RANSOMWARE HOME ALERTS GROUP RANSOM BLOG | 2025(79) 2024(49)
DATE |
NAME |
CATEGORY |
SUBCATE |
TYPE | INFO |
| 22.4.25 | Ransomware group Interlock enhances tactics with ClickFix and Infostealers | RANSOM | ALERT | Reports indicate that the ransomware group Interlock has advanced its attack methods by incorporating ClickFix social engineering techniques alongside infostealers. | |
| 22.4.25 | Gunra Ransomware | RANSOM | ALERT | Another ransomware actor operating under the name Gunra has recently surfaced, allegedly claiming several victims in the healthcare, electronics, and beverage manufacturing sectors, as listed on their onion website. In recent activity, the ransomware they deploy appends a .encrt extension to encrypted files and drops a ransom note named r3adm3.txt in multiple directories. | |
| 21.4.25 | Interlock ransomware | RANSOM | RANSOM | ARTICLES | Interlock is a ransomware intrusion set first observed in September 2024 that conducts Big Game Hunting and double extortion campaigns. |
| 19.4.25 | Hacktivists Target Critical Infrastructure, Move Into Ransomware | RANSOM | Ransom blog | BLOG | Hacktivists are increasingly adopting more sophisticated - and destructive - attack types. |
| 19.4.25 | DOGE "Big Balls" Ransomware and the False Connection to Edward Coristine | RANSOM | Ransom blog | BLOG | Cyble investigates the DOGE BIG BALLS Ransomware, analyzing its operation and the false ties made to... |
| 19.4.25 | CrazyHunter Campaign Targets Taiwanese Critical Sectors | RANSOM | Ransom blog | BLOG | This blog entry details research on emerging ransomware group CrazyHunter, which has launched a sophisticated campaign aimed at Taiwan's essential services. |
| 19.4.25 | Nova RaaS: The Ransomware That ‘Spares’ Schools and Nonprofits—For Now | RANSOM | Ransom blog | BLOG | A new ransomware group calling themselves Nova RaaS, or ransomware-as-a-service, has been active for the past month distributing RaLord ransomware. On their blog, they claim to have no affiliations with other cybercriminal groups—and, in a surprising twist, say they’ve pledged not to target schools or nonprofit organizations. |
| 19.4.25 | Year in Review: The biggest trends in ransomware | RANSOM | Ransom blog | BLOG | This week, our Year in Review spotlight is on ransomware—where low-profile tactics led to high-impact consequences. Download our 2 page ransomware summary, or watch our 55 second video. |
| 18.4.25 | DragonForce Ransomware's Campaign Intensifies in 2025 | RANSOM | ALERTS | ALERT | In 2024, DragonForce ransomware actors were highly active, claiming around 93 victims on their leak website, with likely more that were not disclosed. We're still in early 2025, and the group has already "allegedly" claimed over 40 organizations as potential victims across multiple countries and sectors. |
| 18.4.25 | DOGE BIG BALLS Ransomware | RANSOM | ALERTS | ALERT | A new ransomware campaign has been reported exploiting the name of a prominent figure within the Department of Government Efficiency (DOGE) to trick victims. The attack delivers a modified variant of Fog ransomware dubbed "DOGE BIG BALLS Ransomware." |
| 15.4.25 | PelDox Ransomware | RANSOM | ALERT | Unlike typical ransomware, PelDox does not inform victims about the encryption of their files or demand payment for decryption. After encrypting the files and appending the ".lczx" extension, the ransomware displays a full-screen message. | |
| 13.4.25 | Ransomware attack cost IKEA operator in Eastern Europe $23 million | RANSOM | RANSOM | ARTICLES | Fourlis Group, the operator of IKEA stores in Greece, Cyprus, Romania, and Bulgaria, has informed that the ransomware attack it suffered just before Black Friday on November 27, 2024, caused losses estimated to €20 million ($22.8M). |
| 13.4.25 | Sensata Technologies hit by ransomware attack impacting operations | RANSOM | RANSOM | ARTICLES | Sensata Technologies (known as Sensata) has suffered a ransomware attack last weekend that encrypted parts of the company network and disrupted operations. |
| 12.4.25 | NanoCrypt Ransomware | RANSOM | ALERT | NanoCrypt is another "run-of-the-mill" ransomware variant discovered in the wild. The malware encrypts user data and appends .ncrypt to the name of locked files. The ransom note dropped in the form of a text file called README.txt indicates that this malware has been created "for fun" and not intended for any harmful activity. | |
| 12.4.25 | Chaos Ransomware Variant Targets IT Staff via Fake Security Tool | RANSOM | ALERT | Chaos ransomware variants continue to emerge, mostly used by actors targeting individual machines through drive-by-download social engineering. These attacks typically demand a smaller ransom compared to double-extortion ransomware actors who target larger organizations through more complex attack chains. | |
| 12.4.25 | Ransomware Attack Levels Remain High as Major Change Looms | RANSOM | Ransom blog | BLOG | March saw a potential leadership shift in ransomware attacks, sustained high attack volumes, and the rise of new threat groups. |
| 12.4.25 | TRACKING RANSOMWARE – MARCH 2025 | RANSOM | Ransom blog | BLOG | In March 2025, ransomware attacks targeted critical industries such as Manufacturing, IT, and Healthcare. Notable groups like Black Basta and Moonstone Sleet evolved new strategies, such as automating brute-force VPN attacks and deploying ransomware-as-a-service models. |
| 10.4.25 | Everest ransomware's dark web leak site defaced, now offline | Ransom | RANSOM | ARTICLES | The dark web leak site of the Everest ransomware gang has apparently been hacked over the weekend by an unknown attacker and is now offline. |
| 6.4.25 | Port of Seattle says ransomware breach impacts 90,000 people | Ransom | RANSOM | ARTICLES | Port of Seattle, the U.S. government agency overseeing Seattle's seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an August 2024 ransomware attack. |
| 6.4.25 | Hunters International shifts from ransomware to pure data extortion | Ransom | RANSOM | ARTICLES | The Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to data theft and extortion-only attacks. |
| 6.4.25 | Texas State Bar warns of data breach after INC ransomware claims attack | Ransom | RANSOM | ARTICLES | The State Bar of Texas is warning it suffered a data breach after the INC ransomware gang claimed to have breached the organization and began leaking samples of stolen data. |
| 5.4.25 | Ransomware Attack Levels Remain High as Major Change Looms | RANSOM | Ransom blog | BLOG | March saw a potential leadership shift in ransomware attacks, sustained high attack volumes, and the rise of new threat groups. |
| 5.4.25 | Hexamethy Ransomware Displays Scary Lock Screen During File Encryption | RANSOM | Ransom blog | BLOG | The Sonicwall Capture Labs threat research team has recently observed new ransomware named HEXAMETHYLCYCLOTRISILOXANE, or Hexamethy in short. This malware produces a scary cinematic display during the encryption process and flashes text stating, “No more files for you,” and “Your files are in hostage by the HEXAMETHYLCYCLOTRISILOXANE Ransomware." |
| 4.4.25 | Lockbit 4.0 ransomware | RANSOM | ALERT | Lockbit 4.0 is the most recent iteration of the infamous ransomware attributed to the threat actor called Syrphid. The ransomware is operated based on a Ransomware-as-a-Service (RaaS) model with various affiliates carrying out the attacks and often employing different tactics, techniques, and procedures (TTPs). | |
| 4.4.25 | CrazyHunter - a new Prince ransomware variant | RANSOM | ALERT | CrazyHunter is a new Go-based ransomware variant based on the open-source Prince encryptor malware family. The malware encrypts user data and drops ransom note in form of a text file called "Decryption Instructions.txt". This note is written in identical format as the one observed from older Prince ransomware variant deployments. | |
|
30.3.25 |
Retail giant Sam’s Club investigates Clop ransomware breach claims | Ransom | RANSOM | ARTICLES | Sam's Club, an American warehouse supermarket chain owned by U.S. retail giant Walmart, is investigating claims of a Clop ransomware breach. |
|
30.3.25 |
UK fines software provider £3.07 million for 2022 ransomware breach | Ransom | RANSOM | ARTICLES | The UK Information Commissioner's Office (ICO) has fined Advanced Computer Software Group Ltd £3.07 million over a 2022 ransomware attack that exposed the sensitive personal data of 79,404 people, including National Health Service (NHS) patients. |
|
29.3.25 |
VanHelsing, new RaaS in Town | RANSOM | Ransom blog | BLOG | In recent weeks, a new and rapidly expanding ransomware-as-a-service (RaaS) program called VanHelsingRaaS has been making waves in the cybercrime world. Launched on March 7, 2025, this service has already demonstrated its rapid growth and deadly potential, having infected three victims within just two weeks of its introduction |
|
29.3.25 |
RansomHub affiliates linked to rival RaaS gangs | RANSOM | Ransom blog | BLOG | ESET researchers also examine the growing threat posed by tools that ransomware affiliates deploy in an attempt to disrupt EDR security solutions |
|
29.3.25 |
Shifting the sands of RansomHub’s EDRKillShifter | RANSOM | Ransom blog | BLOG | |
|
29.3.25 |
The Curious Case of PlayBoy Locker | RANSOM | Ransom blog | BLOG | Cybereason issues Threat Analysis reports to investigate emerging threats and provide practical recommendations for protecting against them. |
|
29.3.25 |
BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability | Ransom | RANSOM | ARTICLES | In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called |
|
29.3.25 |
RedCurl cyberspies create ransomware to encrypt Hyper-V servers | Ransom | RANSOM | ARTICLES | A threat actor named 'RedCurl,' known for stealthy corporate espionage operations since 2018, is now using a ransomware encryptor designed to target Hyper-V virtual machines. |
|
28.3.25 |
New VanHelsing ransomware targets Windows, ARM, ESXi systems | Ransom | RANSOM | ARTICLES | A new multi-platform ransomware-as-a-service (RaaS) operation named VanHelsing has emerged, targeting Windows, Linux, BSD, ARM, and ESXi systems. |
|
28.3.25 |
Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks | Ransom | RANSOM | ARTICLES | A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa , BianLian , and Play . The connection |
|
28.3.25 |
RALord Ransomware | RANSOM | ALERT | RALord is a new Rust-based ransomware variant identified in the wild. The malware encrypts user data and appends ".RALord" extension to the names of the locked files. | |
|
27.3.25 |
PlayBoy Locker Ransomware | RANSOM | ALERT | PlayBoy Locker is a ransomware variant discovered last September and initially distributed in form of a Ransomware-as-a-Service (RaaS) offering. The ransomware platform offered multi-OS support including Windows, NAS and ESXi operating systems. | |
|
26.3.25 |
Dragon RaaS Group: Ransomware targeting the US and European countries | RANSOM | ALERTS | ALERT | Dragon RaaS, a ransomware group that emerged in July 2024, primarily targets organizations in the US, Israel, UK, France and Germany. The group leverages web application vulnerabilities, brute-force attacks and stolen credentials as its main attack vectors using two ransomware variants: a Windows-focused encryptor, likely a modified version of StormCry and a PHP webshell which provides both backdoor functionality and persistent ransomware capabilities. |
|
25.3.25 |
SANS Institute Warns of Novel Cloud-Native Ransomware Attacks | Ransom | RANSOM | ARTICLES | The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to |
|
24.3.25 |
VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics | Ransom | RANSOM | ARTICLES | A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025. "The RaaS model allows |
|
24.3.25 |
VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware | Ransom | RANSOM | ARTICLES | Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that's |
|
23.3.25 |
VSCode extensions found downloading early-stage ransomware | Ransom | RANSOM | ARTICLES | Two malicious VSCode Marketplace extensions were found deploying in-development ransomware from a remote server, exposing critical gaps in Microsoft's review process. |
|
23.3.25 |
RansomHub ransomware uses new Betruger ‘multi-function’ backdoor | Ransom | RANSOM | ARTICLES | Security researchers have linked a new backdoor dubbed Betruger, deployed in several recent ransomware attacks, to an affiliate of the RansomHub operation. |
|
22.3.25 |
Albabat Ransomware Group Potentially Expands Targets to Multiple OS, Uses GitHub to Streamline Operations | RANSOM | Ransom blog | BLOG | Trend Research encounters new versions of the Albabat ransomware, which appears to target Windows, Linux, and macOS devices. We also reveal the group’s use of GitHub to streamline their ransomware operation. |
|
22.3.25 |
WormLocker Ransomware Resurfaces: Infection Cycle, Encryption Tactics, and Prevention | RANSOM | Ransom blog | BLOG | WormLocker was first spotted in late 2020. Since its discovery, it has been observed spreading through phishing emails and exploiting vulnerabilities. The SonicWall Capture Labs threat research team has received what appears to be a more recent sample of this ransomware. Given the dynamic nature of ransomware threats, this might signify its potential resurgence. |
|
22.3.25 |
Analysis of Black Basta Ransomware Chat Leaks | RANSOM | Ransom blog | BLOG | Trellix obtained access to Black Basta's chat leaks at the end of February 2025 and immediately began analyzing the chat logs. Given that Black Basta is a rebrand of Conti RaaS, our approach mirrored that which we took in Conti Leaks: Examining the Panama Papers of Ransomware. |
|
22.3.25 |
New variants of the Albabat ransomware implement multi-OS capabilities | RANSOM | ALERTS | ALERT | A new strain of the Albabat ransomware has been reported to offer multi-OS support, according to latest report from Trend Micro. New Albabat variant is still under active development and it adds Linux and macOS to the list of the targeted platforms. |
|
22.3.25 |
VanHelsing Ransomware | RANSOM | ALERT | VanHelsing is a new ransomware variant recently identified in the wild. The malware encrypts user data and appends .vanhelsing or .vanlocker extension to the locked files. VanHelsing drops the ransom note in form of a text file called “README.txt” and it is also able to modify the desktop wallpaper. | |
|
21.3.25 |
Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates | Ransom | RANSOM | ARTICLES | The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a |
|
20.3.25 |
Leaked Black Basta Chats Suggest Russian Officials Aided Leader's Escape from Armenia | Ransom | RANSOM | ARTICLES | The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime |
|
20.3.25 |
NailaoLocker Ransomware | RANSOM | ALERT | NailaoLocker is a ransomware variant distributed last year in campaigns targeting various European healthcare organizations. The attackers responsible for the attacks have been leveraging previously disclosed Check Point Security Gateway vulnerability CVE-2024-24919 in the initial attack stages. | |
|
19.3.25 |
Protection Highlight: Thwarting Ransomware with Carbon Black Endpoint Standard | RANSOM | ALERTS | ALERT | Today's ransomware is innovating at a rapid pace. Going beyond simple file encryption, ransomware increasingly leverages unknown variants and fileless techniques. |
|
16.3.25 |
New Akira ransomware decryptor cracks encryptions keys using GPUs | Ransom | RANSOM | ARTICLES | Security researcher Yohanes Nugroho has released a decryptor for the Linux variant of Akira ransomware, which utilizes GPU power to retrieve the decryption key and unlock files for free. |
|
16.3.25 |
Ransomware gang creates tool to automate VPN brute-force attacks | Ransom | RANSOM | ARTICLES | The Black Basta ransomware operation created an automated brute-forcing framework dubbed 'BRUTED' to breach edge networking devices like firewalls and VPNs. |
|
16.3.25 |
Suspected LockBit ransomware dev extradited to United States | Ransom | RANSOM | ARTICLES | A dual Russian-Israeli national, suspected of being a key developer for the LockBit ransomware operation, has been extradited to the United States to face charges. |
|
16.3.25 |
New SuperBlack ransomware exploits Fortinet auth bypass flaws | Ransom | RANSOM | ARTICLES | A new ransomware operator named 'Mora_001' is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack. |
|
16.3.25 |
CISA: Medusa ransomware hit over 300 critical infrastructure orgs | Ransom | RANSOM | ARTICLES | CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month. |
|
15.3.25 |
SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware |
RANSOM | BLOG |
Trend Research analyzed SocGholish’s MaaS framework and its role in deploying RansomHub ransomware through compromised websites, using highly obfuscated JavaScript loaders to evade detection and execute various malicious tasks. |
|
| 14.3.25 | Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom | Ransom | RANSOM | ARTICLES | Cyber threats evolve daily. In this live webinar, learn exactly how ransomware attacks unfold—from the initial breach to the moment hackers demand payment. |
| 14.3.25 | SuperBlack - a new Lockbit ransomware variant | RANSOM | ALERT | SuperBlack is a new ransomware variant based on the leaked Lockbit builder. According to recent reports, a newly observed distribution of this malware has been attributed to the threat actor dubbed as Mora_001 (a possible Lockbit affiliate). | |
| 14.3.25 | LithiumWare Ransomware | RANSOM | ALERT | LithiumWare is a new ransomware strain observed in the wild. The malware encrypts user data and appends random four-character extensions to the locked files. | |
| 14.3.25 | Hellcat: Ransomware-as-a-Service group | RANSOM | ALERT | Since its identification in late 2024, the Hellcat Ransomware Group has emerged as a prominent Ransomware-as-a-Service (RaaS) threat claiming attacks on critical national infrastructure and government organizations. | |
| 13.3.25 | Malicious operations attributed to the EncryptHub threat actor | RANSOM | ALERT | EncryptHub is a new threat actor engaging in malicious operations distributing ransomware and infostealers (StealC, Rhadamanthys) to the unsuspecting victims. | |
| 10.3.25 | Boramae Ransomware | RANSOM | ALERT | Boramae is a new ransomware discovered just recently in the threat landscape and a suspected variant of the Beast aka BlackLockbit malware family. The malware encrypts user files and appends ".boramae" to them. | |
| 10.3.25 | Ebyte Ransomware | RANSOM | ALERT | Desert Dexter is a recently reported malicious operation targeting users based in Middle East and North Africa. The responsible threat actors are distributing malicious binaries hosted on legitimate file-sharing portals or via seemingly harmless Telegram channels. | |
| 9.3.25 | Microsoft: North Korean hackers join Qilin ransomware gang | Ransom | RANSOM | ARTICLES | Microsoft says a North Korean hacking group tracked as Moonstone Sleet has deployed Qilin ransomware payloads in a limited number of attacks. |
| 9.3.25 | Ransomware gang encrypted network from a webcam to bypass EDR | Ransom | RANSOM | ARTICLES | The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows. |
| 9.3.25 | US seizes domain of Garantex crypto exchange used by ransomware gangs | Ransom | RANSOM | ARTICLES | The U.S. Secret Service has seized the domain of the sanctioned Russian cryptocurrency exchange Garantex in collaboration with the Department of Justice's Criminal Division, the FBI, and Europol. |
| 8.3.25 | Toronto Zoo shares update on last year's ransomware attack | Ransom | RANSOM | ARTICLES | The Toronto Zoo, the largest zoo in Canada, has provided more information about the data stolen during a ransomware attack in January 2024. |
| 8.3.25 | Fake BianLian ransom notes mailed to US CEOs in postal mail scam | Ransom | RANSOM | ARTICLES | Scammers are impersonating the BianLian ransomware gang in fake ransom notes sent to US companies via snail mail through the United States Postal Service. |
| 8.3.25 | Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware | Ransom | RANSOM | ARTICLES | New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks. |
| 8.3.25 | Hunters International ransomware claims attack on Tata Technologies | Ransom | RANSOM | ARTICLES | The Hunters International ransomware gang has claimed responsibility for a January cyberattack attack on Tata Technologies, stating they stole 1.4TB of data from the company. |
| 8.3.25 | Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks | Ransom | RANSOM | ARTICLES | Microsoft had discovered five Paragon Partition Manager BioNTdrv.sys driver flaws, with one used by ransomware gangs in zero-day attacks to gain SYSTEM privileges in Windows. |
| 7.3.25 | Medusa ransomware activity on the rise | RANSOM | ALERT | Medusa ransomware attacks jumped by 42% between 2023 and 2024. This increase in activity continues to escalate, with almost twice as many Medusa attacks observed in January and February 2025 as in the first two months of 2024. | |
| 7.3.25 | EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing | Ransom | RANSOM | ARTICLES | The financially motivated threat actor known as EncryptHub has been observed orchestrating sophisticated phishing campaigns to deploy information stealers |
| 7.3.25 | Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom | Ransom | RANSOM | ARTICLES | The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks |
| 5.3.25 | Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates | Ransom | RANSOM | ARTICLES | Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect (BC) module for maintaining |
| 5.3.25 | Danger & Loches - recent Globeimposter ransomware variants seen in the wild | RANSOM | ALERT | Dange and Loches are the two most recently identified variants of the Globeimposter ransomware family. The malware will encrypt user data and append .danger or .loches extension to the locked files respectively. | |
| 1.3.25 | Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks | Ransom | RANSOM | ARTICLES | Microsoft had discovered five Paragon Partition Manager BioNTdrv.sys driver flaws, with one used by ransomware gangs in zero-day attacks to gain SYSTEM privileges in Windows. |
| 1.3.25 | Qilin ransomware claims attack at Lee Enterprises, leaks stolen data | Ransom | RANSOM | ARTICLES | The Qilin ransomware gang has claimed responsibility for the attack at Lee Enterprises that disrupted operations on February 3, leaking samples of data they claim was stolen from the company. |
| 1.3.25 | Southern Water says Black Basta ransomware attack cost £4.5M in expenses | Ransom | RANSOM | ARTICLES | United Kingdom water supplier Southern Water has disclosed that it incurred costs of £4.5 million ($5.7M) due to a cyberattack it suffered in February 2024. |
| 1.3.25 | This month in security with Tony Anscombe – February 2025 edition | RANSOM | Ransom blog | BLOG | Ransomware payments trending down, the cyber-resilience gap facing SMBs, and APT groups embracing generative AI – it's a wrap on another month filled with impactful security news |
| 1.3.25 | LCRYX Ransomware | RANSOM | ALERTS | ALERT | LCRYX is a VBScript-based ransomware discovered in the wild last year. The malware encrypts user data, appends ‘.lcryx’ to the locked files and demands ransom payment in the Bitcoin cryptocurrency. |
| 26.2.25 | Leaked Black Basta Ransomware Chat Logs Reveal Inner Workings and Internal Conflicts | Ransom | RANSOM | ARTICLES | More than a year's worth of internal chat logs from a ransomware gang known as Black Basta have been published online in a leak that provides unprecedented |
| 22.2.25 | China-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware | Ransom | RANSOM | ARTICLES | A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, |
|
22.2.25 | RANSOM | BLOG |
In this Threat Analysis report, Cybereason investigates the the Phorpiex botnet that delivers LockBit Black Ransomware (aka LockBit 3.0). |
||
|
22.2.25 |
State-aligned actors are increasingly deploying ransomware – and that’s bad news for everyone |
RANSOM | BLOG | ||
|
16.1.25 | Inside a 90-Minute Attack: Breaking Ground with All-New AI Defeating Black Basta Tactics | Ransom | RANSOM | ARTICLES | Have you ever had your lunch interrupted by a sudden barrage of security alerts? That’s exactly what happened to one of our clients when a frantic call from their Security Operations Center revealed a flood of suspicious emails. The culprit? A brand-new cyberattack mimicking the notorious Black Basta group’s latest technique—and it hit with lightning speed. |
|
11.1.25 | FunkSec – Alleged Top Ransomware Group Powered by AI | RANSOM | Ransom blog | BLOG | The FunkSec ransomware group emerged in late 2024 and published over 85 victims in December, surpassing every other ransomware group that month. |
|
3.1.25 | French govt contractor Atos denies Space Bears ransomware attack claims | Ransom | RANSOM | ARTICLES | French tech giant Atos, which secures communications for the country's military and secret services, has denied claims made by the Space Bears ransomware gang that they compromised one of its databases. |
|
3.1.25 | Ransomware gang leaks data stolen in Rhode Island's RIBridges Breach | Ransom | RANSOM | ARTICLES | The Brain Cipher ransomware gang has begun to leak documents stolen in an attack on Rhode Island's "RIBridges" social services platform. |