Tag: ransom
-
Ransomware-Attacke auf Gesundheitsdienstleister
Die Ransomware-Gruppe Medusa will den britischen Gesundheitsdienstleister HCRG Care Group um mehr als 2.000 Daten erleichtert haben.Die Ransomware-Bande Medusa behauptet in einem Darknet-Post, mehr als 2.000 sensible Datensätze der HCRG Care Group erbeutet zu haben. Das Unternehmen zählt zu den größten unabhängigen Anbietern von Gesundheits- und Pflegedienstleistungen im Vereinigten Königreich und arbeitet eng mit dem…
-
Ransomware Gangs Encrypt Systems 17 Hours After Initial Infection
Ransomware gangs are accelerating their operations, with the average time-to-ransom (TTR), the period between initial system compromise and the deployment of encryption, now standing at just 17 hours, according to recent cybersecurity analyses. This marks a significant shift from earlier tactics, where attackers often lurked in networks for days or weeks to maximize reconnaissance and…
-
Ransomware gangs extort victims 17 hours after intrusion on average
Tags: access, business, credentials, data, encryption, espionage, exploit, extortion, government, group, healthcare, Intruder, malicious, malware, metric, monitoring, network, ransom, ransomware, service, tactics, technology, theft, threat, tool, vulnerability, zero-dayThe initial point of access for the attackers and the privileges it provided themHow easy it is to reach other network segments and systems from the initially compromised assetWhether access into the environment was resold to a ransomware operator by an initial access brokerWhether the attackers decided to operate only outside the victim’s regular business…
-
US charges two Russian men in connection with Phobos ransomware operation
Roman Berezhnoy and Egor Nikolaevich Glebov are alleged to have extorted over US $16 million in ransom payments using the Phobos ransomware, impacting over 1000 organisations in the United States. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/us-charges-russian-men-phobos-ransomware-operation
-
Unusual attack linked to Chinese APT group combines espionage and ransomware
Tags: apt, attack, breach, china, cloud, country, credentials, crime, crimes, crypto, cyber, cybercrime, cyberespionage, data, encryption, espionage, exploit, finance, firewall, government, group, hacker, infection, insurance, intelligence, korea, microsoft, network, north-korea, ransom, ransomware, russia, software, tactics, technology, threat, veeam, vulnerabilityThe attacker demanded a $2-million ransom: The attack that resulted in the deployment of the RA World ransomware program, as well as data exfiltration, had the same chain: the toshdpdb.exe loading toshdpapi.dll then decrypting toshdp.dat which resulted in the PlugX variant being deployed. The difference is the attacker then chose to deploy the RA World…
-
Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron
The Sarcoma ransomware group announced a breach of the Taiwanese printed circuit board (PCB) manufacturing giant Unimicron. The Sarcoma ransomware group claims to have breached Taiwanese PCB manufacturer Unimicron, leaked sample files, and threatened a full data release if no ransom is paid by Tuesday, February 20, 2025. Unimicron Technology Corporation is a Taiwanese company…
-
Thai Police Bust 4 Suspected 8Base Ransomware Group Members
Detained Russians Accused of Phobos Ransomware Attacks Against 1,000 Organizations. Thai police have arrested four suspected members of the 8Base ransomware-wielding gang, which authorities say has extorted $16 million in ransom payments through attacks against mostly smaller players. The four men were taken into custody in a coordinated, international law enforcement operation. First seen on…
-
Ransomware Groups Made Less Money in 2024
Improvements in cyber hygiene and resiliency made it possible for victim organizations to skip paying ransom amounts in 2024. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/ransomware-groups-made-less-money-in-2024
-
Ransomware Payments Plunge 35% as More Victims Refuse to Pay
In a significant shift within the ransomware landscape, global ransom payments plummeted by 35% in 2024, falling from $1.25 billion in 2023 to $813.55 million, according to a report by blockchain analytics firm Chainalysis. This marked the first substantial decline in ransomware payments since 2022, despite a record number of ransomware attacks during the year.…
-
Ransom Payments Fell 35% in 2024 After LockBit, BlackCat Takedowns
Law enforcement actions, better defenses, and a refusal by victims to pay helped to reduce the amount of ransoms paid in 2024 by $35%, a sharp decline from the record $1.25 billion shelled out in 2023, according to researchers with Chainalysis. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/ransom-payments-fell-35-in-2024-after-lockbit-blackcat-takedowns/
-
Still-Lucrative Ransomware’s Profits Plunged 35% Last Year
Collapse of LockBit and BlackCat/ALPHV Tied to Ongoing Decline in Big-Game Hunting. Ransomware may still be raking in massive cryptocurrency profits for practitioners, but 2024 turned out to be less of a banner year than predicted, with blockchain researchers reporting that the sum total of known ransom payments to ransomware groups in 2024 plummeted by…
-
Top 3 Ransomware Threats Active in 2025
You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: “Pay $2 million in Bitcoin within 48 hours or lose everything.”And the worst part is that even after paying, there’s no guarantee you’ll get your data…
-
Cybercriminals Court Traitorous Insiders via Ransom Notes
Ransomware actors are offering individuals millions to turn on their employers and divulge private company information, in a brand-new cybercrime tactic. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/cybercriminals-traitorous-insiders-ransom-notes
-
US takes aim at healthcare cybersecurity with proposed HIPAA changes
Tags: access, authentication, best-practice, breach, compliance, control, csf, cyber, cyberattack, cybersecurity, data, defense, detection, dora, encryption, finance, framework, government, group, healthcare, HIPAA, incident response, infrastructure, insurance, intelligence, jobs, law, malware, mfa, network, nist, penetration-testing, phishing, privacy, ransom, ransomware, regulation, resilience, risk, security-incident, service, skills, technology, threat, tool, update, usa, vulnerability, vulnerability-managementThe US Department of Health and Human Services (HHS) has launched a consultation on stricter rules for the safeguarding of electronic health records.The proposed revamp of security rules covered by the Health Insurance Portability and Accountability Act (HIPAA) is designed to address the increased risk from cyberattacks such as ransomware against healthcare environments.The revamped rules…
-
New ransomware group Funksec is quickly gaining traction
Tags: access, ai, attack, computer, control, country, cybercrime, data, data-breach, ddos, detection, email, encryption, extortion, government, group, leak, LLM, malware, password, powershell, ransom, ransomware, russia, rust, service, threat, tool, usa, windowsThreat reports for December showed a newcomer to the ransomware-as-a-service (RaaS) landscape quickly climbing the ranks. Called Funksec, this group appears to be leveraging generative AI in its malware development and its founders are tied to hacktivist activity.Funksec was responsible for 103 out of 578 ransomware attacks tracked by security firm NCC Group in December,…
-
Ransomware Campaign Targets Amazon S3 Buckets
Threat Actor ‘Codefinger’ Targets Cloud Environments. A ransomware group is targeting Amazon S3 buckets, exploiting the data stored there using AWS’s server-side encryption with customer keys and demanding a ransom in exchange for the encryption key needed to unlock the data. The group uses compromised or publicly exposed AWS account credentials. First seen on govinfosecurity.com…
-
Under Discussion: UK Mandatory Ransomware Incident Reporting
British Government Proposals Also Include Payment Bans for Critical Infrastructure Banning ransom payments by public sector and critical infrastructure entities, notifying the government of any intent to pay a ransom, and reporting incidents to authorities comprise three counter-ransomware initiatives proposed by the British government. Which ones will pass muster? First seen on govinfosecurity.com Jump to…
-
Ransomware abuses Amazon AWS feature to encrypt S3 buckets
A new ransomware campaign encrypts Amazon S3 buckets using AWS’s Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption key. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ransomware-abuses-amazon-aws-feature-to-encrypt-s3-buckets/
-
Ransomware on ESXi: The mechanization of virtualized attacks
In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly to the internet (according to Shodan), the operational and business impact of these attacks is profound.Most of the Ransomware strands that are attacking ESXi servers nowadays, are variants…
-
Hackers Attack PowerSchool, Expose K-12 Teacher and Student Data
Giant education software provider PowerSchool reported that hackers using compromised credentials access a database and stole student and teacher data in an attack that the company said was not ransomware, though a ransom apparently was paid. Affected K-12 school districts are scrambling to alert parents and staffs. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/hackers-attack-powerschool-expose-k-12-teacher-and-student-data/
-
US charges operators of cryptomixers linked to ransomware gangs
The U.S. Department of Justice indicted three operators of sanctioned Blender.io and Sinbad.io crypto mixer services used by ransomware gangs and North Korean hackers to launder ransoms and stolen cryptocurrency. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-charges-operators-of-cryptomixers-linked-to-ransomware-gangs/
-
AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics
Tags: ai, cybersecurity, data, encryption, extortion, group, hacker, intelligence, ransom, ransomware, tactics, theftCybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date.”The group uses double extortion tactics, combining data theft with encryption to pressure victims into paying ransoms,” Check Point Research said in a new report…
-
December ransomware attacks slam healthcare, public services
In December, one victim organization paid a $1.5 million ransom to restore services, while another continued to experience disruptions for more than one month following an attack. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366617781/December-ransomware-attacks-slam-healthcare-public-services
-
PowerSchool Reportedly Pays Ransom to Prevent Student Data Leak
A school district said that PowerSchool paid a ransom to prevent the attackers releasing data it accessed of students and teachers in North America First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/powerschool-pays-ransom-data-leak/
-
Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions
Ransomware isn’t slowing down”, it’s getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, steal data, and avoid detection.The result? A 10.3% surge in encrypted attacks over the past year and some of the most shocking ransom payouts in history, including a $75 million ransom…
-
Six Tech Trends Shaping the Future of Brand Experiences
Six Tech Trends Shaping the Future of Brand Experiences madhav Wed, 01/08/2025 – 12:38 Business success relies on balancing positive brand experiences and maintaining consumer trust. Consumers want efficiency”, 2024 research from Thales found that 22% of consumers will give up after less than a minute if they’re having a frustrating customer experience”, but they…
-
From $22M in Ransom to +100M Stolen Records: 2025’s All-Star SaaS Threat Actors to Watch
In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second (just in Entra ID)”, a 75% increase from last year”, and phishing attempts up by 58%, causing $3.5 billion in losses (source: Microsoft Digital Defense Report 2024). SaaS attacks are increasing, with hackers often evading detection through legitimate usage patterns. The…