime Ransomware Healthcare Hacking 116

Security Affairs

JULY 9, 2025

An Iranian ransomware group, Pay2Key.I2P, has intensified attacks on U.S. The Iranian ransomware group Pay2Key.I2P is stepping up attacks on U.S. The ransomware gang is the successor to the original Pay2Key group and experts linked it to the Iran-nexus APT group Fox Kitten.

Ransomware 109

Ransomware Cyber threats Encryption DDOS 109

SecureWorld News

NOVEMBER 14, 2024

Ransomware attacks on healthcare organizations have sharply increased in 2024, as shown by recent research from Safety Detectives. Compared to 2023, healthcare providers are facing a higher frequency of ransomware incidents, impacting their ability to deliver essential services and protect sensitive patient data.

Healthcare 120

Healthcare Ransomware Identity Theft Data breaches 120

Security Affairs

JUNE 22, 2025

Qilin ransomware gang now offers a “Call Lawyer” feature to help affiliates pressure victims into paying, per Cybereason. The Qilin ransomware group is now offering legal support to its affiliates through a “Call Lawyer” feature to pressure victims into paying. ” reads the report published by Cybereason.

Ransomware 119

Ransomware DDOS Cybercrime Healthcare 119

Security Affairs

MARCH 10, 2025

Microsoft researchers reported that North Korea-linked APT tracked as Moonstone Sleet has employed the Qilin ransomware in limited attacks. Microsoft observed a North Korea-linked APT group, tracked as Moonstone Sleet, deploying Qilin ransomware in limited attacks since February 2025. ” Microsoft wrote on X. .

Ransomware 119

Ransomware Healthcare VPN Malware 119

Security Affairs

FEBRUARY 20, 2025

NailaoLocker ransomware is a new threat that targeted European healthcare organizations from June to October 2024. Exploiting this vulnerability can result in accessing sensitive information on the Security Gateway.” The ransomware appends the . locked extension to the filenames of encrypted files.

Healthcare 87

Healthcare Ransomware VPN Malware 87

Security Affairs

NOVEMBER 9, 2024

A critical flaw, tracked as CVE-2024-40711, in Veeam Backup & Replication (VBR) was also recently exploited to deploy Frag ransomware. In mid-October, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware.

Backups 133

Backups Ransomware VPN Accountability 133

Security Affairs

JANUARY 28, 2025

ENGlobal reported to the SEC that personal information was compromised in a ransomware attack that took place in November 2024. ENGlobal disclosed a ransomware attack that occurredin November, in a SEC filingthe company confirmed that threat actors gained access to personal information.

Ransomware 67

Ransomware Encryption Hacking Technology 67

Security Affairs

NOVEMBER 4, 2024

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the personal and financial data of 500,000 individuals. On July 29, 2024, the City published an update on the City’s website and confirmed that the City of Columbus suffered a ransomware attack. The gang claimed they had stolen databases containing 6.5

Ransomware 115

Ransomware Identity Theft Data breaches Cyber threats 115

Security Affairs

APRIL 25, 2025

The Interlock ransomware gang claimed responsibility for the attack on the leading kidney dialysis company DaVita and leaked alleged stolen data. “On April 12, 2025, DaVita became aware of a ransomware incident affecting and encrypting certain on-premises systems. The DaVita network was encrypted by InterLock Ransomware.

Ransomware 100

Ransomware Encryption Insurance Marketing 100

Security Affairs

JUNE 6, 2025

A joint advisory from the US and Australian authorities states that Play ransomware has hit approximately 900 organizations over the past three years. In December 2023, CISA, the FBI, and ACSC warned of Play ransomware’s operation that hit 300 victims by October 2023. ” The Play ransomware group follows a double extortion model.

Ransomware 97

Ransomware Encryption Antivirus Malware 97

Security Affairs

NOVEMBER 12, 2024

New Ymir ransomware was deployed in attacks shortly after systems were breached by RustyStealer malware, Kaspersky warns. Kaspersky researchers discovered a new ransomware family, called Ymir ransomware , which attackers deployed after breaching systems via PowerShell commands. ” reads the report published by Kaspersky.

Ransomware 120

Ransomware Malware Encryption Hacking 120

Security Affairs

FEBRUARY 13, 2025

A November 2024 RA World ransomware attack on an Asian software firm used a tool linked to China-linked threat actors. Broadcom researchers reported that threat actors behind an RA World ransomware attack against an Asian software and services firm employed a tool that was explosively associated in the past with China-linked APT groups.

Ransomware 120

Ransomware Software Cybercrime Encryption 120

Security Affairs

MAY 4, 2025

A 36-year-old Yemeni man behind Black Kingdom ransomware is indicted in the U.S. authorities have indicted Rami Khaled Ahmed (aka Black Kingdom, of Sanaa, Yemen), a 36-year-old Yemeni national, suspected of being the administrator of the Black Kingdom ransomware operation. for 1,500 attacks on Microsoft Exchange servers.

Ransomware 115

Ransomware Encryption Cryptocurrency Malware 115

Security Affairs

MARCH 24, 2025

The Cloak ransomware group claims responsibility for a cyberattack on the Virginia Attorney Generals Office that occurred in February. The ransomware group Cloak has claimed responsibility for a February cyberattack on the Virginia Attorney General Office. Chief Deputy AG Steven Popps called it a sophisticated attack.

Ransomware 103

Ransomware Hacking Social Engineering Manufacturing 103

Security Affairs

FEBRUARY 11, 2025

Authorities dismantled the 8Base ransomware gang, shutting down its dark web data leak and negotiation sites. An international law enforcement operation, codenamed Operation Phobos Aetor, dismantled the 8Base ransomware gang. The ransomware component is then decrypted and loaded into the SmokeLoader process memory.

Ransomware 72

Ransomware Encryption Backups Malware 72

Security Affairs

OCTOBER 29, 2024

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. ” reads the advisory.

VPN 130

VPN Ransomware Firewall Internet 130

The Last Watchdog

OCTOBER 23, 2024

Cybersecurity training for small businesses is critical, and SMBs should invest in training programs to help employees recognize threats such as phishing attacks, ransomware, and other malicious activities. INE Security advises businesses to secure their network by using firewalls, encrypting data, and regularly updating security software.

Small Business 162

Small Business Data breaches Backups Passwords 162

SecureWorld News

MARCH 31, 2025

In a digital world defined by ransomware, cloud sprawl, and hybrid infrastructures, the ability to recover data quickly and securely is one of the most important indicators of an organization's cyber resilience. Ransomware's bullseye: your backups Cybercriminals know that if they can destroy your backups, they've won.

Backups 103

Backups Encryption CISO Mobile 103

Security Affairs

JULY 6, 2025

Hunters International ransomware gang announced its shutdown, citing unspecified “recent developments” and acknowledging its impact. The ransomware group Hunters International announced on its dark web site that it is shutting down, citing “recent developments” without specifying details.

Ransomware 92

Ransomware Cybercrime Encryption Hacking 92

SecureWorld News

JULY 8, 2025

Ransomware is no longer the work of lone-wolf hackers with deep technical chops. Ransomware-as-a-Service (RaaS) has transformed cybercrime into an accessible, scalable platform that anyone can tap into—no code required. Explosive growth in ransomware attacks across every industry. The result?

Ransomware 65

Ransomware Cybercrime Phishing Cryptocurrency 65

Security Affairs

APRIL 7, 2025

These falsely obtained credentials enable cyber criminals to successfully mimic a real-world investigation by inducing platform operators to provide extremely sensitive information. FROM ACCOUNT THEFT TO A FULL-FLEDGED SERVICE: THE EVOLUTION OF THE MODEL The phenomenon has rapidly upgraded complexity, as detailed in the Meridian Group report.

Cybercrime 139

Cybercrime Social Engineering Accountability Government 139

Security Affairs

MARCH 13, 2025

The Medusa ransomware operation hit over 300 organizations in critical infrastructure sectors in the United States until February 2025. The FBI, CISA, and MS-ISAC have issued a joint advisory detailing Medusa ransomware tactics, techniques, and indicators of compromise (IOCs) based on FBI investigations as recent as February 2025.

Ransomware 70

Ransomware Encryption Cryptocurrency Insurance 70

Security Affairs

MARCH 2, 2025

The Qilin ransomware group claims responsibility for attacking the newspaper Lee Enterprises, stealing 350GB of data. The Qilin ransomware group claimed responsibility for the recent cyberattack on Lee Enterprises, which impacted dozens of local newspapers. Yet, the information weve uncovered might offer a different perspective.

Ransomware 78

Ransomware Cybercrime Encryption Healthcare 78

Malwarebytes

NOVEMBER 27, 2024

In 2019, a ransomware attack hit LifeLabs, a Canadian medical testing company. The ransomware encrypted the lab results of 15 million Canadians, and personally identifiable information (PII) of 8.6 Reportedly , LifeLabs paid the ransomware group, which is why it’s still unknown which group was behind the attack.

Ransomware 117

Ransomware Healthcare Risk Encryption 117

Digital Shadows

FEBRUARY 17, 2025

Key Findings First observed in March 2024, BlackLock (aka El Dorado or Eldorado) has rapidly emerged as a major player in the ransomware-as-a-service (RaaS) ecosystem. By Q4 2024, it ranked as the 7th most prolific ransomware group on data-leak sites, fueled by a staggering 1,425% increase in activity from Q3.

Ransomware 83

Ransomware Malware Risk Accountability 83

Security Affairs

MARCH 7, 2025

Medusa ransomware has claimed nearly 400 victims since January 2023, with attacks increasing by 42% between 2023 and 2024. The Symantec Threat Hunter Team reported that the Medusa ransomware operators have claimed nearly 400 victims since January 2023. Experts tracked the Medusa ransomware activity as Spearwing.

Ransomware 63

Ransomware Antivirus Healthcare Encryption 63

Malwarebytes

JANUARY 6, 2025

A US chain of dental offices known as Westend Dental LLC denied a 2020 ransomware attack and its associated data breach, instead telling their customers that data was lost due to an accidentally formatted hard drive. In October 2020, Westend Dental was attacked by the Medusa Locker ransomware group.

Data breaches 143

Data breaches Ransomware Passwords Insurance 143

Security Affairs

MARCH 14, 2025

Operators behind the SuperBlack ransomware exploited two vulnerabilities in Fortinet firewalls for recent attacks. Between January and March, researchers at Forescout Research Vedere Labs observed a threat actors exploiting two Fortinet vulnerabilities to deploy the SuperBlack ransomware. SuperBlack modifies LockBit 3.0s

Firewall 67

Firewall Ransomware VPN Encryption 67

Joseph Steinberg

APRIL 7, 2025

And, of course, all versions of Cybersecurity For Dummies also help guide people to recovering in the event that their computers, phones, or information has already been compromised.

Cybersecurity 187

Cybersecurity Artificial Intelligence Backups Encryption 187

eSecurity Planet

MARCH 17, 2025

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has released a joint cybersecurity advisory warning organizations about the escalating threat posed by the Medusa ransomware.

Ransomware 68

Ransomware Backups Firmware Insurance 68

Security Affairs

MARCH 17, 2025

A researcher released a free decryptor for Linux Akira ransomware, using GPU power to recover keys through brute force. Security researcher Yohanes Nugroho created a free decryptor for Linux Akira ransomware , using GPUs to brute force the decryption keys. The malware encrypts files using KCipher2 and Chacha8. Brute-forcing a 4.5

Ransomware 69

Ransomware Encryption Malware Hacking 69

Security Affairs

MAY 27, 2025

Sophos warns that a DragonForce ransomware operator chained three vulnerabilities in SimpleHelp to target a managed service provider. Sophos researchers reported that a DragonForce ransomware operator exploited three chained vulnerabilities in SimpleHelp software to attack a managed service provider.

Ransomware 105

Ransomware Software Retail Data breaches 105

Security Affairs

MARCH 10, 2025

Another American hospital falls victim to a ransomware attack; the RansomHouse gang announced the hack of Loretto Hospital in Chicago.” Unlike other extortion group, the gang doesnt encrypt data, but focuses on data theft to speed up its activity. Ransomware attacks on U.S. Victims include AMD and Keralty.

Hacking 117

Hacking Healthcare Backups Ransomware 117

Centraleyes

DECEMBER 16, 2024

Ransomware Still Reigns Supreme Ransomware attacks continue to plague organizations globally, and 2024 will be no different. Attackers are becoming more organized, with ransomware-as-a-service (RaaS) operations providing easy access to malicious tools for even novice cybercriminals.

Cybersecurity 98

Cybersecurity Insurance Cyber Insurance Technology 98

Security Affairs

APRIL 13, 2025

The ransomware group has since leaked the stolen data on its dark web leak site. Compromised data includes full names, contact details, ID numbers, banking information, drivers license numbers, medical records and passport details. Ransomware attacks on U.S. The gang claimed the theft of 2 TB of data. ” states the company.

Data breaches 129

Data breaches Unstructured Data Identity Theft Healthcare 129