Security Affairs

DECEMBER 22, 2024

US authorities charged a dual Russian and Israeli national for being a developer of the LockBit ransomware group. Rostislav Panev, 51, a dual Russian-Israeli national, was charged as a LockBit ransomware developer. The man is accused of being a LockBit ransomware developer from 2019 through at least February 2024.

Ransomware 120

Ransomware Small Business Antivirus Malware 120

Security Affairs

FEBRUARY 13, 2025

A November 2024 RA World ransomware attack on an Asian software firm used a tool linked to China-linked threat actors. “Tools that are usually associated with China-based espionage actors were recently deployed in an attack involving the RA World ransomware against an Asian software and services company.

Ransomware 119

Ransomware Software Cybercrime Encryption 119

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide.

Ransomware 113

Ransomware IoT Encryption Social Engineering 113

Malwarebytes

DECEMBER 2, 2024

The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world.

Ransomware 123

Ransomware Backups Small Business Malware 123

Krebs on Security

NOVEMBER 17, 2022

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. There are multiple examples of ransomware groups doing just that after security researchers crowed about finding vulnerabilities in their ransomware code. This is not an idle concern.

Ransomware 359

Ransomware Encryption Backups Manufacturing 359

Security Affairs

MARCH 10, 2025

Microsoft researchers reported that North Korea-linked APT tracked as Moonstone Sleet has employed the Qilin ransomware in limited attacks. Microsoft observed a North Korea-linked APT group, tracked as Moonstone Sleet, deploying Qilin ransomware in limited attacks since February 2025. ” Microsoft wrote on X. .

Ransomware 118

Ransomware Healthcare VPN Malware 118

Krebs on Security

DECEMBER 4, 2024

In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “ Wazawaka ,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest.

Cybercrime 251

Cybercrime Ransomware Cryptocurrency Government 251

Security Affairs

NOVEMBER 6, 2024

Georgia, a ransomware attack disrupted Memorial Hospital and Manor’s access to its Electronic Health Record system. A ransomware attack hit Memorial Hospital and Manor in Bainbridge, Georgia, and disrupted the access to its Electronic Health Record system. Ransomware attacks on U.S. terabytes of data.

Ransomware 126

Ransomware Healthcare Antivirus Data breaches 126

SecureWorld News

JUNE 12, 2025

A new report from Symantec and the Carbon Black Threat Hunter team reveals a concerning evolution in the Fog ransomware operation, which now leverages a rare mix of legitimate software, open-source tools, and stealthy delivery mechanisms to compromise organizations.

Software 65

Software Ransomware VPN Surveillance 65

Security Boulevard

FEBRUARY 14, 2025

A Chinese threat actor who targeted an Asian software company used the same toolset for the ransomware attack that was found in multiple cyberespionage incidents, leaving Symantec analysts to believe the hacker was a Chinese spy who used the malicious tools to earn some money on the side.

Ransomware 101

Ransomware Software Malware Cybersecurity 101

Security Affairs

JUNE 6, 2025

A joint advisory from the US and Australian authorities states that Play ransomware has hit approximately 900 organizations over the past three years. In December 2023, CISA, the FBI, and ACSC warned of Play ransomware’s operation that hit 300 victims by October 2023. ” The Play ransomware group follows a double extortion model.

Ransomware 97

Ransomware Encryption Antivirus Malware 97

The Hacker News

JUNE 13, 2025

Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management (RMM) instances to compromise customers of an unnamed utility billing software provider.

Ransomware 100

Ransomware Software Cybersecurity 100

Security Affairs

MAY 4, 2025

A 36-year-old Yemeni man behind Black Kingdom ransomware is indicted in the U.S. authorities have indicted Rami Khaled Ahmed (aka Black Kingdom, of Sanaa, Yemen), a 36-year-old Yemeni national, suspected of being the administrator of the Black Kingdom ransomware operation. for 1,500 attacks on Microsoft Exchange servers.

Ransomware 114

Ransomware Encryption VPN Malware 114

eSecurity Planet

NOVEMBER 6, 2024

Following a July 18 attack by the Rhysida ransomware group — believed to have Russian affiliations — Columbus is still reeling from the exposure of vast amounts of sensitive resident data. Also, consider regularly patching software and keeping systems updated to close security gaps that attackers could exploit.

Ransomware 113

Ransomware Authentication Identity Theft Penetration Testing 113

Penetration Testing

MAY 29, 2025

As artificial intelligence continues to revolutionize industries, cybercriminals are exploiting the growing demand for AI-driven tools by embedding The post Warning: Fake AI Tools Spread CyberLock Ransomware and Numero Destructive Malware appeared first on Daily CyberSecurity.

Artificial Intelligence 120

Artificial Intelligence Malware Ransomware Cybersecurity 120

Digital Shadows

NOVEMBER 12, 2024

Ransomware Activity Targeting the Construction Sector Ransomware remains the biggest threat to the sector, as demonstrated by the 41% rise in organizations appearing on data-leak sites over the past year.

Ransomware 111

Ransomware Phishing Cyber threats Malware 111

Security Boulevard

NOVEMBER 26, 2024

Coffee store giant Starbucks was among other organizations affected by a ransomware attack this month on cloud managed service provider Blue Yonder, a Panasonic subsidiary that has more than 3,000 customers. The post Supply Chain Ransomware Attack Hits Starbucks, UK Grocers appeared first on Security Boulevard.

Ransomware 121

Ransomware Software Malware Cybersecurity 121

Tech Republic Security

NOVEMBER 27, 2024

Blue Yonder, a prominent supply chain software provider, has been targeted in a ransomware attack, leading to disruption at major retail outlets.

Ransomware 200

Ransomware Retail Software Cyber Attacks 200

Krebs on Security

DECEMBER 10, 2024

Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The security firm Rapid7 notes there have been a series of zero-day elevation of privilege flaws in CLFS over the past few years.

Engineering 254

Engineering Authentication Software Accountability 254

Security Boulevard

FEBRUARY 14, 2025

Ransomware continues to be a formidable threat in the cybersecurity landscape, evolving in complexity and sophistication. It is a type of malicious software that encrypts a victims files or restricts access to their system, demanding payment for decryption or restoration.

Ransomware 88

Ransomware Encryption Software Cybersecurity 88

The Last Watchdog

OCTOBER 23, 2024

Cybersecurity training for small businesses is critical, and SMBs should invest in training programs to help employees recognize threats such as phishing attacks, ransomware, and other malicious activities. INE Security advises businesses to secure their network by using firewalls, encrypting data, and regularly updating security software.

Small Business 162

Small Business Data breaches Backups Passwords 162

Security Affairs

FEBRUARY 20, 2025

NailaoLocker ransomware is a new threat that targeted European healthcare organizations from June to October 2024. “On May 28, 2024 we discovered a vulnerability in Security Gateways with IPsec VPN in Remote Access VPN community and the Mobile Access software blade (CVE-2024-24919). . The ransomware appends the .

Healthcare 86

Healthcare Ransomware VPN Malware 86

Security Affairs

OCTOBER 19, 2024

This week, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. Veeam Backup & Replication is a comprehensive data protection and disaster recovery software developed by Veeam. reads the advisory.

Backups 130

Backups VPN Ransomware Authentication 130

Security Affairs

JANUARY 16, 2025

The Clop ransomware gang claims dozens of victims from a Cleo file transfer vulnerability, though several companies dispute the breaches. The Clop ransomware group added 59 new companies to its leak site, the gain claims to have breached them by exploiting a vulnerability in Cleo file transfer products. are still exploitable.

Ransomware 71

Ransomware Software Hacking Cybersecurity 71

Security Affairs

MAY 27, 2025

Sophos warns that a DragonForce ransomware operator chained three vulnerabilities in SimpleHelp to target a managed service provider. Sophos researchers reported that a DragonForce ransomware operator exploited three chained vulnerabilities in SimpleHelp software to attack a managed service provider.

Ransomware 104

Ransomware Software Retail Data breaches 104

Security Boulevard

MARCH 17, 2025

A software programmer developed a way to use brute force to break the encryption of the notorious Akira ransomware using GPU compute power and enabling some victims of the Linux-focused variant of the malware to regain their encrypted data without having to pay a ransom.

Ransomware 80

Ransomware Encryption Malware Software 80

Security Boulevard

DECEMBER 30, 2024

The post Best of 2024: 30,000 Dealerships Down Ransomware Outage Outrage no. Spend more on security! Car and truck dealers fall back on pen and paper as huge SaaS provider gets hacked (again). 2 at CDK Global appeared first on Security Boulevard.

Ransomware 115

Ransomware Hacking Software 115

eSecurity Planet

MARCH 17, 2025

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has released a joint cybersecurity advisory warning organizations about the escalating threat posed by the Medusa ransomware.

Ransomware 70

Ransomware Backups Firmware Insurance 70

Penetration Testing

JUNE 12, 2025

CISA warns of active exploitation of a SimpleHelp RMM flaw (CVE-2024-57727) by ransomware actors, impacting utility billing software providers and their customers.

Ransomware 64

Ransomware Software Cybersecurity 64

Security Boulevard

JANUARY 10, 2025

Giant education software provider PowerSchool reported that hackers using compromised credentials access a database and stole student and teacher data in an attack that the company said was not ransomware, though a ransom apparently was paid. Affected K-12 school districts are scrambling to alert parents and staffs.

Education 115

Education Ransomware Software Data privacy 115

Krebs on Security

NOVEMBER 19, 2024

Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company. However, it did reference many of the same banks called out as Finastra customers in the Nov.

Data breaches 308

Data breaches Banking Cybercrime Advertising 308

Krebs on Security

SEPTEMBER 27, 2023

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The victim shaming website for the Snatch ransomware gang. com and www-discord[.]com. the now-defunct pittsburghcitygirls[.]com).

Ransomware 326

Ransomware Internet Internet Phishing 326

Malwarebytes

APRIL 15, 2025

The car rental giants data was stolen in a ransomware attack leveraging a vulnerability in Cleo file sharing products.

Data breaches 100

Data breaches Ransomware B2B Passwords 100

Security Affairs

JUNE 20, 2025

.” Fasana suffered a fast-spreading ransomware attack by a known group, locking systems and encrypting files. According to the news outlet WDR, the company suffered a ransomware attack. They are said to have sent so-called ransomware to the company’s systems during the attack. No gang claimed responsibility.

Ransomware 80

Ransomware Encryption Manufacturing Malware 80

Tech Republic Security

OCTOBER 17, 2024

Attackers launched 600 million cybercriminal and nation-state threats on Microsoft customers daily, including ransomware attacks, in the last year, according to the tech giant.

Ransomware 208

Ransomware Artificial Intelligence Software 208

The Last Watchdog

DECEMBER 16, 2024

Williams Dr. Darren Williams , CEO, BlackFog Lesser-known ransomware groups like Hunters International will grow rapidly, leveraging AI for more efficient attacks, while “gang-hopping” by cybercriminals complicates attribution and containment. This empowers them to proactively prioritize what matters most.

Cyber threats 264

Cyber threats CISO IoT Phishing 264

Security Affairs

APRIL 1, 2025

Threat actors are exploiting a critical authentication bypass vulnerability, tracked as CVE-2025-2825 , in the CrushFTP file transfer software. The file transfer software maker CrushFTP urge customers to take immediate action to address the vulnerability. The vulnerability impacts CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0,

Authentication 118

Authentication Software Ransomware Hacking 118