Schneier on Security

MARCH 1, 2022

Nice piece of research : Abstract: Among the many types of malicious codes, ransomware poses a major threat. Ransomware encrypts data and demands a ransom in exchange for decryption. In this paper, we analyzed Hive ransomware, which appeared in June 2021.

Ransomware 324

Ransomware Encryption 324

Security Affairs

DECEMBER 3, 2024

ENGlobal Corporation disclosed a ransomware attack, discovered on November 25, disrupting operations, in a filing to the SEC. A ransomware attack disrupted the operations of a major energy industry contractor, ENGlobal Corporation. No ransomware gang has claimed responsibility for the attack. million year-to-date.

Ransomware 132

Ransomware Encryption Technology Cybersecurity 132

Schneier on Security

SEPTEMBER 30, 2020

Thus, the decision whether to pay or ignore a ransomware demand, seems less of a legal, and more of a practical, determination ­ almost like a cost-benefit analysis. The arguments for rendering a ransomware payment include: Payment is the least costly option; Payment is in the best interest of stakeholders (e.g.

Ransomware 357

Ransomware Data breaches Banking Encryption 357

Krebs on Security

NOVEMBER 17, 2022

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin.

Ransomware 360

Ransomware Encryption Backups Manufacturing 360

Security Affairs

MAY 4, 2025

A 36-year-old Yemeni man behind Black Kingdom ransomware is indicted in the U.S. authorities have indicted Rami Khaled Ahmed (aka Black Kingdom, of Sanaa, Yemen), a 36-year-old Yemeni national, suspected of being the administrator of the Black Kingdom ransomware operation. for 1,500 attacks on Microsoft Exchange servers.

Ransomware 128

Ransomware Encryption VPN Malware 128

Security Affairs

NOVEMBER 12, 2024

New Ymir ransomware was deployed in attacks shortly after systems were breached by RustyStealer malware, Kaspersky warns. Kaspersky researchers discovered a new ransomware family, called Ymir ransomware , which attackers deployed after breaching systems via PowerShell commands. ” reads the report published by Kaspersky.

Ransomware 133

Ransomware Malware Encryption Hacking 133

Security Affairs

NOVEMBER 18, 2024

A ransomware attack on Great Plains Regional Medical Center compromised personal data of 133,000 individuals, exposing sensitive information. On September 8, 2024, Great Plains Regional Medical Center (Oklahoma) suffered a ransomware attack. “On September 8, 2024, we suffered a ransomware attack on our computer system.

Ransomware 136

Ransomware Insurance Encryption Healthcare 136

Security Affairs

NOVEMBER 19, 2024

Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks, was extradited from South Korea to the US to face cybercrime charges. Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges.

Cybercrime 129

Cybercrime Ransomware Healthcare Education 129

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide.

Ransomware 113

Ransomware IoT Encryption Social Engineering 113

Krebs on Security

JANUARY 27, 2021

and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. The victim shaming site maintained by the NetWalker ransomware group, after being seized by authorities this week. ” Image: Chainalysis.

Ransomware 351

Ransomware Cybercrime Antivirus Encryption 351

Security Affairs

JUNE 6, 2025

A joint advisory from the US and Australian authorities states that Play ransomware has hit approximately 900 organizations over the past three years. In December 2023, CISA, the FBI, and ACSC warned of Play ransomware’s operation that hit 300 victims by October 2023. ” The Play ransomware group follows a double extortion model.

Ransomware 97

Ransomware Encryption Antivirus Malware 97

Krebs on Security

JULY 1, 2020

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime.

Ransomware 360

Ransomware Cybercrime Encryption Malware 360

Tech Republic Security

MAY 30, 2024

The ShrinkLocker ransomware exploits the BitLocker feature on enterprise PCs to encrypt the entire local drive and remove recovery options.

Encryption 209

Encryption Ransomware Software Malware 209

The Last Watchdog

MARCH 28, 2025

Mar 28, 2025, CyberNewswire — From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging cyberthreats to plague enterprises. Traditionally, the primary target of ransomware has been the victims device. Palo Alto, Calif.,

Antivirus 147

Antivirus Ransomware Social Engineering Engineering 147

Krebs on Security

JUNE 2, 2020

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. A partial screenshot from the REvil ransomware group’s Dark Web blog. and Europe in early March.” So it’s a double vig.”

Ransomware 357

Ransomware Backups Encryption Internet 357

Security Affairs

MARCH 10, 2025

Microsoft researchers reported that North Korea-linked APT tracked as Moonstone Sleet has employed the Qilin ransomware in limited attacks. Microsoft observed a North Korea-linked APT group, tracked as Moonstone Sleet, deploying Qilin ransomware in limited attacks since February 2025. ” Microsoft wrote on X. .

Ransomware 131

Ransomware VPN Healthcare Malware 131

Schneier on Security

JULY 8, 2021

ArsTechnica has a good story on the REvil ransomware attack of last weekend, with technical details: This weekend’s attack was carried out with almost surgical precision. The ransomware dropper Agent.exe is signed with a Windows-trusted certificate that uses the registrant name “PB03 TRANSPORT LTD.”

Ransomware 363

Ransomware Malware Firewall Encryption 363

Security Affairs

FEBRUARY 13, 2025

A November 2024 RA World ransomware attack on an Asian software firm used a tool linked to China-linked threat actors. Broadcom researchers reported that threat actors behind an RA World ransomware attack against an Asian software and services firm employed a tool that was explosively associated in the past with China-linked APT groups.

Ransomware 130

Ransomware Software Cybercrime Encryption 130

Security Affairs

NOVEMBER 9, 2024

A critical flaw, tracked as CVE-2024-40711, in Veeam Backup & Replication (VBR) was also recently exploited to deploy Frag ransomware. In mid-October, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware.

Backups 140

Backups Ransomware VPN Accountability 140

Schneier on Security

JANUARY 26, 2022

There’s a new ransomware that targets NAT devices made by QNAP: The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a.deadbolt file extension.

Ransomware 288

Ransomware Firewall Encryption Internet 288

Joseph Steinberg

JUNE 9, 2022

The Tenafly, New Jersey, Public School District has canceled final exams for its high school students after a ransomware cyberattack crippled the district’s computer infrastructure. The ransomware attack on Tenafly’s school system is a reminder of a sad, ironic, reality.

Ransomware 363

Ransomware Artificial Intelligence Education Cybercrime 363

Krebs on Security

JUNE 16, 2021

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims. The CLOP gang seized on those flaws to deploy ransomware to a significant number of Accellion’s FTA customers , including U.S.

Ransomware 361

Ransomware Cybercrime Malware Encryption 361

Security Affairs

OCTOBER 29, 2024

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. ” reads the advisory.

VPN 138

VPN Ransomware Firewall Internet 138

Krebs on Security

AUGUST 19, 2021

Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. ” This attacker’s approach may seem fairly amateur, but it would be a mistake to dismiss the threat from West African cybercriminals dabbling in ransomware.

Ransomware 363

Ransomware Social Engineering Cybercrime Scams 363

Security Affairs

FEBRUARY 11, 2025

Authorities dismantled the 8Base ransomware gang, shutting down its dark web data leak and negotiation sites. An international law enforcement operation, codenamed Operation Phobos Aetor, dismantled the 8Base ransomware gang. The ransomware component is then decrypted and loaded into the SmokeLoader process memory.

Ransomware 85

Ransomware Encryption Backups Malware 85

Tech Republic Security

JANUARY 5, 2023

Google, Microsoft and Proton launched new end-to-end encryption products to confront the 50% increase in ransomware, phishing and other email-vector attacks from the first half of 2022. The post Cloud email services bolster encryption against hackers appeared first on TechRepublic.

Encryption 210

Encryption Phishing Ransomware VPN 210

Malwarebytes

DECEMBER 2, 2024

The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world.

Ransomware 122

Ransomware Backups Small Business Malware 122

Security Affairs

APRIL 25, 2025

The Interlock ransomware gang claimed responsibility for the attack on the leading kidney dialysis company DaVita and leaked alleged stolen data. “On April 12, 2025, DaVita became aware of a ransomware incident affecting and encrypting certain on-premises systems. The DaVita network was encrypted by InterLock Ransomware.

Ransomware 107

Ransomware Encryption Insurance Marketing 107

Security Affairs

NOVEMBER 4, 2024

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the personal and financial data of 500,000 individuals. On July 29, 2024, the City published an update on the City’s website and confirmed that the City of Columbus suffered a ransomware attack. The gang claimed they had stolen databases containing 6.5

Ransomware 129

Ransomware Identity Theft Data breaches Cyber threats 129

Krebs on Security

MARCH 2, 2021

PrismHR , a company that sells technology used by other firms to help more than 80,000 small businesses manage payroll, benefits, and human resources, has suffered what appears to be an ongoing ransomware attack that is disrupting many of its services. Hopkinton, Mass.-based PrismHR said it detected the activity on Sunday.

Ransomware 337

Ransomware Small Business Insurance Software 337

Krebs on Security

DECEMBER 19, 2023

Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. BlackCat formed by recruiting operators from several competing or disbanded ransomware organizations — including REvil , BlackMatter and DarkSide.

Ransomware 328

Ransomware Cybercrime Advertising Encryption 328

Heimadal Security

APRIL 2, 2025

Sophos Intercept X is one of the top choices for ransomware protection. In some cases, that might mean […] The post Top 8 Sophos Intercept X Alternatives for Ransomware Encryption Protection appeared first on Heimdal Security Blog. Sophos Intercept X is deeply integrated into the Sophos EDR platform.

Encryption 66

Encryption Ransomware 66

Krebs on Security

SEPTEMBER 15, 2021

TTEC , [ NASDAQ: TTEC ], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned. ET: TTEC confirmed a ransomware attack. Update, 6:20 p.m.

Ransomware 356

Ransomware Banking Cryptocurrency Media 356

eSecurity Planet

NOVEMBER 6, 2024

Following a July 18 attack by the Rhysida ransomware group — believed to have Russian affiliations — Columbus is still reeling from the exposure of vast amounts of sensitive resident data. The post Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe appeared first on eSecurity Planet.

Ransomware 115

Ransomware Authentication Identity Theft Penetration Testing 115

Security Affairs

FEBRUARY 20, 2025

NailaoLocker ransomware is a new threat that targeted European healthcare organizations from June to October 2024. NailaoLocker ransomware is written in C++,the researchers said that the malware is not sophisticated and is poorly designed. The ransomware appends the . locked extension to the filenames of encrypted files.

Healthcare 93

Healthcare Ransomware VPN Malware 93

Security Affairs

MARCH 24, 2025

The Cloak ransomware group claims responsibility for a cyberattack on the Virginia Attorney Generals Office that occurred in February. The ransomware group Cloak has claimed responsibility for a February cyberattack on the Virginia Attorney General Office.

Ransomware 110

Ransomware Hacking Social Engineering VPN 110

The Hacker News

MAY 28, 2025

over his involvement in an international ransomware and extortion scheme involving the Robbinhood ransomware. An Iranian national has pleaded guilty in the U.S.

Ransomware 97

Ransomware Encryption 97