Tag: ransomware
-
Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk
The critical remote code execution flaw (CVE-2026-1731) in the remote monitoring and management tool can be exploited to spread ransomware and compromise supply chains. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/surge-bomgar-rmm-exploitation-demonstrates-supply-chain-risk
-
Ransomware negotiator pleads guilty to helping ransomware gang
A former employee of a cybersecurity firm pleaded guilty to aiding ransomware criminals to maximize their profits, with the goal of taking a cut of the ransom. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/21/ransomware-negotiator-pleads-guilty-to-helping-ransomware-gang/
-
Ransomware negotiator admits role in attacks he was hired to resolve
A Florida man, formerly employed as a ransomware negotiator, pleaded guilty to conspiring to carry out ransomware attacks against US companies. Prosecutors say Angelo Martino, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/21/ransomware-negotiator-blackcat-alphv-group/
-
Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023
A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting ransomware attacks against U.S. companies in 2023.Angelo Martino, 41, of Land O’Lakes, Florida, teamed up with the operators of the BlackCat ransomware starting in April 2023 to assist the e-crime gang in extracting higher amounts as ransoms.”Working as a negotiator…
-
Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords
Plus: Court papers reveal nonprofit paid a ransom worth nearly $26.8 million First seen on theregister.com Jump to article: www.theregister.com/2026/04/21/yet_another_ex_ransomware_negotiator_pleads/
-
The Gentlemen Ransomware Expands With Rapid Affiliate Growth
Gentlemen RaaS expands quickly with multi-platform attacks and SystemBC-linked infections First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/gentlemen-ransomware-rapid/
-
Former ransomware negotiator pleads guilty to BlackCat attacks
41-year-old Angelo Martino, a former employee of cybersecurity incident response company DigitalMint, has pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/former-ransomware-negotiator-pleads-guilty-to-blackcat-attacks/
-
Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul
Fake emails already doing the rounds as ransomware crew boasts about what it allegedly stole First seen on theregister.com Jump to article: www.theregister.com/2026/04/21/adaptavist_group_breach_spawns_impostor/
-
Die stille Expansion der Gentlemen Deutschland im Fokus
Ein zentraler Baustein für das schnelle Wachstum der Gruppe liegt offenbar im Geschäftsmodell. ‘The Gentlemen” setzen auf ein besonders attraktives Partnerprogramm First seen on infopoint-security.de Jump to article: www.infopoint-security.de/die-stille-expansion-der-gentlemen-ransomware/a44707/
-
Ransomware-Attacken: Versicherungs- und Rechtsfragen in Zeiten zunehmender Cyberangriffe
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/ransomware-attacken-versicherung-rechtsfragen-zunahme-cyberangriffe
-
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-gentlemen-ransomware-now-uses-systembc-for-bot-powered-attacks/
-
Weltweit schon 1.570 Opfer der Gentlemen-Ransomware
Check Point Research hat eine neue Ransomware-Gruppe namens ‘The Gentlemen” beobachtet und die Ergebnisse zeigen, dass das tatsächliche Ausmaß ihrer Aktivitäten weit über das hinausgeht, was bisher berichtet wurde. Die Gruppe hat seit Mitte 2025 öffentlich 320 Opfer gemeldet. 240 Angriffe fanden davon im Jahr 2026 statt, was sie zur zweitaktivsten Ransomware-Gruppe dieses Jahres macht…
-
The backup myth that is putting businesses at risk
Backups protect data, but don’t keep your business running during downtime. Datto shows why BCDR is essential to keep operations running during ransomware and outages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-backup-myth-that-is-putting-businesses-at-risk/
-
DFIR Report The Gentlemen SystemBC: A Sneak Peek Behind the Proxy
ey Points The Gentlemen RaaS The Gentlemen ransomware”‘as”‘a”‘service (RaaS) operation is a relatively new group that emerged around mid”‘2025. The operators advertise their services across multiple underground forums, promoting their ransomware platform and inviting penetration testers (and other technically skilled actors) to join as affiliates. The RaaS provides affiliates with multi”‘OS lockers for Windows, Linux,…
-
Die Erben von Blackbasta formieren sich neu als ‘Payouts King” mit raffinierter Ransomware
Im Februar 2025 endete die Ära der berüchtigten Ransomware-Gruppierung Blackbasta abrupt. Nachdem interne Chat-Protokolle an die Öffentlichkeit gelangt waren, sah sich die Gruppe gezwungen, ihre Operationen einzustellen. Doch die kriminelle Energie blieb: Ehemalige Blackbasta-Partner setzten ihre Angriffe umgehend mit anderen Ransomware-Familien fort. Die Analysten des Zscaler-ThreatLabz-Forschungsteams haben in den vergangenen Monaten kontinuierliche Ransomware-Aktivitäten beobachtet, die…
-
Tempo ist nicht Resilienz – Ohne Benchmark keine sichere Ransomware-Recovery
First seen on security-insider.de Jump to article: www.security-insider.de/ohne-benchmark-keine-sichere-ransomware-recovery-a-e5669e6719dea955c75b429de8a8fe65/
-
JanaWare Ransomware Hits Turkish Users via Tailored Adwind RAT
A newly analyzed ransomware campaign dubbed “JanaWare” is targeting users in Turkey by leveraging a customized version of the Adwind Remote Access Trojan (RAT). The campaign combines stealthy delivery techniques, geographic restrictions, and polymorphic malware to evade detection while maintaining long-term activity. Researchers identified that JanaWare is specifically designed to infect systems located in Turkey.…
-
QEMU Hijacked as Stealth Backdoor for Credential Theft, Ransomware
Attackers are increasingly abusing QEMU virtual machines to hide credential theft and ransomware staging inside “invisible” virtual environments, making detection and forensics significantly harder for defenders. QEMU is a legitimate open-source emulator and virtualizer that allows running full operating systems as virtual machines on a host. Threat actors are weaponizing this capability by running their…
-
Wie Hacker QEMU als Schutzschild für Ransomware missbrauchen
Hacker haben eine Methode perfektioniert, um unter dem Radar moderner Sicherheitssoftware zu fliegen. Durch den Missbrauch des Open-Source-Emulators QEMU verstecken sie komplette Angriffsszenarien als Ransomware in virtuellen Maschinen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/hacker-qemu-ransomware-missbrauchen
-
Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware
Tags: control, data, detection, endpoint, hacker, malicious, malware, open-source, ransomware, sophosAttackers abuse QEMU to hide malware in virtual machines, bypass detection, steal data, and deploy ransomware without leaving any trace. Sophos researchers report a rise in attackers abusing QEMU, an open-source emulator, to hide malicious activity inside virtual machines. By running malware in a VM, attackers avoid endpoint security controls and leave minimal traces on…
-
NAKIVO v11.2: Ransomware Defense, Faster Replication, vSphere 9, and Proxmox VE 9.0 Support
NAKIVO Inc. announced the general availability of NAKIVO Backup & Replication v11.2, focused on fast, reliable, and proactive data protection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nakivo-v112-ransomware-defense-faster-replication-vsphere-9-and-proxmox-ve-90-support/
-
Ransomware attack continues to disrupt healthcare in London nearly two years later
More than 18 months after a ransomware attack disrupted care at hospitals in South East London, documents show at least one NHS trust is still working without fully restored systems and managing large backlogs of delayed test results. First seen on therecord.media Jump to article: therecord.media/ransomware-nhs-cyberattack-disruption
-
Payouts King ransomware uses QEMU VMs to bypass endpoint security
The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/payouts-king-ransomware-uses-qemu-vms-to-bypass-endpoint-security/
-
Payouts King Emerges: New Ransomware Operation Tied to Ex-BlackBasta Members
Payouts King is emerging as a technically sophisticated ransomware operation believed to be run by former BlackBasta affiliates, reusing their social”‘engineering playbook while introducing hardened obfuscation and encryption routines. The group focuses on high”‘value data theft and selective encryption, leveraging strong cryptography and extensive evasion to stay ahead of antivirus and EDR tools. BlackBasta, itself…
-
6-Year Ransomware Campaign Targets Turkish Homes & SMBs
While enterprises breaches make more headlines, smaller incidents tend to be under-reported, if at all, allowing campaigns to last longer with less disruption. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/6-year-ransomware-campaign-turkish-homes-smbs
-
Ransomware-Bedrohungen und KI-Transformation verschieben Fokus von Recovery hin zu Resilienz
Der neue ‘Veeam Data Trust and Resilience Report” von Veeam Software stellt fest, dass 90 Prozent der Sicherheitsverantwortlichen davon überzeugt sind, Daten schnell wiederherstellen zu können. Allerdings schaffen es letztlich nur 28 Prozent, die Daten nach einem Ransomware-Angriff auch tatsächlich vollständig wiederherzustellen. Veeam hat den ‘Data Trust and Resilience Report 2026″ veröffentlicht, der eine wachsende…
-
Textbook titan McGraw Hill on ransomware crew’s reading list after 13.5M records exposed
Publisher claims misconfigured Salesforce-hosted page leaked data First seen on theregister.com Jump to article: www.theregister.com/2026/04/16/mcgraw_hill_salesforce/
-
Automotive data biz Autovista blames ransomware for service disruption
Some customer orgs tell staff to block inbound email from the provider First seen on theregister.com Jump to article: www.theregister.com/2026/04/15/automotive_data_biz_autovista_ransomware/
-
Cookeville Regional Medical Center hospital data breach impacts 337,917 people
A ransomware attack on Cookeville Regional Medical Center hospital (Tennessee) exposed data of 337,000 people after hackers stole 500GB of sensitive information from its systems. A ransomware attack on Cookeville Regional Medical Center (CRMC) in Tennessee led to a major data breach affecting about 337,000 people. The attack, carried out by the Rhysida group, involved…