Tag: ransomware
-
Russian initial access broker who fed ransomware crews gets 81 months in US prison
Aleksei Volkov sentenced after enabling attacks that cost victims millions First seen on theregister.com Jump to article: www.theregister.com/2026/03/24/russian_iab_sentenced/
-
81-month sentence for Russian hacker behind major ransomware campaigns
U.S. sentences Russian hacker Aleksei Volkov to 81 months in prison for aiding ransomware attacks, causing over $9M in damages. A U.S. court sentenced Aleksei Olegovich Volkov to 81 months in prison for supporting ransomware groups like Yanluowang. He helped carry out dozens of attacks, causing over $9M in losses. Arrested in Italy in 2024…
-
Russian Initial Access Broker Handed 81-Month Sentence
Russian cybercriminal Aleksei Volkov has received close to seven years behind bars for role in Yanluowang ransomware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-initial-access-broker/
-
Russian Access Broker Jailed for Facilitating Ransomware Attacks Targeting U.S. Companies
A United States federal court has sentenced Aleksei Volkov, a 26-year-old Russian national, to 81 months in prison for operating as an initial access broker. Volkov played a critical part in enabling major cybercrime syndicates, including the Yanluowang ransomware group, to breach corporate networks across the country. His illicit activities resulted in more than $9…
-
U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage
A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations.According to the U.S. Department of Justice (DoJ), Aleksei Olegovich Volkov facilitated dozens of ransomware attacks…
-
New Leak Site Tied to Active Initial Access Broker Emerges on Underground Forums
A new Tor-based leak site dubbed ALP-001 has quietly moved from selling network footholds to publicly naming victims, signaling an evolution from pure initial access brokerage to full-scale cyber extortion. The ALP-001 site, reachable only over Tor, advertises itself as a “Data Leaks / Access Market,” blending hallmarks of both a ransomware leak portal and…
-
Ransomware’s New Era: Moving at AI Speed
Threat actors bypass security tools and use AI to launch faster ransomware attacks that exploit valid credentials and target data First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/ransomware-new-era-moving-ai-speed
-
US chip testing firm shrugged off ransomware hit as minor then came the data leak
Trio-Tech International initially said hack wasn’t ‘material,’ but then stolen data was published First seen on theregister.com Jump to article: www.theregister.com/2026/03/23/us_chip_testing_firm_shrugged/
-
Nike’s 1.4TB IP Theft: When Ransomware Targets Trade Secrets Instead of Files
Ransomware groups now steal trade secrets before encryption. Nike’s 1.4TB theft included shoe designs, patents, supplier lists”, IP worth billions. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/nikes-1-4tb-ip-theft-when-ransomware-targets-trade-secrets-instead-of-files/
-
California-based semiconductor testing company reports ransomware attack to SEC
A semiconductor testing company warned regulators that its subsidiary in Singapore suffered a ransomware attack earlier this month. First seen on therecord.media Jump to article: therecord.media/ransomware-trio-tech-semiconductor-sec
-
Beers with Talos breaks down the 2025 Talos Year in Review
The Beers with Talos team unpack the biggest cybersecurity threats of 2025, from React2Shell to ransomware and identity abuse, and what it all means for defenders going forward. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/beers-with-talos-breaks-down-the-2025-talos-year-in-review/
-
US chip testing firm shrugged off ransomware hit as minor – then came the data leak
Trio-Tech International initially said hack wasn’t ‘material,’ but then stolen data was published First seen on theregister.com Jump to article: www.theregister.com/2026/03/23/us_chip_testing_firm_shrugged/
-
CISA Orders US Government to Patch Maximum Severity Cisco Flaw
CISA added CVE-2026-20131 to its KEV catalog as it is being used in ransomware campaigns First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-orders-us-government-patch/
-
Foster City Cyberattack Disrupts Services, Raises Data Breach Fears
A ransomware attack has disrupted municipal operations in Foster City, California, as officials continue to respond. The Bay Area city, home to roughly 34,000 residents, was forced to suspend most public services after suspicious activity was detected early Thursday morning. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/foster-city-cyberattack/
-
We Know You Can Pay a Million by Anja Shortland review the terrifying new world of ransomware
Criminals extorting money online have created huge businesses, complete with branding and HRThe birth of ransomware was a stunt that got out of hand. In 1989, an evolutionary biologist called Joseph L Popp Jr was working part time for the World Health Organisation on the Aids epidemic. He was a difficult man. When he was…
-
A Domains Portfolio Belonging to RAMP (Russian Anonymous Marketplace) Forum Members A Compilation
Dear blog readers, In this post I’ll provide actionable intelligence based on the research and analysis which I posted in my previous “Dissecting the RAMP (Russian Anonymous Marketplace) Ransomware Forum – An Analysis” blog post and will provide actionable intelligence on various domain portfolios manage and operated by members of the RAMP (Russian Anonymous Marketplace)…
-
A Compilation of BitCoin Wallet Addresses from the RAMP (Russian Anonymous Marketplace) Forum Members A Compilation
Dear blog readers, In this post I’ll provide actionable intelligence on all the BitCoin wallet addresses from the RAMP (Russian Anonymous Marketplace) forum members with the idea to assist the security community fellow researchers and U.S Law Enforcement on its way to properly track down and prosecute the individuals behind these campaigns. Here’s the compilation:…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 89
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter New Payload ransomware malware analysis DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation AI Coding Tools Under Fire: […]…
-
Security Affairs newsletter Round 568 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. WorldLeaks ransomware group breached the City of Los Angels PolyShell flaw exposes Magento and Adobe Commerce…
-
Cyber OpSec Fail: Beast Gang Exposes Ransomware Server
Files on a central cloud server used by the ransomware group highlight a systematic, aggressive attack on network backups as a key TTP. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/opsec-beast-gang-exposes-ransomware-server
-
Interlock Ransomware Targets Cisco Enterprise Firewalls
The ransomware gang, known for double-extortion attacks, had access to a critical Cisco firewall vulnerability weeks before it was publicly disclosed. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/interlock-ransomware-targets-cisco-enterprise-firewalls
-
LeakNet ransomware: what you need to know
A ransomware gang that claims to be a group of “investigative journalists”? Meet LeakNet – the group using fake CAPTCHA pages to trick employees into hacking themselves. First seen on fortra.com Jump to article: www.fortra.com/blog/leaknet-ransomware-what-you-need-know
-
CISA Warns Cisco Secure Firewall Management Center 0-Day Is Being Exploited in Ransomware Attacks
Tags: attack, cisa, cisco, cloud, control, cve, cyber, cybercrime, cybersecurity, exploit, firewall, flaw, infrastructure, ransomware, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency has issued an urgent warning regarding a critical zero-day vulnerability affecting heavily relied-upon Cisco security products. Tracked officially as CVE-2026-20131, this severe flaw is actively being exploited by cybercriminals in targeted ransomware campaigns. Organizations relying on Cisco Secure Firewall Management Center and Cisco Security Cloud Control must take immediate…
-
CISA Warns Cisco Secure Firewall Management Center 0-Day Is Being Exploited in Ransomware Attacks
Tags: attack, cisa, cisco, cloud, control, cve, cyber, cybercrime, cybersecurity, exploit, firewall, flaw, infrastructure, ransomware, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency has issued an urgent warning regarding a critical zero-day vulnerability affecting heavily relied-upon Cisco security products. Tracked officially as CVE-2026-20131, this severe flaw is actively being exploited by cybercriminals in targeted ransomware campaigns. Organizations relying on Cisco Secure Firewall Management Center and Cisco Security Cloud Control must take immediate…
-
54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security
A new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver (BYOVD) by abusing a total of 35 vulnerable drivers.EDR killer programs have been a common presence in ransomware intrusions as they offer a way for affiliates to neutralize security…
-
SpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft
Tags: ai, authentication, automation, breach, cloud, credentials, cybercrime, cybersecurity, dark-web, data, data-breach, government, identity, malware, monitoring, password, phishing, ransomware, supply-chain, theft, threat, tool67 / sixseven: 140.4Msweet / cookie / candy / cake / pie: 5.7Mchiefs / kansas city chiefs: 5M2025: 4.1Mapple / banana / orange / strawberry / fruit: 2.6MPassword reuse remains widespread, and the report also identified 1.1 million password manager master passwords circulating in underground sources, raising concerns about vault-level compromise when master credentials are…
-
SpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft
Tags: ai, authentication, automation, breach, cloud, credentials, cybercrime, cybersecurity, dark-web, data, data-breach, government, identity, malware, monitoring, password, phishing, ransomware, supply-chain, theft, threat, tool67 / sixseven: 140.4Msweet / cookie / candy / cake / pie: 5.7Mchiefs / kansas city chiefs: 5M2025: 4.1Mapple / banana / orange / strawberry / fruit: 2.6MPassword reuse remains widespread, and the report also identified 1.1 million password manager master passwords circulating in underground sources, raising concerns about vault-level compromise when master credentials are…