Krebs on Security

DECEMBER 4, 2024

In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “ Wazawaka ,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest.

Cybercrime 255

Cybercrime Ransomware Cryptocurrency Government 255

Security Affairs

NOVEMBER 19, 2024

Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks, was extradited from South Korea to the US to face cybercrime charges. Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges.

Cybercrime 115

Cybercrime Ransomware Healthcare Education 115

Malwarebytes

DECEMBER 2, 2024

The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world.

Ransomware 133

Ransomware Backups Small Business Malware 133

Schneier on Security

JANUARY 26, 2022

There’s a new ransomware that targets NAT devices made by QNAP: The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a.deadbolt file extension.

Ransomware 287

Ransomware Firewall Encryption Internet 287

Security Affairs

OCTOBER 29, 2024

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. ” reads the advisory.

VPN 129

VPN Ransomware Firewall Internet 129

Krebs on Security

JANUARY 27, 2021

and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. The victim shaming site maintained by the NetWalker ransomware group, after being seized by authorities this week. ” Image: Chainalysis.

Ransomware 351

Ransomware Cybercrime Antivirus Encryption 351

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. All they need is one successful attempt to gain initial access."

Ransomware 113

Ransomware IoT Encryption Social Engineering 113

Krebs on Security

JUNE 14, 2022

The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web. Today, however, the group began publishing individual victim websites on the public Internet, with the leaked data made available in an easily searchable form.

Ransomware 314

Ransomware Internet Internet Cybercrime 314

Krebs on Security

JUNE 9, 2020

that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly $300,000 worth of bitcoin. The average ransomware payment by ransomware strain.

Ransomware 363

Ransomware System Administration Backups Technology 363

eSecurity Planet

NOVEMBER 6, 2024

Following a July 18 attack by the Rhysida ransomware group — believed to have Russian affiliations — Columbus is still reeling from the exposure of vast amounts of sensitive resident data. The post Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe appeared first on eSecurity Planet.

Ransomware 113

Ransomware Authentication Identity Theft Penetration Testing 113

SecureWorld News

NOVEMBER 14, 2024

Ransomware attacks on healthcare organizations have sharply increased in 2024, as shown by recent research from Safety Detectives. Compared to 2023, healthcare providers are facing a higher frequency of ransomware incidents, impacting their ability to deliver essential services and protect sensitive patient data.

Healthcare 120

Healthcare Ransomware Identity Theft Data breaches 120

Security Affairs

MARCH 16, 2025

A Micronesian state suffered a ransomware attack and was forced to shut down all computers of its government health agency. A state in Micronesia, the state of Yap, suffered a ransomware attack, forcing the shutdown of all computers in its government health agency. No ransomware group has claimed responsibility for this attack.

Ransomware 117

Ransomware Government Internet Internet 117

Security Affairs

NOVEMBER 4, 2024

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the personal and financial data of 500,000 individuals. On July 29, 2024, the City published an update on the City’s website and confirmed that the City of Columbus suffered a ransomware attack. ” reads the update published by the City.

Ransomware 114

Ransomware Identity Theft Data breaches Cyber threats 114

Krebs on Security

SEPTEMBER 18, 2023

The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The 8Base ransomware group’s victim shaming website on the darknet.

Ransomware 324

Ransomware Accountability Encryption Internet 324

Krebs on Security

NOVEMBER 14, 2024

Golubov later earned immunity from prosecution by becoming an elected politician and founding the Internet Party of Ukraine , which called for free internet for all, the creation of country-wide “hacker schools” and the “computerization of the entire economy.”

Advertising 278

Advertising Retail Cryptocurrency Cybercrime 278

Thales Cloud Protection & Licensing

FEBRUARY 11, 2025

Together for a Better Internet: Celebrating Safer Internet Day 2025 andrew.gertz@t Tue, 02/11/2025 - 14:57 At a time when technology is integral to our lives, Safer Internet Day (SID) has never been more relevant. These measures align perfectly with the spirit of Safer Internet Day. With an estimated 5.8

Internet 62

Internet Internet Education Technology 62

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. “There will be panic. 428 hospitals.”

Ransomware 303

Ransomware Healthcare Cybercrime Government 303

Krebs on Security

SEPTEMBER 27, 2023

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The victim shaming website for the Snatch ransomware gang. top , sntech2ch[.]top top , dwhyj2[.]top

Ransomware 328

Ransomware Internet Internet Phishing 328

Krebs on Security

MAY 14, 2025

. “The average time from public disclosure to exploitation at scale is less than five days, with threat actors, ransomware groups, and affiliates quick to leverage these vulnerabilities.”

Artificial Intelligence 194

Artificial Intelligence Internet Internet Engineering 194

Krebs on Security

OCTOBER 9, 2020

A week ago, KrebsOnSecurity broke the news that someone was attempting to disrupt the Trickbot botnet , a malware crime machine that has infected millions of computers and is often used to spread ransomware. Holden said the Trickbot operators have begun rebuilding their botnet, and continue to engage in deploying ransomware at new targets.

Ransomware 363

Ransomware Internet Internet Passwords 363

Krebs on Security

APRIL 30, 2025

Members of Scattered Spider have been tied to the 2023 ransomware attacks against MGM and Caesars casinos in Las Vegas, but it remains unclear whether Buchanan was implicated in that incident. The Justice Department’s complaint against Buchanan makes no mention of the 2023 ransomware attack. ” U.S. ” U.S.

Identity Theft 198

Identity Theft Phishing Cryptocurrency Cybercrime 198

Malwarebytes

OCTOBER 14, 2024

Last week on ThreatDown: Hands-on-keyboard (HOK) attacks: How ransomware gangs attack in real-time Ransomware insurance is funding cybercrime, says White House official 5 tools IT admins should block right now Stay safe! Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Update now!

Data breaches 133

Data breaches Surveillance Insurance DDOS 133

Krebs on Security

OCTOBER 12, 2020

has executed a coordinated legal sneak attack in a bid to disrupt the malware-as-a-service botnet Trickbot , a global menace that has infected millions of computers and is used to spread ransomware. Microsoft Corp. ” Microsoft’s action comes just days after the U.S.

Healthcare 362

Healthcare Ransomware Internet Internet 362

The Last Watchdog

DECEMBER 16, 2024

Williams Dr. Darren Williams , CEO, BlackFog Lesser-known ransomware groups like Hunters International will grow rapidly, leveraging AI for more efficient attacks, while “gang-hopping” by cybercriminals complicates attribution and containment. This empowers them to proactively prioritize what matters most.

Cyber threats 264

Cyber threats CISO IoT Phishing 264

Krebs on Security

NOVEMBER 8, 2021

Department of Justice today announced the arrest of Ukrainian man accused of deploying ransomware on behalf of the REvil ransomware gang, a Russian-speaking cybercriminal collective that has extorted hundreds of millions from victim organizations. The DOJ also said it had seized $6.1 Vasinskyi was arrested Oct. victim organizations.

Ransomware 351

Ransomware Cybercrime System Administration Passwords 351

Security Affairs

MARCH 13, 2025

The Medusa ransomware operation hit over 300 organizations in critical infrastructure sectors in the United States until February 2025. The FBI, CISA, and MS-ISAC have issued a joint advisory detailing Medusa ransomware tactics, techniques, and indicators of compromise (IOCs) based on FBI investigations as recent as February 2025.

Ransomware 70

Ransomware Encryption Cryptocurrency Insurance 70

Krebs on Security

MARCH 20, 2020

The company’s public statement and notice to customers does not mention the cause of the outage, but their response so far is straight out of the playbook for dealing with ransomware attacks. ” Once considered by many to be isolated extortion attacks, ransomware infestations have become de facto data breaches for victim companies.

Ransomware 353

Ransomware Healthcare Banking Data breaches 353

Krebs on Security

OCTOBER 2, 2020

Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot , an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations.

Ransomware 363

Ransomware Malware Healthcare Internet 363

Krebs on Security

DECEMBER 8, 2022

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.”

Healthcare 332

Healthcare Backups Ransomware Insurance 332

Krebs on Security

JULY 19, 2021

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. “That is still somewhat rare,” Wosar said. “So you’re like, ‘Oh great.

Backups 360

Backups Ransomware Encryption Insurance 360

Krebs on Security

SEPTEMBER 30, 2023

Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang’s internal operations. It continues: “Prior to deploying the ransomware, Snatch threat actors were observed spending up to three months on a victim’s system.

Ransomware 298

Ransomware Accountability Cybercrime Backups 298

SecureList

NOVEMBER 29, 2024

More than 90,000 users experienced ransomware attacks. Nearly 18% of all victims published on ransomware gangs’ data leak sites (DLSs) had been hit by RansomHub. According to the UK’s National Crime Agency (NCA), this individual also was behind the infamous Reveton ransomware Trojan spread in 2012 — 2014.

Mobile 107

Mobile Adware Ransomware Malware 107

Security Affairs

MAY 2, 2025

. “Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today. ” In response to the attack, the company had “restricted internet access at its sites,” however Harrods’ site remained online.

Retail 113

Retail Data breaches Internet Internet 113

Krebs on Security

APRIL 11, 2023

This type of exploit is typically paired with a code execution bug to spread malware or ransomware.” ” According to the security firm Qualys , this vulnerability has been leveraged by cyber criminals to deploy Nokoyawa ransomware. Please consider backing up your data and/or imaging your system before applying any updates.

Social Engineering 306

Social Engineering Ransomware Internet Internet 306

Joseph Steinberg

JANUARY 20, 2022

Consider the case of ransomware, for example, and the fact that the number of successful ransomware attacks has skyrocketed in recent years. In actuality, wildfire is not even a good example, because ransomware can actually spread orders of magnitude faster than wildfire!).

Cybersecurity 363

Cybersecurity Artificial Intelligence Ransomware Social Engineering 363

The Last Watchdog

APRIL 22, 2025

Cybercriminals are moving faster than ever, exploiting implicit trust within networks to spread ransomware and execute supply chain attacks. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. (LW Ill keep watch and keep reporting.

Architecture 147

Architecture Internet Internet Ransomware 147

Malwarebytes

MARCH 17, 2025

The FBI warned specifically about that malware leading to ransomware attacks, but we’ve also seen similar sites that install browser hijackers, adware, and potentially unwanted programs (PUPs). Report it to the Internet Crime Complaint Center. Instead of converting files, the tools actually load malware onto victims computers.

Malware 142

Malware Adware Education Phishing 142