Tag: ransom
-
DOJ Seizes $2.8 Million, Indicts Alleged Zeppelin Ransomware Operator
U.S. authorities seized $2.8 million crypto and $70,000 from Ianis Aleksandrovich Antropenko, who they say used the Zeppelin ransomware to attack companies in the United States and elsewhere and then laundered the cryptocurrency used to pay the ransoms through a crypto mixer and by exchanging it for cash. First seen on securityboulevard.com Jump to article:…
-
Interlock Ransomware Group Leaks 43GB of Data in City of St. Paul Cyberattack
St. Paul hit by Interlock ransomware attack, 43GB of sensitive data leaked, city refuses ransom, launches Operation Secure… First seen on hackread.com Jump to article: hackread.com/interlock-ransomware-leaks-st-paul-city-cyberattack-data/
-
MedusaLocker ransomware group is looking for pentesters
MedusaLocker ransomware gang announced on its Tor data leak site that it is looking for new pentesters. MedusaLocker is a ransomware strain that was first observed in late 2019, it encrypts files on infected systems and demands a ransom, usually in cryptocurrency, for their decryption. The group operates as Ransomware-as-a-Service (RaaS), meaning affiliates can rent…
-
US Confirms Takedown of BlackSuit Ransomware Behind 450+ Hacks
Federal law enforcement agencies have successfully dismantled the critical infrastructure of BlackSuit ransomware, a sophisticated cybercriminal operation that has compromised over 450 victims across the United States since 2022 and collected more than $370 million in ransom payments. Major International Operation Targets Cyber Criminal Network ICE’s Homeland Security Investigations (HSI) led the coordinated takedown in…
-
US confirms takedown of BlackSuit ransomware gang that racked up $370 million in ransoms
Two weeks ago, the ransomware gang’s darknet extortion sites were seized in an operation involving police from more than nine countries including Germany, France and the United Kingdom. First seen on therecord.media Jump to article: therecord.media/us-confirms-blacksuit-takedown
-
BlackSuit, Royal ransomware group hit over 450 US victims before last month’s takedown
The Department of Homeland Security said the Russian cybercrime collective received at least $370 million in ransom payments, based on current cryptocurrency valuations. First seen on cyberscoop.com Jump to article: cyberscoop.com/blacksuit-royal-ransomware-450-us-victims/
-
DragonForce Ransom Cartel Profits Off Rivals’ Demise
The fall of RansomHub led to a major consolidation of the ransomware ecosystem last quarter, which was a boon for the DragonForce and Qilin gangs. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/dragonforce-ransom-cartel-profits-rivals-demise
-
SafePay Claims Ingram Micro Breach, Sets Ransom Deadline
The ransomware gang claims to have stolen 3.5TB of data, and told the technology distributor to pay up or suffer a data breach. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/safepay-ingram-micro-breach-ransom-deadline
-
Ransomware gang tells Ingram Micro, ‘Pay up by August 1’
Tags: access, attack, backup, breach, cyber, cyberattack, data, data-breach, encryption, exploit, extortion, government, group, international, Internet, law, leak, organized, ransom, ransomware, technology, tool, vpn, vulnerabilityRansomware attacks increase: In a report on ransomware released this week, researchers at Zscaler ThreatLabz said the number of organizations listed on all ransomware leak sites rose 70% in the 12 month period ending in April.A growing number of ransomware operators are abandoning encryption of data in favour of just data extortion, it noted. For…
-
2 Law Group Data Theft Hacks Affect 282,100 Patients
Firm Admits Paying Ransom in Exchange of Hacker’s Promise to Delete Stolen Info. Two Florida-based law firms with offices in other states are notifying 282,100 people whose healthcare and other information was potentially compromised in separate data theft incidents. One of the firms admitted to paying a ransom to prevent its data from being leaked…
-
Qilin Ransomware Uses TPwSav.sys Driver to Bypass EDR Security Measures
Tags: cyber, cybercrime, data, detection, edr, endpoint, exploit, extortion, ransom, ransomware, service, tactics, vulnerabilityCybercriminals affiliated with the Qilin ransomware-as-a-service (RaaS) operation have demonstrated advanced evasion techniques by exploiting a previously undocumented vulnerable driver, TPwSav.sys, to disable Endpoint Detection and Response (EDR) systems through a bring-your-own-vulnerable-driver (BYOVD) attack. First observed in July 2022, Qilin employs double extortion tactics, exfiltrating data for leakage on dedicated sites if ransoms remain unpaid,…
-
Rise of Chaos Ransomware Tied to BlackSuit Group’s Exit
Operation Checkmate Disrupts One of the Large Russian-Speaking Ransomware Groups. An international law enforcement operation has disrupted BlackSuit, a ransomware group tied to hundreds of victims and ransom demands that exceeded half a billion dollars. The takedown occurred as security experts tracked the rise of a new group called Chaos, which may be a BlackSuit…
-
UK proposal would forbid ransom payments by gov’t agencies, but will it meaningfully decrease ransomware attacks?
Tags: attack, backup, business, ceo, dark-web, data, finance, government, group, hacker, intelligence, law, ransom, ransomware, threatBusinesses often want to pay ransom: Fred Chagnon, principal research director at Info-Tech Research Group noted that, from a business continuity perspective, it can make sense to pay the ransom.”Paying the ransom can sometimes be the quickest and least damaging path to restoring operations, especially if backups are compromised or recovery is prohibitively slow. While…
-
UK moves to ban public sector organizations from making ransom payments
Private companies would also have to report to the government if they plan to pay off cybercriminals. First seen on cyberscoop.com Jump to article: cyberscoop.com/uk-ransomware-payment-ban-public-sector-private-business-reporting/
-
UK government wants ransomware victims to report breaches so it can carry out ‘targeted disruptions’ against hackers
Experts applauded the proposed change, which would require ransomware victims to notify authorities when paying a hacker’s ransom, arguing that this information can help catch cybercriminals and stop their activities. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/22/uk-government-wants-ransomware-victims-to-report-cyberattacks-so-it-can-disrupt-the-hackers/
-
Nearly Half of MSPs Have Dedicated Kitty For Ransomware Incidents
Recent research by Cybersmart has revealed that nearly half (45%) of MSPs admitted to having a dedicated pool of money set aside for ransomware payments. This is despite increasing pressure from insurers and global governments to avoid paying ransoms to stop fuelling criminal enterprises and encourage proactive resilience. Historically, the guidance and best practice around…
-
UK government to ban public bodies from paying ransoms to hackers
Tags: attack, computer, cyber, cybercrime, government, hacker, healthcare, international, office, ransom, ransomware, russiaMeasure intended to send message to international cybercriminals ‘that the UK is united in fight against ransomware’The UK government is planning to ban public bodies from paying ransoms to computer hackers, and private companies will be required to inform authorities if they plan to cave into cash demands.The stance, announced on Tuesday by the Home…
-
Clément Domingo: “We are not using AI correctly to defend ourselves”
Tags: access, ai, attack, control, credentials, cyber, cyberattack, cybercrime, cybersecurity, dark-web, finance, government, group, hacker, infrastructure, intelligence, Internet, jobs, law, malicious, malware, office, password, programming, ransom, startup, threat, tool, trainingstartup, but dedicated to cybercrime in a very efficient way,” Domingo tells via email. “Most have what we call affiliates, which allows them to operate worldwide and attack any organization or entity. In most cases, the startup keeps 20% of the ransom and the accomplice takes 80%.”These are companies that, as he details, offer all…
-
Russian Vodka Maker Beluga Struck by Ransomware Attack
Novabev Group, the parent company of premium vodka brand Beluga, has confirmed it was hit by a sophisticated ransomware attack on July 14, 2025, temporarily disrupting operations and affecting IT infrastructure across the company and its WineLab subsidiary. The Russian spirits manufacturer has refused to pay any ransom demands, maintaining a firm stance against negotiating…
-
Extradited Armenian Tied to Ryuk Ransomware Faces US Trial
FBI Accuses Ukrainian Man of Identifying Exploitable Flaws in Victims’ Networks. A 33-year-old Armenian man, Karen Vardanyan, accused of facilitating Ryuk ransomware attacks against numerous organizations, is due to stand trial in the U.S. in August. The FBI said the Ryuk operation earned at least $15 million in cryptocurrency ransom payments from victims. First seen…
-
Devman Claims Cyberattack on Thailand Ministry of Labour, Demands $15M Ransom
A threat actor named Devman has claimed responsibility for a cyberattack on Thailand Ministry of Labour, compromising over 300 gigabytes of sensitive data and severely disrupting government operations. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/thailand-ministry-of-labour-cyberattack/
-
Italian police dismantle Romanian ransomware gang targeting nonprofits, film companies
The group, known as “Diskstation,” is accused of encrypting victims’ systems and demanding large cryptocurrency ransoms to restore access to their data, Italy’s Postal and Cybersecurity Police said in a statement. First seen on therecord.media Jump to article: therecord.media/italian-police-dismantle-romanian-ransomware-gang
-
Former US Army member confesses to Telecom hack and extortion conspiracy
A former US Army soldier pleaded guilty to hacking telecom databases, stealing data, and extorting companies by threatening to release the stolen info. A former Army soldier, Cameron John Wagenius (21) pleaded guilty to conspiring to hack telecom companies’ databases, steal sensitive records, and extort victims by threatening to release stolen data unless ransoms were…
-
Former U.S. Army Member Pleads Guilty in Telecom Hacking Case
A 21-year-old former U.S. Army soldier has pleaded guilty to participating in a sophisticated cybercrime operation that targeted telecommunications companies through hacking, data theft, and extortion schemes. Cameron John Wagenius, who was stationed in Texas during his military service, admitted to conspiring with others to breach protected computer networks and demand ransom payments from victim…
-
GLOBAL GROUP RaaS Adds AI-Powered Negotiation Feature for Ransom Demands
A newly surfaced Ransomware-as-a-Service operation, dubbed GLOBAL GROUP, has begun deploying an AI”driven negotiation tool that elevates the psychological pressure on victims and streamlines extortion workflows for affiliates. Security researchers at EclecticIQ first identified GLOBAL GROUP’s activity in early June on the Ramp4u underground forum, where the threat actor known as “$$$” shared an onion…
-
How defenders use the dark web
Tags: access, antivirus, attack, breach, corporate, credit-card, crypto, cyber, cybercrime, dark-web, data, data-breach, email, extortion, finance, fraud, government, group, hacker, healthcare, identity, incident, insurance, intelligence, Internet, interpol, law, leak, lockbit, mail, malware, monitoring, network, phishing, ransom, ransomware, service, software, theft, threat, tool, usa, vpnAttributing attacks to threat actors: When organizations suffer from data breaches and cyber incidents, the dark web becomes a crucial tool for defenders, including the impacted businesses, their legal teams, and negotiators.Threat actors such as ransomware groups often attack organizations to encrypt and steal their data so they can extort them for money, in exchange…
-
Did This Retail Giant Pay a Ransom to Scattered Spider?
Moral hazard ahoy: MS head Archie Norman won’t say if he authorized DragonForce ransomware hacker payday. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/marks-spencer-archie-norman-ransom-richixbw/
-
Trend Micro flags BERT: A rapidly growing ransomware threat
Low-code, high impact: BERT is not an isolated development, it is part of a growing wave of emerging ransomware groups that are proving both capable and elusive. In just the last three to four months, cybersecurity researchers have identified multiple new ransomware families that signal a shift toward leaner, low-code, and faster malware operations.For instance,…