Tag: ransomware
-
Payload ransomware hits Windows and ESXi with Babuk-style encryption
Tags: cryptography, cyber, encryption, extortion, group, healthcare, ransomware, threat, vmware, windowsA new ransomware operation called Payload is rapidly emerging as a serious threat to both Windows and VMware ESXi environments, combining Babuk-style cryptography with aggressive anti-forensics and a working double-extortion model. The group claims to have been active since at least February 17, 2026. It is already hitting mid-to-large organizations across multiple sectors and countries. The hospital…
-
Inside Nevada’s Push for Secure Digital Government
Tags: ai, attack, cio, cybersecurity, data-breach, governance, government, identity, ransomware, resilienceState CIO Tim Galluzi on Identity Modernization, AI and Resident Services. The State of Nevada is accelerating its cybersecurity and digital modernization efforts after a major ransomware attack exposed the importance of resilience, workforce readiness and strong governance, said State CIO Tim Galluzi. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/inside-nevadas-push-for-secure-digital-government-a-31037
-
The ransomware economy is shifting toward straight-up data extortion
Google’s research report on ransomware activity last year underscores how cybercrime is evolving and clouding a collective understanding of its full impact and scale. First seen on cyberscoop.com Jump to article: cyberscoop.com/google-threat-intelligence-group-ransomware-report-2026/
-
IBM Discovers ‘Slopoly’ AI-Generated Malware Linked to Hive0163 Ransomware
Ransomware group Hive0163 is experimenting with a likely AI-generated malware framework, dubbed “Slopoly,” marking a visible shift toward AI-assisted tooling in attacks. While the malware itself is simple, its use shows how quickly threat actors can now generate and iterate on custom command-and-control clients using large language models (LLMs). Hive0163 is a financially motivated cluster…
-
45,000 malicious IP addresses taken down, 94 suspects arrested
An international law enforcement operation has taken down more than 45,000 malicious IP addresses and servers linked to phishing, malware, and ransomware activity. The action … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/16/interpol-operation-synergia-iii-cybercrime-infrastructure-takedown/
-
Payload Ransomware claims the hack of Royal Bahrain Hospital
The Payload Ransomware group claims to have breached the Royal Bahrain Hospital (RBH), a leading healthcare facility in Bahrain. The Payload Ransomware group claims to have hacked the Royal Bahrain Hospital (RBH) and stolen 110 GB of data. The ransomware gang added the healthcare facility to its Tor data leak site and published the images…
-
Global Authorities Take Down 45,000 Malicious IPs Used in Ransomware Campaigns
Tags: cyber, cybercrime, infrastructure, international, interpol, law, malicious, malware, phishing, ransomwareAn unprecedented international law enforcement effort has successfully dismantled a massive cybercrime network. Coordinated by INTERPOL, the initiative targeted critical infrastructure used in phishing, malware, and ransomware campaigns worldwide. Operation Synergia III Dubbed >>Operation Synergia III,<< the global crackdown took place between July 18, 2025, and January 31, 2026. The operation brought together law enforcement…
-
AiLock Ransomware Claims England Hockey Data Breach
England Hockey is investigating a potential cyberattack claimed by the AiLock ransomware group. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ailock-ransomware-claims-england-hockey-data-breach/
-
Trump’s Cyber Strategy Puts Private Sector on the Offensive
Bold Plan Raises Hard Questions About Execution, Liability and Oversight. The Trump administration’s national cyber strategy calls for a stronger partnership between the federal government and private companies, heralding a shift in the ways private enterprise could participate in offensive operations against nation-state adversaries, ransomware gangs and cybercriminals. First seen on govinfosecurity.com Jump to article:…
-
Interpol’s ‘Operation Synergia III’ Nets 94 Arrests in Major Cybercrime Sweep
A new law enforcement operation against phishing and ransomware operators led to the takedown of 45,000 malicious IP addresses First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/interpol-operation-synergia3-94/
-
Ransomware incident responder gave info to BlackCat cybercriminals during negotiations, DOJ alleges
U.S. prosecutors accused an incident responder of conducting cyberattacks and helping ransomware gangs negotiate higher payouts from the same victims he was working for. First seen on therecord.media Jump to article: therecord.media/ransomware-blackcat-doj-incident-responder
-
INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime
Tags: cybercrime, international, interpol, law, malicious, malware, network, phishing, ransomware, threatINTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used in connection with phishing, malware, and ransomware campaigns, as part of the agency’s ongoing efforts to dismantle criminal networks, disrupt emerging threats, and safeguard victims from scams.The effort is part of an international law enforcement operation that involved 72 countries and…
-
Analyse von Sophos – So wählen Ransomware-Gruppen ihre Opfer aus
First seen on security-insider.de Jump to article: www.security-insider.de/ransomware-angriffe-kleine-unternehmen-sophos-studie-a-bd7baf98b02d07a87df6c5e8b6e2e50f/
-
Veeam warns admins to patch now as critical RCE flaws hit Backup & Replication
Tags: access, backup, control, cve, data, exploit, flaw, group, infrastructure, ransomware, rce, remote-code-execution, update, veeam, vulnerabilityPatches are available: Veeam warned that organizations should apply the patched build promptly, noting that vulnerability disclosures frequently trigger attempts by attackers to reverse-engineer patches and develop exploits for unpatched systems.The issues were fixed in Veeam Backup & Replication 12.3.2.4465, and organizations running unsupported or older builds should assume they are vulnerable and upgrade immediately.…
-
Veeam warns admins to patch now as critical RCE flaws hit Backup & Replication
Tags: access, backup, control, cve, data, exploit, flaw, group, infrastructure, ransomware, rce, remote-code-execution, update, veeam, vulnerabilityPatches are available: Veeam warned that organizations should apply the patched build promptly, noting that vulnerability disclosures frequently trigger attempts by attackers to reverse-engineer patches and develop exploits for unpatched systems.The issues were fixed in Veeam Backup & Replication 12.3.2.4465, and organizations running unsupported or older builds should assume they are vulnerable and upgrade immediately.…
-
Veeam warns admins to patch now as critical RCE flaws hit Backup & Replication
Tags: access, backup, control, cve, data, exploit, flaw, group, infrastructure, ransomware, rce, remote-code-execution, update, veeam, vulnerabilityPatches are available: Veeam warned that organizations should apply the patched build promptly, noting that vulnerability disclosures frequently trigger attempts by attackers to reverse-engineer patches and develop exploits for unpatched systems.The issues were fixed in Veeam Backup & Replication 12.3.2.4465, and organizations running unsupported or older builds should assume they are vulnerable and upgrade immediately.…
-
AI-assisted Slopoly malware powers Hive0163’s ransomware campaigns
The Hive0163 group used AI-assisted malware called Slopoly to maintain persistent access in ransomware attacks. IBM X-Force researchers report that the financially motivated group Hive0163 is using AI-assisted malware named Slopoly to maintain persistent access during ransomware attacks, showing how threat actors can quickly build new malware frameworks using AI. Hive0163 is a threat actor…
-
Hive0163 Ransomware Operators Use AI-Generated Slopoly Malware
Researchers have identified a suspected case of AI-generated malware being used during a ransomware attack. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/slopoly-ai-generated-malware/
-
PsExec and Renamed Backup Tools Enabled Data Theft Before INC Ransomware Attack
A ransomware intrusion in which attackers used legitimate Windows tools and a renamed backup utility to quietly stage and exfiltrate sensitive data before deploying INC ransomware. The incident highlights how threat actors increasingly rely on “living off the land” techniques to evade detection and operate within compromised environments. Investigators later determined that the threat actor…
-
England Hockey investigating ransomware data breach
England Hockey, the governing body for field hockey in England, is investigating a potential data breach after the AiLock ransomware gang listed it as a victim on its data leak site. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/england-hockey-investigating-ransomware-data-breach/
-
AI-generated Slopoly malware used in Interlock ransomware attack
A new malware strain dubbed Slopoly, likely created using generative AI tools, allowed a threat actor to remain on a compromised server for more than a week and steal data in an Interlock ransomware attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-generated-slopoly-malware-used-in-interlock-ransomware-attack/
-
‘Systemic Risk’ Stalks Healthcare Sector
For the U.S. healthcare ecosystem, the 2024 ransomware attack on Change Healthcare proved to be a supply-chain earthquake in showcasing critical third-party risk that entities now must carefully and urgently consider, said Erik Decker, CISO of Intermountain Health and a federal cyber adviser. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/systemic-risk-stalks-healthcare-sector-i-5535
-
Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks
Cybersecurity researchers have disclosed details of a suspected artificial intelligence (AI)-generated malware codenamed Slopoly put to use by a financially motivated threat actor named Hive0163.”Although still relatively unspectacular, AI-generated malware such as Slopoly shows how easily threat actors can weaponize AI to develop new malware frameworks in a fraction of the time it used to…
-
Zscaler + CimTrak: Integrity-Driven Zero Trust for C2C
<div cla Across the first two blogs in this series, we confronted a hard truth: Cybersecurity doesn’t fail because organizations lack tools. It fails because it remains an open-loop system. Detection without enforcement. Visibility without control. Recovery without prevention. Frameworks like Zero Trust, Comply-to-Connect (C2C), and ransomware defense all stall at the same point: there…
-
Feds say another DigitalMint negotiator ran ransomware attacks and helped extort $75 million
Angelo Martino is accused of playing both sides, committing attacks and conducting ransomware negotiations on some of the same cases on behalf of his former employer. First seen on cyberscoop.com Jump to article: cyberscoop.com/digitalmint-ransomware-negotiator-arrest-angelo-martino-extortion/
-
Feds say another DigitalMint negotiator ran ransomware attacks and helped extort $75 million
Angelo Martino is accused of playing both sides, committing attacks and conducting ransomware negotiations on some of the same cases on behalf of his former employer. First seen on cyberscoop.com Jump to article: cyberscoop.com/digitalmint-ransomware-negotiator-arrest-angelo-martino-extortion/
-
Feds say another DigitalMint negotiator ran ransomware attacks and helped extort $75 million
Angelo Martino is accused of playing both sides, committing attacks and conducting ransomware negotiations on some of the same cases on behalf of his former employer. First seen on cyberscoop.com Jump to article: cyberscoop.com/digitalmint-ransomware-negotiator-arrest-angelo-martino-extortion/