Tag: ransomware
-
VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi
Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that renders recovery impossible even for the threat actors.The fact that VECT’s locker permanently destroys large files rather than encrypting…
-
VECT: Ransomware by design, Wiper by accident
ey Takeaways Background VECT Ransomware is a Ransomware-as-a-Service (RaaS) program that made its first appearance in December 2025 on a Russian-language cybercrime forum. After claiming their first two victims in January 2026, the group got back into the public eye due to an announcement of a partnership with TeamPCP, the actor behind several supply-chain attacks…
-
Ransomware Turf War as 0APT and KryBit Groups Trade Blows
Ransomware groups 0APT and KryBit have doxxed each other online First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ransomware-turf-war-0apt-krybit/
-
Drei RaaS-Gruppen dominieren Deutschlands Bedrohungslandschaft – Ransomware trifft Deutschland in Produktion, Dienstleistung und Handel
First seen on security-insider.de Jump to article: www.security-insider.de/ransomware-deutschland-produktion-raas-gruppen-a-ad5be19861d7eeb80970fb059c00d4c6/
-
As the NVD scales back CVE enrichment, here’s what Tenable customers need to know
Tags: access, ai, cisa, cloud, cve, cvss, data, data-breach, exploit, infrastructure, intelligence, kev, metric, mitre, nist, nvd, ransomware, risk, software, strategy, technology, threat, vulnerability, vulnerability-management, zero-dayNIST’s shift toward selective CVE enrichment creates significant visibility gaps for teams relying solely on the National Vulnerability Database. As AI accelerates vulnerability disclosure rates, organizations need independent, high-fidelity intelligence to prioritize risks that the NVD may now overlook. Key takeaways NIST is pivoting to a prioritized enrichment model, focusing only on specific criteria like…
-
Cyberkriminelle zielen auf den Fertigungssektor ab
Ein Bericht von Check-Point-Exposure-Management zur Bedrohungslage in der Fertigungsindustrie zeigt eine drastische Zunahme von Ransomware, Angriffen auf die Lieferkette und OT-bezogenen Cybervorfällen. Mit der zunehmenden Verbreitung intelligenter Fabriken und vernetzter Lieferketten ändern Angreifer ihre Taktiken, um Störungen, finanziellen Druck und geopolitische Auswirkungen zu maximieren. Die Fertigungsindustrie ist mittlerweile weltweit die am stärksten von Ransomware betroffene…
-
Trigona ransomware adopts custom tool to steal data and evade detection
Trigona ransomware now uses a custom command-line tool to steal data faster and evade detection, replacing tools like Rclone and MegaSync. Symantec researchers report that recent Trigona ransomware attacks used a custom-built data exfiltration tool instead of common utilities like Rclone or MegaSync. This shift, seen in March 2026 incidents, gives attackers more control and…
-
‘Payouts King”: Die Erben von BlackBasta formieren sich neu
Tags: ransomwareNach dem plötzlichen Ende der bekannten Ransomware-Gruppe BlackBasta Anfang 2025 ist die Bedrohung keineswegs verschwunden. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/payouts-king-erben-von-blackbasta
-
Poor Risk Analysis Cost 4 Firms $1.7 Million in HIPAA Fines
HHS OCR Breach Investigators Again Find All-Too-Common Risk Analysis Failures. Faulty or non-existent security risk analyses cost a medical imaging provider, a women’s healthcare group, a health plan and a third-party insurance administrator a collective $1.7 million in fines after federal regulators concluded they didn’t do enough to prevent ransomware attacks. First seen on govinfosecurity.com…
-
Ransomware Gang Unveils Custom Data-Theft Tool
Ransomware operators introduced a custom-built data exfiltration tool, signaling a notable evolution in attack techniques. Unlike most ransomware groups that rely on publicly available utilities such as Rclone or MegaSync, Trigona affiliates are now using a proprietary tool to steal sensitive data with greater precision and stealth. Trigona, active since late 2022, operates as a…
-
Breach Roundup: Myanmar Scam Compound Managers Charged
Also, Europol Cracks DDoS Networks, Mythos Finds Bugs, France Portal Hit. This week, scam compounds. Attackers exploit flaws pre-disclosure. A crackdown on DDoS-for-hire. No Mythos for CISA, yes for Mozilla. France ID portal breach. Israeli and Venezuelan critical infrastructure targeted. Russian hacking in Ukraine. An Apache flaw. A ransomware negotiator aided BlackCat. First seen on…
-
In a first, a ransomware family is confirmed to be quantum-safe
Tags: ransomwareTechnically speaking, there’s no practical benefit to use PQC. So why is it being used? First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/now-even-ransomware-is-using-post-quantum-cryptography/
-
3 practical ways AI threat detection improves enterprise cyber resilience
Legitimate admin activity and malicious behavior often look similar without contextHybrid environments generate fragmented telemetry that rule sets can’t correlateLean teams don’t have time to manually connect the dots across systemsPlatforms like Adlumin MDR apply behavioral models and automated triage to suppress low”‘value alerts and elevate incidents that actually matter. Fewer alerts, better context, and…
-
3 practical ways AI threat detection improves enterprise cyber resilience
Legitimate admin activity and malicious behavior often look similar without contextHybrid environments generate fragmented telemetry that rule sets can’t correlateLean teams don’t have time to manually connect the dots across systemsPlatforms like Adlumin MDR apply behavioral models and automated triage to suppress low”‘value alerts and elevate incidents that actually matter. Fewer alerts, better context, and…
-
Trigona ransomware attacks use custom exfiltration tool to steal data
Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more efficiently. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trigona-ransomware-attacks-use-custom-exfiltration-tool-to-steal-data/
-
RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace
Leaked data from RAMP reveals Russia’s ransomware ecosystem, analyzing 1,732 threads, 7,707 users, and 340,000 IP records from the forum. RAMP was not just another dark web forum. It was one of the clearest examples of how ransomware has become an organized marketplace, with sellers, buyers, brokers, and recruiters all playing different roles in the…
-
Unterhändler sollte Unternehmen nach Ransomware-Angriffen helfen aber unterstützte heimlich die Hacker
First seen on t3n.de Jump to article: t3n.de/news/unternehmen-bei-ransomware-angriffen-helfen-hacker-unterstuetzt-1739462/
-
Ransomware, fraud, and lawsuits drive cyber insurance claims to new peaks
The 2026 InsurSec Report from At-Bay, covering more than 100,000 policy years of claims data, documents a 7% year-over-year rise in overall claim frequency and an all-time … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/23/cyber-insurance-claims-report/
-
‘The Gentlemen’ Rapidly Rises to Ransomware Prominence
Tags: ransomwareNot nearly as polite as the name suggests, the ransomware gang has impressed researchers with its speed in scaling up operations, and its sophistication. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/gentlemen-rapidly-rise-ransomware
-
Kyber ransomware gang toys with post-quantum encryption on Windows
A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum encryption. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/kyber-ransomware-gang-toys-with-post-quantum-encryption-on-windows/
-
5 zentrale Schwachstellen gefährden die IT-Sicherheitslage im Mittelstand
Ransomware, Phishing, gestohlene Zugangsdaten: Cyberangriffe verursachen im Mittelstand regelmäßig spürbaren wirtschaftlichen Schaden. Der aktuelle ‘Cyber-Risikocheck für den Mittelstand” von Trufflepig IT-Forensics, dem spezialisierten Cybersecurity-Partner für den gehobenen Mittelstand und den öffentlichen Sektor im DACH-Raum, zeigt auf Basis von 273 realen Angriffssimulationen (Penetrationstests) in mittelständischen DACH-Unternehmen, wo sich Angreifern die vielversprechendsten Einfallstore bieten. Besonders relevant für…
-
Former Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber Gang
A former ransomware negotiator has pleaded guilty to abusing his position by working with noted cybercrime group BlackCat First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/former-ransomware-negotiator/
-
March 2026 Cyber Threat Landscape Fueled by Ransomware, Breaches, and Access Markets
Tags: access, attack, breach, cyber, cybersecurity, data, data-breach, intelligence, ransomware, threatThe 2026 threat landscape continued to intensify in March, with ransomware attacks, expanding data breach activity, and a growing underground market for compromised access shaping the global cybersecurity environment. According to analysis from CRIL (Cyble Research & Intelligence Labs), organizations worldwide faced a highly active and coordinated threat ecosystem throughout the month. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/march-2026-threat-landscape/
-
UK could face ‘hacktivist attacks at scale’, says head of security agency
Officials warn a conflict situation could cause disruption similar to recent major ransomware incidentsThe UK could face “hacktivist attacks at scale” if it becomes embroiled in a conflict and the impact could be similar to recent high-profile <a href=”https://www.theguardian.com/technology/2023/sep/14/who-is-behind-latest-wave-of-ransomware-attacks”>ransomware incidents, according to the head of the country’s online security agency.Richard Horne, chief executive of the…
-
Ransomware Negotiator Pleads Guilty to BlackCat Scheme
A cautionary tale illustrates why the person negotiating should never be involved with any part of the ransom payment process, experts noted. First seen on darkreading.com Jump to article: www.darkreading.com/insider-threats/ransomware-negotiator-pleads-guilty-blackcat-scheme
-
Ransomware negotiator caught secretly assisting BlackCat extortion scheme
Angelo Martino pleaded guilty to helping BlackCat ransomware group while acting as a ransomware negotiator. Another U.S. cybersecurity expert, Angelo Martino, admitted helping the BlackCat ransomware group while working as a ransomware negotiator. Angelo Martino (41) admitted helping the BlackCat ransomware group while working for a U.S. incident response firm. >>A Florida man, formerly employed…
-
Former DigitalMint ransomware negotiator pleads guilty to extortion scheme
Angelo Martino helped accomplices extort a combined $75.3 million in ransom payments from five victim companies. First seen on cyberscoop.com Jump to article: cyberscoop.com/digitalmint-ransomware-negotiator-angelo-martino-guilty-plea/
-
Murder, she wrote: Ex-FBI chief wants some ransomware crims charged with homicide
Lawmakers decry CISA cuts: ‘We are shooting ourselves in the foot’ First seen on theregister.com Jump to article: www.theregister.com/2026/04/21/exfbi_cyber_chief_urges_felony_charges_ransomware/
-
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
Threat actors associated with The Gentlemen ransomware”‘as”‘a”‘service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC.According to new research published by Check Point, the command-and-control (C2 or C&C) server linked to SystemBC has led to the discovery of a botnet of more than 1,570 victims.”SystemBC establishes SOCKS5 network tunnels within…
-
Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks
The ideas came up at a House Homeland Security Committee hearing, as health care ransomware attacks are on the rise. First seen on cyberscoop.com Jump to article: cyberscoop.com/lawmakers-ponder-terrorism-designations-homicide-charges-over-hospital-ransomware-attacks/