Ransomware List - 2024 2023 2021 2020 2019 2018
DATE | NAME | Info | CATEG. | WEB |
| 21.12.24 | LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages | A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. | Ransom | The Hacker News |
28.10.24 | Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions | Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of | Ransom | |
27.10.24 | New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics | Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics | Ransom | |
27.10.24 | Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks | Threat actors have been observed abusing Amazon S3 (Simple Storage Service) Transfer Acceleration feature as part of | Ransom | |
27.10.24 | Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks | A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government | ||
| 26.10.24 | Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program | Cybersecurity researchers have gleaned additional insights into a nascent ransomware-as-a-service (RaaS) called Cicada3301 after | Ransom | The Hacker News |
29.9.24 | Embargo ransomware escalates attacks to cloud environments | Microsoft warns that ransomware threat actor Storm-0501 has recently switched tactics and now targets hybrid cloud environments, expanding its strategy to compromise all victim assets. | Ransom | |
28.9.24 | AutoCanada says ransomware attack "may" impact employee data | AutoCanada is warning that employee data may have been exposed in an August cyberattack claimed by the Hunters International ransomware gang. | Ransom | |
24.9.24 | New Mallox ransomware Linux variant based on leaked Kryptina code | An affiliate of the Mallox ransomware operation, also known as TargetCompany, was spotted using a slightly modified version of the Kryptina ransomware to attack Linux systems. | Ransom | |
21.9.24 | X hacking spree fuels "$HACKED" crypto token pump-and-dump | Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks. | Ransom | BleepingComputer |
21.9.24 | Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware | Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks. | Ransom | BleepingComputer |
21.9.24 | Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware | Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks. | Ransom | |
20.9.24 | Ransomware gangs now abuse Microsoft Azure tool for data theft | Ransomware gangs like BianLian and Rhysida increasingly use Microsoft's Azure Storage Explorer and AzCopy to steal data from breached networks and store it in Azure Blob storage. | Ransom | |
19.9.24 | Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector | Microsoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the first | Ransom | The Hacker News |
15.9.24 | Port of Seattle hit by Rhysida ransomware in August attack | Port of Seattle, the United States government agency overseeing Seattle's seaport and airport, confirmed on Friday that the Rhysida ransomware operation was behind a cyberattack impacting its systems over the last three weeks. | Ransom | |
15.9.24 | RansomHub claims Kawasaki cyberattack, threatens to leak stolen data | Kawasaki Motors Europe has announced that it's recovering from a cyberattack that caused service disruptions as the RansomHub ransomware gang threatens to leak stolen data. | Ransom | |
14.9.24 | RansomHub ransomware abuses Kaspersky TDSSKiller to disable EDR software | The RansomHub ransomware gang has been using TDSSKiller, a legitimate tool from Kaspersky, to attempt disabling endpoint detection and response (EDR) services on target systems. | Ransom | |
14.9.24 | NoName ransomware gang deploying RansomHub malware in recent attacks | The NoName ransomware gang has been trying to build a reputation for more than three years targeting small and medium-sized businesses worldwide with its encryptors and may now be working as a RansomHub affiliate. | Ransom | BleepingComputer |
11.9.24 | CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub | The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and | Ransom | The Hacker News |
10.9.24 | Critical SonicWall SSLVPN bug exploited in ransomware attacks | Ransomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims' networks. | Ransom | |
8.9.24 | Planned Parenthood confirms cyberattack as RansomHub claims breach | Planned Parenthood has confirmed it suffered a cyberattack affecting its IT systems, forcing it to take parts of its infrastructure offline to contain the damage. | Ransom | |
7.9.24 | Linux version of new Cicada ransomware targets VMware ESXi servers | A new ransomware-as-a-service (RaaS) operation named Cicada3301 has already listed 19 victims on its extortion portal, as it quickly attacked companies worldwide. | Ransom | |
4.9.24 | New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems | Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities | Ransom | The Hacker News |
4.9.24 | RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors | Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in | Ransom | The Hacker News |
1.9.24 | Halliburton cyberattack linked to RansomHub ransomware gang | The RansomHub ransomware gang is behind the recent cyberattack on oil and gas services giant Halliburton, which disrupted the company's IT systems and business operations. | Ransom | |
1.9.24 | FBI: RansomHub ransomware breached 210 victims since February | Since surfacing in February 2024, RansomHub ransomware affiliates have breached over 200 victims from a wide range of critical U.S. infrastructure sectors. | Ransom | |
31.8.24 | Iranian hackers work with ransomware gangs to extort breached orgs | An Iran-based hacking group known as Pioneer Kitten is breaching defense, education, finance, and healthcare organizations across the United States and working with affiliates of several ransomware operations to extort the victims. | Ransom | |
31.8.24 | BlackSuit ransomware stole data of 950,000 from software vendor | Young Consulting is sending data breach notifications to 954,177 people who had their information exposed in a BlackSuit ransomware attack on April 10, 2024. | Ransom | |
31.8.24 | US Marshals Service disputes ransomware gang's breach claims | The U.S. Marshals Service (USMS) denies its systems were breached by the Hunters International ransomware gang after being listed as a new victim on the cybercrime group's leak site on Monday. | Ransom | |
29.8.24 | U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware Attacks | U.S. cybersecurity and intelligence agencies have called out an Iranian hacking group for breaching multiple organizations across | Ransom | The Hacker News |
28.8.24 | BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave | The threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting | Ransom | The Hacker News |
27.8.24 | Patelco notifies 726,000 customers of ransomware data breach | Patelco Credit Union warns customers it suffered a data breach after personal data was stolen in a RansomHub ransomware attack earlier this year. | Ransom | |
25.8.24 | American Radio Relay League confirms $1 million ransom payment | The American Radio Relay League (ARRL) paid a $1 million ransom for a decryptor that helped restore systems encrypted in a May ransomware attack | Ransom | |
25.8.24 | Qilin ransomware now steals credentials from Chrome browsers | The Qilin ransomware group has been using a new tactic and deploys a custom stealer to steal account credentials stored in Google Chrome browser. | Ransom | |
24.8.24 | QNAP adds NAS ransomware protection to latest QTS version | Taiwanese hardware vendor QNAP has added a Security Center with ransomware protection capabilities to the latest version of its QTS operating system for network-attached storage (NAS) devices. | Ransom | |
24.8.24 | New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data | The threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on | Ransom | The Hacker News |
23.8.24 | CannonDesign confirms Avos Locker ransomware data breach | The Cannon Corporation dba CannonDesign is sending notices of a data breach to more than 13,000 of current and former employees, informing that hackers breached and stole data from its network in an attack in early 2023. | Ransom | |
23.8.24 | Ransomware rakes in record-breaking $450 million in first half of 2024 | Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, setting the stage for a new record this year if ransom payments continue at this level. | Ransom | |
21.8.24 | Ransomware gang deploys new malware to kill security software | RansomHub ransomware operators have been spotted deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks | Ransom | |
20.8.24 | CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known | Ransom | The Hacker News |
17.8.24 | 3AM ransomware stole data of 464,000 Kootenai Health patients | Kootenai Health has disclosed a data breach impacting over 464,000 patients after their personal information was stolen and leaked by the 3AM ransomware operation. | Ransom | |
17.8.24 | Ransom Cartel, Reveton ransomware owner arrested, charged in US | Belarusian-Ukrainian national Maksim Silnikau was arrested in Spain and is now extradited to the USA to face charges for creating the Ransom Cartel ransomware operation in 2021 and running a malvertising operation from 2013 to 2022. | Ransom | |
16.8.24 | Australian gold producer Evolution Mining hit by ransomware | Evolution Mining has informed that it has been targeted by a ransomware attack on August 8, 2024, which impacted its IT systems. | Ransom | |
15.8.24 | RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks | A cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint | Ransom | The Hacker News |
15.8.24 | Black Basta-Linked Attackers Target Users with SystemBC Malware | An ongoing social engineering campaign with alleged links to the Black Basta ransomware group has been linked to "multiple intrusion | Ransom | The Hacker News |
11.8.24 | McLaren hospitals disruption linked to INC ransomware attack | On Tuesday, IT and phone systems at McLaren Health Care hospitals were disrupted following an attack linked to the INC Ransom ransomware operation. | Ransom | |
11.8.24 | UK IT provider faces $7.7 million fine for 2022 ransomware breach | The UK's Information Commissioner's Office (ICO) has announced a provisional decision to impose a fine of £6.09M ($7.74 million) on Advanced Computer Software Group Ltd (Advanced) for its failure to protect the personal information of tens of thousands when it was hit by ransomware in 2022. | Ransom | |
9.8.24 | Ransomware gang targets IT workers with new SharpRhino malware | The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks. | Ransom | |
9.8.24 | Keytronic reports losses of over $17 million after ransomware attack | Electronic manufacturing services provider Keytronic has revealed that it suffered losses of over $17 million due to a May ransomware attack. | Ransom | |
9.8.24 | Surge in Magniber ransomware attacks impact home users worldwide | A massive Magniber ransomware campaign is underway, encrypting home users' devices worldwide and demanding thousand-dollar ransoms to receive a decryptor. | Ransom | |
8.8.24 | FBI and CISA Warn of BlackSuit Ransomware That Demands Up to $500 Million | The ransomware strain known as BlackSuit has demanded as much as $500 million in ransoms to date, with one individual ransom | Ransom | The Hacker News |
4.8.24 | OneBlood's virtual machines encrypted in ransomware attack | OneBlood, a large not-for-profit blood center that serves hospitals and patients in the United States, is dealing with an IT systems outage caused by a ransomware attack. | Ransom | |
3.8.24 | Dark Angels ransomware receives record-breaking $75 million ransom | A Fortune 50 company paid a record-breaking $75 million ransom payment to the Dark Angels ransomware gang, according to a report by Zscaler ThreatLabz. | Ransom | |
3.8.24 | CISA warns of VMware ESXi bug exploited in ransomware attacks | CISA has ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks. | Ransom | |
3.8.24 | Black Basta ransomware switches to more evasive custom malware | The Black Basta ransomware gang has shown resilience and an ability to adapt to a constantly shifting space, using new custom tools and tactics to evade detection and spread throughout a network. | Ransom | |
3.8.24 | Columbus investigates whether data was stolen in ransomware attack | The City of Columbus, Ohio, says it's investigating whether personal data was stolen in a ransomware attack on July 18, 2024 that disrupted the City's services. | Ransom | |
3.8.24 | Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks | Microsoft warned today that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in attacks. | Ransom | |
31.7.24 | VMware ESXi Flaw Exploited by Ransomware Groups for Admin Access | A recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by "several" ransomware groups to gain | Ransom | The Hacker News |
28.7.24 | Russian ransomware gangs account for 69% of all ransom proceeds | Russian-speaking threat actors accounted for at least 69% of all crypto proceeds linked to ransomware throughout the previous year, exceeding $500,000,000. | Ransom | |
28.7.24 | US offers $10M for tips on DPRK hacker linked to Maui ransomware attacks | The U.S. State Department is offering a reward of up to $10 million for information that could help capture a North Korean military hacker. | Ransom | |
26.7.24 | New Play ransomware Linux version targets VMware ESXi VMs | Play ransomware is the latest ransomware gang to start deploying a dedicated Linux locker for encrypting VMware ESXi virtual machines. | Ransom | |
26.7.24 | Los Angeles Superior Court shuts down after ransomware attack | The largest trial court in the United States, the Superior Court of Los Angeles County, closed all 36 courthouse locations on Monday to restore systems affected by a Friday ransomware attack. | Ransom | |
26.7.24 | North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks | A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks | Ransom | The Hacker News |
23.7.24 | New Linux Variant of Play Ransomware Targeting VMware ESXi Systems | Cybersecurity researchers have discovered a new Linux variant of a ransomware strain known as Play (aka Balloonfly and PlayCrypt) | Ransom | The Hacker News |
20.7.24 | MediSecure: Ransomware gang stole data of 12.9 million people | MediSecure, an Australian prescription delivery service provider, revealed that roughly 12.9 million people had their personal and health information stolen in an April ransomware attack. | Ransom | |
20.7.24 | Russians plead guilty to involvement in LockBit ransomware attacks | Two Russian individuals admitted to participating in many LockBit ransomware attacks, which targeted victims worldwide and across the United States. | Ransom | |
18.7.24 | Microsoft links Scattered Spider hackers to Qilin ransomware attacks | Microsoft says the Scattered Spider cybercrime gang has added Qilin ransomware to its arsenal and is now using it in attacks. | Ransom | |
18.7.24 | SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks | The SEXi ransomware operation, known for targeting VMware ESXi servers, has rebranded under the name APT INC and has targeted numerous organizations in recent attacks. | Ransom | |
17.7.24 | Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks | The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into | Ransom | |
15.7.24 | Rite Aid confirms data breach after June ransomware attack | Pharmacy giant Rite Aid confirmed a data breach after suffering a cyberattack in June, which was claimed by the RansomHub ransomware operation. | Ransom | |
15.7.24 | New HardBit Ransomware 4.0 Uses Passphrase Protection to Evade Detection | Cybersecurity researchers have shed light on a new version of a ransomware strain called HardBit that comes packaged with new | Ransom | |
14.7.24 | Dallas County: Data of 200,000 exposed in 2023 ransomware attack | Dallas County is notifying over 200,000 people that the Play ransomware attack, which occurred in October 2023, exposed their personal data to cybercriminals. | Ransom | |
11.7.24 | Avast releases free decryptor for DoNex ransomware and past variants | Antivirus company Avast have discovered a weakness in the cryptographic scheme of the DoNex ransomware family and released a decryptor so victims can recover their files for free. | Ransom | |
11.7.24 | New Ransomware Group Exploiting Veeam Backup Software Vulnerability | A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation | Ransom | |
8.7.24 | New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems | An emerging ransomware-as-a-service (RaaS) operation called Eldorado comes with locker variants to encrypt files on Windows and | Ransom | The Hacker News |
6.7.24 | New Eldorado ransomware targets Windows, VMware ESXi VMs | A new ransomware-as-a-service (RaaS) called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows. | Ransom | |
5.7.24 | Patelco shuts down banking systems following ransomware attack | Patelco Credit Union has disclosed it experienced a ransomware attack that led to the proactive shutdown of several of its customer-facing banking systems to contain the incident's impact. | Ransom | |
30.6.24 | Meet Brain Cipher — The new ransomware behind Indonesia's data center attack | The new Brain Cipher ransomware operation has begun targeting organizations worldwide, gaining media attention for a recent attack on Indonesia's temporary National Data Center. | Ransom | |
30.6.24 | BlackSuit ransomware gang claims attack on KADOKAWA corporation | The BlackSuit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid. | Ransom | |
29.6.24 | Chinese Cyberspies Employ Ransomware in Attacks for Diversion | Cyberespionage groups have been using ransomware as a tactic to make attack attribution more challenging, distract defenders, or for a financial reward as a secondary goal to data theft. | Ransom | |
29.6.24 | LockBit lied: Stolen data is from a bank, not US Federal Reserve | Recently-disrupted LockBit ransomware group, in a desperate attempt to make a comeback, claimed this week that it had hit the Federal Reserve, the central bank of the United States. Except, the rumor has been quashed. | Ransom | |
| 28.6.24 | P2PInfect botnet targets REdis servers with new ransomware module | P2PInfect, originally a dormant peer-to-peer malware botnet with unclear motives, has finally come alive to deploy a ransomware module and a cryptominer in attacks on Redis servers. | Ransom | |
| 28.6.24 | Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads | The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and | Ransom | The Hacker News |
| 27.6.24 | Linux version of RansomHub ransomware targets VMware ESXi VMs | The RansomHub ransomware operation is using a Linux encryptor designed specifically to encrypt VMware ESXi environments in corporate attacks. | Ransom | |
| 19.6.24 | Panera Bread likely paid a ransom in March ransomware attack | Panera Bread, an American chain of fast food restaurants, most likely paid a ransom after being hit by a ransomware attack, suggests language used an internal email sent to employees. | Ransom | |
| 16.6.24 | London hospitals cancel over 800 operations after ransomware attack | NHS England revealed today that multiple London hospitals impacted by last week's Synnovis ransomware attack were forced to cancel hundreds of planned operations and appointments. | Ransom | |
| 16.6.24 | CISA warns of Windows bug exploited in ransomware attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Windows vulnerability abused in ransomware attacks as a zero-day to its catalog of actively exploited security bugs. | Ransom | |
| 15.6.24 | Ascension hacked after employee downloaded malicious file | Ascension, one of the largest U.S. healthcare systems, revealed that a May 2024 ransomware attack was caused by an employee who downloaded a malicious file onto a company device. | Ransom | |
| 15.6.24 | Toronto District School Board hit by a ransomware attack | The Toronto District School Board (TDSB) is warning that it suffered a ransomware attack on its software testing environment and is now investigating whether any personal information was exposed. | Ransom | |
| 15.6.24 | Panera warns of employee data breach after March ransomware attack | U.S. food chain giant Panera Bread is notifying employees of a data breach after unknown threat actors stole their sensitive personal information in a March ransomware attack. | Ransom | |
| 14.6.24 | Police arrest Conti and LockBit ransomware crypter specialist | The Ukraine cyber police have arrested a 28-year-old Russian man in Kyiv for working with Conti and LockBit ransomware operations to make their malware undetectable by antivirus software and conducting at least one attack himself. | Ransom | |
| 14.6.24 | Black Basta ransomware gang linked to Windows zero-day attacks | The Cardinal cybercrime group (Storm-1811, UNC4394), who are the main operators of the Black Basta ransomware, is suspected of exploiting a Windows privilege escalation vulnerability, CVE-2024-26169, before a fix was made available. | Ransom | |
| 13.6.24 | Ukraine Police Arrest Suspect Linked to LockBit and Conti Ransomware Groups | The Cyber Police of Ukraine has announced the arrest of a local man who is suspected to have offered their services to LockBit and Conti | Ransom | The Hacker News |
| 13.6.24 | TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers | The TellYouThePass ransomware gang has been exploiting the recently patched CVE-2024-4577 remote code execution vulnerability in PHP to deliver webshells and execute the encryptor payload on target systems. | Ransom | |
| 13.6.24 | London hospitals face blood shortage after Synnovis ransomware attack | England's NHS Blood and Transplant (NHSBT) has issued an urgent call to O Positive and O Negative blood donors to book appointments and donate after last week's cyberattack on pathology provider Synnovis impacted multiple hospitals in London. | Ransom | |
| 13.6.24 | Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw | Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the | Ransom | The Hacker News |
| 9.6.24 | Christie's starts notifying clients of RansomHub data breach | British auction house Christie's is notifying individuals whose data was stolen by the RansomHub ransomware gang in a recent network breach. | Ransom | |
| 9.6.24 | New Fog ransomware targets US education sector via breached VPNs | A new ransomware operation named 'Fog' launched in early May 2024, is using compromised VPN credentials to breach the networks of educational organizations in the U.S. | Ransom | |
| 9.6.24 | PandaBuy pays ransom to hacker only to get extorted again | Chinese shopping platform Pandabuy told BleepingComputer it previously paid a a ransom demand to prevent stolen data from being leaked, only for the same threat actor to extort the company again this week. | Ransom | |
| 9.6.24 | Linux version of TargetCompany ransomware focuses on VMware ESXi | Researchers observed a new Linux variant of the TargetCompany ransomware family that targets VMware ESXi environments using a custom shell script to deliver and execute payloads. | Ransom | BleepingComputer |
| 8.6.24 | FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out | The FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000 LockBit decryption keys that they can use to recover encrypted data for free. | Ransom | |
| 8.6.24 | Qilin ransomware gang linked to attack on London hospitals | A ransomware attack that hit pathology services provider Synnovis on Monday and impacted several major NHS hospitals in London has now been linked to the Qilin ransomware operation. | Ransom | |
| 8.6.24 | RansomHub extortion gang linked to now-defunct Knight ransomware | Security researchers analyzing the relatively new RansomHub ransomware-as-a-service believe that it has evolved from the currently defunct Knight ransomware project. | Ransom | |
| 8.6.24 | Major London hospitals disrupted by Synnovis ransomware attack | A ransomware attack affecting pathology and diagnostic services provider Synnovis has impacted healthcare services at multiple major NHS hospitals in London. | Ransom | |
7.6.24 | FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims | The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with | Ransom | |
5.6.24 | Rebranded Knight Ransomware Targeting Healthcare and Businesses Worldwide | An analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of Knight | Ransom | The Hacker News |
26.5.24 | New ShrinkLocker ransomware uses BitLocker to encrypt your files | A new ransomware strain called ShrinkLocker creates a new boot partition to encrypt corporate systems using Windows BitLocker. | Ransom | |
25.5.24 | ShrinkLocker: Turning BitLocker into ransomware | The Kaspersky GERT has detected a VBS script that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom. | Ransom | Securelist |
25.5.24 | LockBit says they stole data in London Drugs ransomware attack | Today, the LockBit ransomware gang claimed they were behind the April cyberattack on Canadian pharmacy chain London Drugs and is now threatening to publish stolen data online after allegedly failed negotiations. | Ransom | |
24.5.24 | DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed? | Introduction The infamous Colonial pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were more | Ransom | The Hacker News |
23.5.24 | OmniVision discloses data breach after 2023 ransomware attack | The California-based imaging sensors manufacturer OmniVision is warning of a data breach after the company suffered a Cactus ransomware attack last year. | Ransom | |
19.5.24 | Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising | A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP. | Ransom | |
19.5.24 | The Week in Ransomware - May 17th 2024 - Mailbombing is back | This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. However, that does not mean there was nothing of interest released this week about ransomware. | Ransom | |
18.5.24 | Windows Quick Assist abused in Black Basta ransomware attacks | Financially motivated cybercriminals abuse the Windows Quick Assist feature in social engineering attacks to deploy Black Basta ransomware payloads on victims' networks. | Ransom | |
18.5.24 | INC ransomware source code selling on hacking forums for $300,000 | A cybercriminal using the name "salfetka" claims to be selling the source code of INC Ransom, a ransomware-as-a-service (RaaS) operation launched in August 2023. | Ransom | |
16.5.24 | Cybercriminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks | The Microsoft Threat Intelligence team said it has observed a threat it tracks under the name Storm-1811 abusing the client | Ransom | The Hacker News |
12.5.24 | CISA: Black Basta ransomware breached over 500 orgs worldwide | CISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024. | Ransom | |
12.5.24 | The Week in Ransomware - May 10th 2024 - Chipping away at LockBit | After many months of taunting law enforcement and offering a million-dollar reward to anyone who could reveal his identity, the FBI and NCA have done just that, revealing the name of LockBitSupp, the operator of the LockBit ransomware operation. | Ransom | |
12.5.24 | Ascension redirects ambulances after suspected ransomware attack | Ascension, a major U.S. healthcare network, is diverting ambulances from several hospitals due to a suspected ransomware attack that has been causing clinical operation disruptions and system outages since Wednesday. | Ransom | |
12.5.24 | Ohio Lottery ransomware attack impacts over 538,000 individuals | The Ohio Lottery is sending data breach notification letters to over 538,000 individuals affected by a cyberattack that hit the organization's systems on Christmas Eve. | Ransom | |
11.5.24 | FBI warns of gift card fraud ring targeting retail companies | The LockBit ransomware gang has claimed responsibility for a disruptive cyberattack on the City of Wichita, which has forced the City's authorities to shut down IT systems used for online bill payment, including court fines, water bills, and public transportation. | Ransom | |
| 9.5.24 | City of Wichita breach claimed by LockBit ransomware gang | The LockBit ransomware gang has claimed responsibility for a disruptive cyberattack on the City of Wichita, which has forced the City's authorities to shut down IT systems used for online bill payment, including court fines, water bills, and public transportation. | Ransom | |
| 8.5.24 | LockBit ransomware admin identified, sanctioned in US, UK, Australia | The FBI, UK National Crime Agency, and Europol have unveiled sweeping indictments and sanctions against the admin of the LockBit ransomware operation, with the identity of the Russian threat actor revealed for the first time. | Ransom | |
| 8.5.24 | City of Wichita shuts down IT network after ransomware attack | The City of Wichita, Kansas, disclosed it was forced to shut down portions of its network after suffering a weekend ransomware attack. | Ransom | |
| 8.5.24 | Lockbit's seized site comes alive to tease new police announcements | The NCA, FBI, and Europol have revived a seized LockBit ransomware data leak site to hint at new information being revealed by law enforcement this Tuesday. | Ransom | |
| 6.5.24 | REvil hacker behind Kaseya ransomware attack gets 13 years in prison | Yaroslav Vasinskyi, a Ukrainian national, was sentenced to 13 years and seven months in prison and ordered to pay $16 million in restitution for his involvement in the REvil ransomware operation. | Ransom | |
| 5.5.24 | French hospital CHC-SV refuses to pay LockBit extortion demand | The Hôpital de Cannes - Simone Veil (CHC-SV) in France announced it received a ransom demand from the Lockbit 3.0 ransomware gang, saying they refuse to pay the ransom. | Ransom | |
| 24.4.24 | UnitedHealth confirms it paid ransomware gang to stop data leak | The UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to protect sensitive data stolen during the Optum ransomware attack in late February. | Ransom | |
| 24.4.24 | Synlab Italia suspends operations following ransomware attack | Synlab Italia has suspended all its medical diagnostic and testing services after a ransomware attack forced its IT systems to be taken offline. | Ransom | |
| 24.4.24 | Unmasking the True Cost of Cyberattacks: Beyond Ransom and Recovery | Cybersecurity breaches can be devastating for both individuals and businesses alike. While many people tend to focus on | Ransom | The Hacker News |
| 22.4.24 | Ransomware payments drop to record low of 28% in Q1 2024 | Ransomware actors have had a rough start this year, as stats from cybersecurity firm Coveware show that the trend of victims declining to pay the cybercriminals continues and has now reached a new record low of 28%. | Ransom | |
| 20.4.24 | The Week in Ransomware - April 19th 2024 - Attacks Ramp Up | While ransomware attacks decreased after the LockBit and BlackCat disruptions, they have once again started to ramp up with other operations filling the void. | Ransom | |
| 20.4.24 | HelloKitty ransomware rebrands, releases CD Projekt and Cisco data | An operator of the HelloKitty ransomware operation announced they changed the name to 'HelloGookie,' releasing passwords for previously leaked CD Projekt source code, Cisco network information, and decryption keys from old attacks.. | Ransom | |
| 19.4.24 | Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers | Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the | Ransom | The Hacker News |
| 19.4.24 | FBI: Akira ransomware raked in $42 million from 250+ victims | According to a joint advisory from the FBI, CISA, Europol's European Cybercrime Centre (EC3), and the Netherlands' National Cyber Security Centre (NCSC-NL), the Akira ransomware operation has breached the networks of over 250 organizations and raked in roughly $42 million in ransom payments. | Ransom | |
| 18.4.24 | Moldovan charged for operating botnet used to push ransomware | The U.S. Justice Department charged Moldovan national Alexander Lefterov, the owner and operator of a large-scale botnet that infected thousands of computers across the United States. | Ransom | |
| 18.4.24 | Using the LockBit builder to generate targeted ransomware | The LockBit 3.0 builder has significantly simplified creating customized ransomware. The image below shows the files that constitute it. As we can see, keygen.exe generates public and private keys used for encryption and decryption. After that, builder.exe generates the variant according to the options set in the config.json file. | Ransom | Securelist |
| 17.4.24 | Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware | Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks | Ransom | The Hacker News |
| 16.4.24 | Ransomware gang starts leaking alleged stolen Change Healthcare data | The RansomHub extortion gang has begun leaking what they claim is corporate and patient data stolen from United Health subsidiary Change Healthcare in what has been a long and convoluted extortion process for the company. | Ransom | |
| 16.4.24 | Daixin ransomware gang claims attack on Omni Hotels | The Daixin Team ransomware gang claimed a recent cyberattack on Omni Hotels & Resorts and is now threatening to publish customers' sensitive information if a ransom is not paid. | Ransom | |
| 14.4.24 | Optics giant Hoya hit with $10 million ransomware demand | A recent cyberattack on Hoya Corporation was conducted by the 'Hunters International' ransomware operation, which demanded a $10 million ransom for a file decryptor and not to release files stolen during the attack. | Ransom | BleepingComputer |
| 11.4.24 | GHC-SCW: Ransomware gang stole health data of 533,000 people | Non-profit healthcare service provider Group Health Cooperative of South Central Wisconsin (GHC-SCW) has disclosed that a ransomware gang breached its network in January and stole documents containing the personal and medical information of over 500,000 individuals. | Ransom | |
| 7.4.24 | The Week in Ransomware - April 5th 2024 - Virtual Machines under Attack | Ransomware attacks targeting VMware ESXi and other virtual machine platforms are wreaking havoc among the enterprise, causing widespread disruption and loss of services. | Ransom | |
| 7.4.24 | Panera Bread week-long IT outage caused by ransomware attack | Panera Bread's recent week-long outage was caused by a ransomware attack, according to people familiar with the matter and emails seen by BleepingComputer. | Ransom | |
| 6.4.24 | Hosting firm's VMware ESXi servers hit by new SEXi ransomware | Chilean data center and hosting provider IxMetro Powerhost has suffered a cyberattack at the hands of a new ransomware gang known as SEXi, which encrypted the company's VMware ESXi servers and backups. | Ransom | |
| 6.4.24 | Jackson County in state of emergency after ransomware attack | Jackson County, Missouri, is in a state of emergency after a ransomware attack took down some county services on Tuesday. | Ransom | |
| 31.3.24 | INC Ransom threatens to leak 3TB of NHS Scotland stolen data | The INC Ransom extortion gang is threatening to publish three terabytes of data allegedly stolen after breaching the National Health Service (NHS) of Scotland. | Ransom | BleepingComputer |
| 30.3.24 | Ransomware as a Service and the Strange Economics of the Dark Web | Ransomware is quickly changing in 2024, with massive disruptions and large gangs shutting down. Learn from Flare how affiliate competition is changing in 2024, and what might come next. | Ransom | |
| 23.3.24 | What the Latest Ransomware Attacks Teach About Defending Networks | Recent ransomware attacks have shared valuable lessons on how to limit risk to your own networks. Learn from Blink Ops about how organizations can limit their ransomware risk. | Ransom | |
| 20.3.24 | TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks | Multiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, | Ransom | The Hacker News |
| 17.3.24 | Hackers exploit Aiohttp bug to find vulnerable networks | The ransomware actor 'ShadowSyndicate' was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library. | Ransom | |
| 16.3.24 | StopCrypt: Most widely distributed ransomware evolves to evade detection | A new variant of StopCrypt ransomware (aka STOP) was spotted in the wild, employing a multi-stage execution process that involves shellcodes to evade security tools. | Ransom | |
| 16.3.24 | Nissan confirms ransomware attack exposed data of 100,000 people | Nissan Oceania is warning of a data breach impacting 100,000 people after suffering a cyberattack in December 2023 that was claimed by the Akira ransomware operation. | Ransom | |
| 16.3.24 | US govt probes if ransomware gang stole Change Healthcare data | The U.S. Department of Health and Human Services is investigating whether protected health information was stolen in a ransomware attack that hit UnitedHealthcare Group (UHG) subsidiary Optum, which operates the Change Healthcare platform, in late February. | Ransom | |
| 14.3.24 | LockBit ransomware affiliate gets four years in jail, to pay $860k | Russian-Canadian cybercriminal Mikhail Vasiliev has been sentenced to four years in prison by an Ontario court for his involvement in the LockBit ransomware operation. | Ransom | |
| 14.3.24 | Stanford: Data of 27,000 people stolen in September ransomware attack | Stanford University says the personal information of 27,000 individuals was stolen in a ransomware attack impacting its Department of Public Safety (SUDPS) network. | Ransom | |
| 13.3.24 | Equilend warns employees their data was stolen by ransomware gang | New York-based securities lending platform EquiLend Holdings confirmed in data breach notification letters sent to employees that their data was stolen in a January ransomware attack. | Ransom | |
| 11.3.24 | BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks | The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their | Ransom | The Hacker News |
| 10.3.24 | The Week in Ransomware - March 8th 2024 - Waiting for the BlackCat rebrand | We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. | Ransom | |
| 10.3.24 | Switzerland: Play ransomware leaked 65,000 government documents | The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files. | Ransom | |
| 7.3.24 | Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout | The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law | Ransom | The Hacker News |
| 6.3.24 | BlackCat ransomware shuts down in exit scam, blames the "feds" | The BlackCat ransomware gang is pulling an exit scam, trying to shut down and run off with affiliates' money by pretending the FBI seized their site and infrastructure. | Ransom | |
| 6.3.24 | BlackCat ransomware turns off servers amid claim they stole $22 million ransom | The ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million. | Ransom | |
| 6.3.24 | Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries | The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker . "TheGhostSec and Stormous | Ransom | |
| 4.3.24 | Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure | U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure | Ransom | |
| 3.3.24 | The Week in Ransomware - March 1st 2024 - Healthcare under siege | Ransomware attacks on healthcare over the last few months have been relentless, with numerous ransomware operations targeting hospitals and medical services, causing disruption to patient care and access to prescription drugs in the USA. | Ransom | |
| 3.3.24 | Rhysida ransomware wants $3.6 million for children’s stolen data | The Rhysida ransomware gang has claimed the cyberattack on Lurie Children's Hospital in Chicago at the start of the month. | Ransom | |
| 2.3.24 | Ransomware gang claims they stole 6TB of Change Healthcare data | The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform. | Ransom | |
| 2.3.24 | LockBit ransomware returns to attacks with new encryptors, servers | The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week's law enforcement disruption. | Ransom | |
| 2.3.24 | FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks | Today, the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks. | Ransom | |
| 2.3.24 | Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks | The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability. | Ransom | |
| 2.3.24 | Hessen Consumer Center says systems encrypted by ransomware | The Hessen Consumer Center in Germany has been hit with a ransomware attack, causing IT systems to shut down and temporarily disrupting its availability. | Ransom | |
| 29.2.24 | LockBit ransomware returns, restores servers after police disruption | The LockBit gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, and is threatening to focus more of their attacks on the government sector. | Ransom | |
| 28.2.24 | FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks | The U.S. government is warning about the resurgence of BlackCat (aka ALPHV) ransomware attacks targeting the healthcare sector as recently as | Ransom | The Hacker News |
| 27.2.24 | LockBit Ransomware Group Resurfaces After Law Enforcement Takedown | The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law | Ransom | The Hacker News |
| 25.2.24 | Authorities Claim LockBit Admin "LockBitSupp" Has Engaged with Law Enforcement | LockBitSupp, the individual(s) behind the persona representing the LockBit ransomware service on cybercrime forums such as Exploit and XSS, "has | Ransom | The Hacker News |
| 25.2.24 | Insomniac Games alerts employees hit by ransomware data breach | Sony subsidiary Insomniac Games is sending data breach notification letters to employees whose personal information was stolen and leaked online following a Rhysida ransomware attack in November. | Ransom | |
| 25.2.24 | LockBit ransomware gang has over $110 million in unspent bitcoin | The LockBit ransomware gang received more than $125 million in ransom payments over the past 18 months, according to the analysis of hundreds of cryptocurrency wallets associated with the operation. | Ransom | |
| 24.2.24 | New ScreenConnect RCE flaw exploited in ransomware attacks | Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks. | Ransom | |
| 24.2.24 | LockBit ransomware secretly building next-gen encryptor before takedown | LockBit ransomware developers were secretly building a new version of their file encrypting malware, dubbed LockBit-NG-Dev - likely a future LockBit 4.0, when law enforcement took down the cybercriminal's infrastructure earlier this week. | Ransom | |
| 24.2.24 | US offers $15 million bounty for info on LockBit ransomware gang | The U.S. State Department is now also offering rewards of up to $15 million to anyone who can provide information about LockBit ransomware gang members and their associates. | Ransom | |
| 23.2.24 | Knight ransomware source code for sale after leak site shuts down | The alleged source code for the third iteration of the Knight ransomware is being offered for sale to a single buyer on a hacker forum by a representative of the operation. | Ransom | |
| 23.2.24 | Ransomware Groups, Targeting Preferences, and the Access Economy | The cybercrime ecosystem has created a supply chain of stolen accounts and breached networks that are used to fuel ransomware attacks and data breaches. Learn more from Flare about how this supply chain has led to an explosion of cybercrime. | Ransom | |
| 23.2.24 | Critical infrastructure software maker confirms ransomware attack | PSI Software SE, a German software developer for complex production and logistics processes, has confirmed that the cyber incident it disclosed last week is a ransomware attack that impacted its internal infrastructure. | Ransom | |
| 23.2.24 | Police arrest LockBit ransomware members, release decryptor in global crackdown | Law enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized over 200 crypto-wallets after hacking the cybercrime gang's servers in an international crackdown operation. | Ransom | |
| 23.2.24 | LockBit ransomware disrupted by global police operation | Law enforcement agencies from 10 countries have disrupted the notorious LockBit ransomware operation in a joint operation known as ''Operation Cronos." | Ransom | |
| 23.2.24 | Cactus ransomware claim to steal 1.5TB of Schneider Electric data | The Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month. | Ransom | |
| 23.2.24 | ALPHV ransomware claims loanDepot, Prudential Financial breaches | The ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company Prudential Financial and mortgage lender loanDepot. | Ransom | |
| 23.2.24 | Alpha ransomware linked to NetWalker operation dismantled in 2021 | Security researchers analyzing the Alpha ransomware payload and modus operandi discovered overlaps with the now-defunct Netwalker ransomware operation. | Ransom | |
| 22.2.24 | U.S. Offers $15 Million Bounty to Hunt Down LockBit Ransomware Leaders | The U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leaders | Ransom | The Hacker News |
| 20.2.24 | LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released | The U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit's source code as well as intelligence pertaining to its | Ransom | The Hacker News |
| 20.2.24 | LockBit Ransomware's Darknet Domains Seized in Global Law Enforcement Raid | Update: The U.K. National Crime Agency (NCA) has confirmed the takedown of LockBit infrastructure. Read here for more details . An international law | Ransom | The Hacker News |
| 18.2.24 | US offers up to $15 million for tips on ALPHV ransomware gang | The U.S. State Department is offering rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders. | Ransom | |
| 18.2.24 | LockBit claims ransomware attack on Fulton County, Georgia | The LockBit ransomware gang claims to be behind the recent cyberattack on Fulton County, Georgia, and is threatening to publish "confidential" documents if a ransom is not paid. | Ransom | |
| 18.2.24 | Trans-Northern Pipelines investigating ALPHV ransomware attack claims | Trans-Northern Pipelines (TNPI) has confirmed its internal network was breached in November 2023 and that it's now investigating claims of data theft made by the ALPHV/BlackCat ransomware gang. | Ransom | |
| 17.2.24 | Free Rhysida ransomware decryptor for Windows exploits RNG flaw | South Korean researchers have publicly disclosed an encryption flaw in the Rhysida ransomware encryptor, allowing the creation of a Windows decryptor to recover files for free. | Ransom | |
| 17.2.24 | Ransomware attack forces 100 Romanian hospitals to go offline | 100 hospitals across Romania have taken their systems offline after a ransomware attack hit their healthcare management system. | Ransom | |
| 17.2.24 | CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive | Ransom | The Hacker News |
| 12.2.24 | Rhysida Ransomware Cracked, Free Decryption Tool Released | Rhysida Ransomware Cracked, Free Decryption Tool Released | Ransom | The Hacker News |
| 10.2.24 | Hyundai Motor Europe hit by Black Basta ransomware attack | Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data. | Ransom | |
| 9.2.24 | US offers $10 million for tips on Hive ransomware leadership | The U.S. State Department offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware gang. | Ransom | |
| 7.2.24 | Ransomware payments reached record $1.1 billion in 2023 | Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs. | Ransom | |
| 4.2.24 | The Week in Ransomware - February 2nd 2024 - No honor among thieves | Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks. | Ransom | |
3.2.24 | Johnson Controls says ransomware attack cost $27 million, data stolen | Johnson Controls International has confirmed that a September 2023 ransomware attack cost the company $27 million in expenses and led to a data breach after hackers stole corporate data. | Ransom | |
3.2.24 | Online ransomware decryptor helps recover partially encrypted files | CyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption. | Ransom | |
2.2.24 | Energy giant Schneider Electric hit by Cactus ransomware attack | Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter. | Ransom | |
2.2.24 | Ransomware payments drop to record low as victims refuse to pay | The number of ransomware victims paying ransom demands has dropped to a record low of 29% in the final quarter of 2023, according to ransomware negotiation firm Coveware. | Ransom | |
2.2.24 | The Week in Ransomware - January 26th 2024 - Govts strike back | Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. | Ransom | |
2.2.24 | Kansas City public transportation authority hit by ransomware | The Kansas City Area Transportation Authority (KCATA) announced it was targeted by a ransomware attack on Tuesday, January 23. | Ransom | |
31.1.24 | Water services giant Veolia North America hit by ransomware attack | Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems. | Ransom | |
31.1.24 | Kasseika ransomware uses antivirus driver to kill other antiviruses | A recently uncovered ransomware operation named 'Kasseika' has joined the club of threat actors that employs Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files. | Ransom | |
31.1.24 | US, UK, Australia sanction REvil hacker behind Medibank data breach | The Australian government has announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group. | Ransom | |
31.1.24 | Tietoevry ransomware attack causes outages for Swedish firms, cities | Finnish IT services and enterprise cloud hosting provider Tietoevry has suffered an Akira ransomware attack impacting cloud hosting customers in one of its data centers in Sweden. | Ransom | |
30.1.24 | Albabat, Kasseika, Kuiper: New Ransomware Gangs Rise with Rust and Golang | Cybersecurity researchers have detected in the wild yet another variant of the Phobos ransomware family known as Faust . Fortinet FortiGuard Labs, which | Ransom | The Hacker News |
24.1.24 | Kasseika Ransomware Using BYOVD Trick to Disarm Security Pre-Encryption | The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver ( BYOVD ) attack to disarm security- | Ransom | The Hacker News |
24.1.24 | U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank Breach | Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware | Ransom | The Hacker News |
21.1.24 | Researchers link 3AM ransomware to Conti, Royal cybercrime gangs | Security researchers analyzing the activity of the recently emerged 3AM ransomware operation uncovered close connections with infamous groups, such as the Conti syndicate and the Royal ransomware gang. | Ransom | |
21.1.24 | Vans, North Face owner says ransomware breach affects 35 million people | VF Corporation, the company behind brands like Vans, Timberland, The North Face, Dickies, and Supreme, said that more than 35 million customers had their personal information stolen in a December ransomware attack. | Ransom | |
21.1.24 | TeamViewer abused to breach networks in new ransomware attacks | Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder. | Ransom | |
20.1.24 | Credentials are Still King: Leaked Credentials, Data Breaches and Dark Web Markets | Learn how threat actors utilize credentials to break into privileged IT infrastructure to create data breaches and distribute ransomware. | Ransom | |
19.1.24 | Majorca city Calvià extorted for $11M in ransomware attack | The Calvià City Council in Majorca announced it was targeted by a ransomware attack on Saturday, which impacted municipal services. | Ransom | |
13.1.24 | The Week in Ransomware - January 12th 2024 - Targeting homeowners' data | Mortgage lenders and related companies are becoming popular targets of ransomware gangs, with four companies in this sector recently attacked. | Ransom | |
12.1.24 | Finland warns of Akira ransomware wiping NAS and tape backup devices | The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups. | Ransom | |
12.1.24 | Medusa Ransomware on the Rise: From Data Leaks to Physical Threats | The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web | Ransom | The Hacker News |
11.1.24 | Ransomware victims targeted by fake hack-back offers | Some organizations victimized by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data. | Ransom | BleepingComputer |
11.1.24 | Hackers target Microsoft SQL servers in Mimic ransomware attacks | A group of financially motivated Turkish hackers targets Microsoft SQL (MSSQL) servers worldwide to encrypt the victims' files with Mimic (N3ww4v3) ransomware. | Ransom | |
11.1.24 | Decryptor for Babuk ransomware variant released after hacker arrested | Researchers from Cisco Talos working with the Dutch police obtained a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that led to the arrest of the ransomware's operator. | Ransom | |
11.1.24 | Paraguay warns of Black Hunt ransomware attacks after Tigo Business breach | The Paraguay military is warning of Black Hunt ransomware attacks after Tigo Business suffered a cyberattack last week impacting cloud and hosting services in the company's business division. | Ransom | |
10.1.24 | Free Decryptor Released for Black Basta and Babuk's Tortilla Ransomware Victims | A decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regain | Ransom | The Hacker News |
9.1.24 | Toronto Zoo: Ransomware attack had no impact on animal wellbeing | Toronto Zoo, the largest zoo in Canada, says that a ransomware attack that hit its systems on early Friday had no impact on the animals, its website, or its day-to-day operations. | Ransom | |
9.1.24 | US mortgage lender loanDepot confirms ransomware attack | Leading U.S. mortgage lender loanDepot confirmed today that a cyber incident disclosed over the weekend was a ransomware attack that led to data encryption. | Ransom | |
9.1.24 | Capital Health attack claimed by LockBit ransomware, risk of data leak | The Lockbit ransomware operation has claimed responsibility for a November 2023 cyberattack on the Capital Health hospital network and threatens to leak stolen data and negotiation chats by tomorrow. | Ransom | |
6.1.24 | The Week in Ransomware - January 5th 2024 - Secret decryptors | With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information. | Ransom | |
6.1.24 | Zeppelin ransomware source code sold for $500 on hacking forum | A threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500. | Ransom | |
4.1.24 | Online museum collections down after cyberattack on service provider | Museum software solutions provider Gallery Systems has disclosed that its ongoing IT outages were caused by a ransomware attack last week. | Ransom | |
4.1.24 | Xerox says subsidiary XBS U.S. breached after ransomware gang leaks data | The U.S. division of Xerox Business Solutions (XBS) has been compromised by hackers, and a limited amount of personal information might have been exposed, according to an announcement by the parent company, Xerox Corporation. | Ransom | |
4.1.24 | Victoria court recordings exposed in reported ransomware attack | Australia's Court Services Victoria (CSV) is warning that video recordings of court hearings were exposed after suffering a reported Qilin ransomware attack. | Ransom |