Ransomware Blog- 2026 2025 2024 2023 2022 2021 2020 2019 2018
AI blog APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog
DATE | NAME | Info | CATEG. | WEB |
| 30.5.26 | The Gentlemen ransomware: Dissecting a self-propagating Go encryptor | Microsoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by affiliates of Storm-2697 that combines per-file ephemeral key encryption with an aggressive self-propagation module to deploy itself across an entire network using series of simultaneous lateral movement techniques per target. | Ransom blog | Microsoft blog |
| 23.5.26 | WantToCry ransomware remotely encrypts files | Brute-force attempts against SMB services can be early signs of an attack | Ransom blog | SOPHOS |
| 23.5.26 | Why Australian Dark Web Data Is Now Being Sold in Bundles — and What It Means for Organizational Exposure in 2026 | Australian dark web data is fueling bundled breach sales, with ransomware groups expanding cyber risks across industries in 2025. | Ransom blog | Cyble |
| 16.5.26 | The Ransomware Chimera That Does Everything | Malware typically falls into well-defined categories. Ransomware encrypts files and demands payment. Banking trojans steal credentials. Botnets await remote commands. However, some samples defy these conventional classifications by incorporating multiple threat vectors into a single executable. | Ransom blog | SonicWall |
| 16.5.26 | The State of Ransomware – Q1 2026 | Consolidation after peak fragmentation: The top 10 ransomware groups accounted for 71% of all Q1 2026 victims, a sharp reversal from the fragmentation seen in Q3 2025. The ransomware ecosystem is once again consolidating around fewer, more dominant operators. | Ransom blog | CHECKPOINT |
| 16.5.26 | Thus Spoke…The Gentlemen | On May 4th, 2026, The Gentlemen RaaS administrator acknowledged on underground forums that an internal backend database (Rocket) had been leaked. This leak exposed 9 accounts, including zeta88 (aka hastalamuerte), who runs the infrastructure, builds the locker and RaaS panel, manages payouts, and effectively acts as the administrator of the program. | Ransom blog | CHECKPOINT |
| 16.5.26 | State-sponsored actors, better known as the friends you don’t want | Responding to a state-sponsored threat is nothing like responding to ransomware, and the differences can make or break the outcome. Learn why your IR plan might need revisiting, and the factors you should consider. | Ransom blog | CISCO TALOS |
| 2.5.26 | ANZ Organizations Are in the Ransomware Crosshairs— What the Dark Web Is Telling Us | Ransomware in ANZ is evolving into a scalable cybercrime model, with dark web intelligence revealing targeted attacks, data theft, and rising risks. | Ransom blog | Cyble |
| 2.5.26 | VECT: Ransomware by design, Wiper by accident | Check Point Research discovers that the VECT 2.0 ransomware permanently destroys “large files” rather than encrypting them. A critical flaw in the encryption implementation, identical across all three platform variants (Windows, Linux, ESXi), discards three of four decryption nonces for every file above 131,072 bytes (128 KB). | Ransom blog | CHECKPOINT |
| 25.4.26 | DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy | The Gentlemen ransomware‑as‑a‑service (RaaS) program is rapidly gaining popularity, attracting numerous affiliates and publicly claiming over 320 victims, with the majority of attacks (240) occurring in the first months of 2026. | Ransom blog | CHECKPOINT |
| 25.4.26 | What the ransom note won’t say | An attack is what you see, but a business operation is what you’re up against | Ransom blog | Eset |
| 18.4.26 | QEMU abused to evade detection and enable ransomware delivery | The use of hidden virtual machines (VMs) enables long-term access, credential harvesting, data exfiltration, and PayoutsKing ransomware deployment | Ransom blog | SOPHOS |
| 18.4.26 | Black Hat Asia 2026 Is Coming to Singapore — Here’s What the Threat Landscape Looks Like Ahead of It | Black Hat Asia 2026 explores ransomware growth, AI-driven cyber threats, and supply chain risks reshaping global cybersecurity and digital resilience. | Ransom blog | Cyble |
| 11.4.26 | Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations | The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerabilities to obtain initial access, exfiltrate data, and deploy Medusa ransomware. | Ransom blog | Microsoft blog |
| 4.4.26 | An overview of ransomware threats in Japan in 2025 and early detection insights from Qilin cases | There were 134 ransomware incidents reported in Japan in 2025, representing a 17.5% year-over-year increase from 2024. | Ransom blog | CISCO TALOS |
| 4.4.26 | Ransomware in 2025: Blending in is the strategy | A summary of the top ransomware trends from the Talos 2025 Year in Review, with a focus on identity, attacker tactics, and practical defenses. | Ransom blog | CISCO TALOS |
| 28.3.26 | The Energy Sector’s Ransomware Nightmare: Why Critical Infrastructure Can’t Catch a Break | Energy sector ransomware nightmare continued in 2025 but here’s lessons to learn for critical infrastructure protection in 2026. | Ransom blog | Cyble |
| 21.3.26 | Since 2018, when many financially motivated threat actors began shifting their monetization strategy to post-compromise ransomware deployments, ransomware has become one of the most pervasive threats to organizations across almost every industry vertical and region. | Ransom blog | GTI | |
| 21.3.26 | Everyday tools, extraordinary crimes: the ransomware exfiltration playbook | Attackers use trusted tools for data theft, making traditional detection unreliable. The Exfiltration Framework enables defenders to spot exfiltration by focusing on behavioral signals across endpoints, networks, and cloud environments rather than static tool indicators. | Ransom blog | CISCO TALOS |
| 14.2.26 | Naming and shaming: How ransomware groups tighten the screws on victims | When corporate data is exposed on a dedicated leak site, the consequences linger long after the attack fades from the news cycle | Ransom blog | Eset |
| 7.2.2026 | Ransomware Attacks Have Surged 30% Since Q4 2025 | Ransomware groups have averaged nearly 700 victims a month in the last four months, and many attacks have posed supply chain risks. | Ransom blog | Cyble |
| 7.2.2026 | Black Basta: Defense Evasion Capability Embedded in Ransomware Payload | A recent Black Basta attack campaign was notable because the ransomware contained a bring-your-own-vulnerable-driver (BYOVD) defense evasion component embedded within the ransomware payload itself. | Ransom blog | SECURITY.COM |
| 1.2.26 | Eeny, meeny, miny, moe? How ransomware operators choose victims | Most ransomware attacks are opportunistic, not targeted at a specific sector or region | Ransom blog | SOPHOS |
| 24.1.26 | Osiris: New Ransomware, Experienced Attackers? | Poortry driver and modified Rustdesk tool used in recent attack campaign, which bears similarities to previous Inc ransomware attacks. | Ransom blog | SECURITY.COM |
| 24.1.26 | Ransomware: Tactical Evolution Fuels Extortion Epidemic | New whitepaper reveals record number of attacks as threat landscape evolves with new players and new tactics. | Ransom blog | SECURITY.COM |
| 17.1.26 | In December 2025, organizations experienced an average of 2,027 cyber attacks per organization per week. ... | Ransom blog | CHECKPOINT | |
| 17.1.26 | Sicarii Ransomware: Truth vs Myth | Sicarii is a newly observed RaaS operation that surfaced in late 2025 and has only published 1 claimed victim. | Ransom blog | |
| 10.1.26 | 5 ways your firewall can keep ransomware out — and lock it down if it gets in | Ransomware continues to cripple organizations worldwide, draining budgets and halting operations. For IT teams already stretched thin, a single attack can mean days of downtime and irreversible data loss. | Ransom blog | SOPHOS |
| 10.1.26 | TRACKING RANSOMWARE : DEC 2025 | EXECUTIVE SUMMARY Ransomware activity in December 2025 highlights an evolution toward cartel-style, collaborative ecosystems, where initial access, persistence, encryption, and | Ransom blog |