Tag: ransomware
-
INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific
Tags: ai, cybercrime, cybersecurity, Internet, interpol, network, organized, phishing, ransomware, scamA new report from INTERPOL has revealed a “dramatic increase” in cybercrime in Asia and the South Pacific, fueled by rapid digitalization, internet penetration, new technologies, organized criminal networks, and a disparity in cybersecurity maturity.According to INTERPOL’s 2025/2026 Asia and South Pacific Cyberthreat Assessment Report, phishing has emerged as the most widespread and First seen…
-
Inside GentleKiller: The EDR-Killer Powering The Gentlemen
The Gentlemen equips affiliates with a centralized EDR-killer suite, rapidly weaponizing BYOVD exploits to disable security tools before ransomware attacks. ESET published a detailed breakdown of The Gentlemen’s technical infrastructure on June 18, the result of months of incident-level investigation corroborated by the group’s own internal data leak from May 2026. Since emerging in late…
-
New Prinz Eugen ransomware prioritizes recent files for encryption
A new ransomware operation named ‘Prinz Eugen’ prioritizes recently modified files for encryption and leaves no ransom note on the system. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-prinz-eugen-ransomware-prioritizes-recent-files-for-encryption/
-
Gentlemen RaaS Unifies HexKiller, ThrottleBlood, and HavocKiller in New Evasion Suite
An analysis of the Gentlemen ransomware-as-a-service (RaaS) operation has revealed a sophisticated, centralized approach to neutralizing endpoint detection and response (EDR) solutions. This unified defense evasion framework sets the group apart in an increasingly crowded ransomware landscape, significantly lowering the technical barrier for affiliates and driving the gang into the top five most active operations…
-
HIPAA’s No Joke: Gag Gift Firm’s Health Plan Pays $450K Fine
Investigation of Spencer’s Gifts Ransomware Breach Unearths Data Privacy Violations. The employer-sponsored health plan of novelty merchandise retailer Spencer Gift has paid a $450,000 HIPAA penalty and agreed to implement a corrective action plan to resolve findings of a federal breach investigation into a 2021 attack by now-defunct ransomware gang Conti. First seen on govinfosecurity.com…
-
Gentlemen-Ransomware hebelt EDR-Schutz aus
Die Erpressergruppe Gentlemen nutzt ein Arsenal an EDR-Killern wie GentleKiller, um Antiviren-Programme gezielt auszuschalten und Daten zu verschlüsseln. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/edr-schutz-gentlemen-ransomware
-
Von der Saat bis ins Regal Wie Ransomware-Angriffe die Lebensmittelindustrie bedrohen
Seit 2024 verzeichnen Sicherheitsbehörden und branchenspezifische Informationsnetzwerke eine deutliche Zunahme von Ransomware-Angriffen auf den Lebensmittel- und Agrarsektor. Besonders im Fokus stehen dabei OT-Umgebungen also genau jene Systeme, die den kontinuierlichen Betrieb in landwirtschaftlichen Betrieben und Produktionsanlagen sicherstellen. Für OT-Verantwortliche in der Lebensmittelproduktion sowie in der modernen Landwirtschaft bedeutet das: Cybersicherheit ist nicht länger eine […]…
-
INC Ransomware Uses Double Extortion and Printer Ransom Notes to Pressure Victims
INC has matured from an emerging RaaS operation into one of 2026’s most active ransomware families, claiming more than 800 victims since 2023 and capitalizing on disruption among competitors to expand its affiliate base. The group’s recent campaigns demonstrate both incremental tooling refinement and novel pressure tactics: double extortion of stolen data combined with automated…
-
The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes
The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response (EDR) killers that it hands out to affiliates for impairing system defenses before deploying the encryptor.This mature portfolio of EDR-terminating tools is centered around a framework that’s known as GentleKiller.”They also incorporate third-party or First seen on thehackernews.com…
-
Operation Endgame Disrupts Malware Network Linked to Major Ransomware Gang
SocGholish malware has been removed from 15,000 sites associated with Evil Corp hackers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/operation-endgame-socgholish-evil/
-
Ransomware in der Lebensmittelindustrie: OT-Sicherheit wird zum kritischen Faktor
Tags: ransomwareBesonders kritisch bleibt der Umgang mit Altanlagen. Viele Maschinen in der Lebensmittelproduktion sind über Jahrzehnte im Einsatz. Häufig laufen sie mit veralteten Betriebssystemen First seen on infopoint-security.de Jump to article: www.infopoint-security.de/ransomware-in-der-lebensmittelindustrie-ot-sicherheit-wird-zum-kritischen-faktor/a45549/
-
Gentlemen ransomware uses multiple EDR killers to disable defenses
The Gentlemen ransomware-as-a-service (RaaS) is actively developing and maintaining a suite of endpoint detection and response (EDR) killers to help affiliates evade detection in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/gentlemen-ransomware-uses-multiple-edr-killers-to-disable-defenses/
-
Multimillion-Dollar Settlement Reached in MCNA Dental Hack
2023 LockBit Attack Affected Nearly 9M People, Including Children. MCNA Dental, one of the largest providers of U.S. government-sponsored dental benefits to children, has agreed to a proposed multimillion dollar settlement to resolve class action claims stemming from a 2023 LockBit ransomware attack and data theft that affected nearly 9 million people. First seen on…
-
Breach Roundup: ShinyHunters Leaks 26M MSG Records
Tags: attack, breach, cisa, cybersecurity, data, data-breach, email, leak, linux, ransomware, russia, supply-chainAlso, Arch Linux Attack, Estonia Quarantines Russian Emails, Joomla Flaw. This week, ShinyHunters leaked alleged Madison Square Garden data, a U.S. senator pressed CISA on regional staffing cuts, an Arch Linux supply-chain attack, Mackay Sugar began recovery from a ransomware attack, Novo Nordisk faced dueling breach claims – and more compelling cybersecurity news. First seen…
-
Operation Endgame Disrupts SocGholish Malware Network Tied to Ransomware Attacks
Operation Endgame disrupted the SocGholish malware network, taking down more than 100 servers and domains. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/operation-endgame-disrupts-socgholish-malware-network-tied-to-ransomware-attacks/
-
Australian sugar producer works to restore operations as ransomware group claims attack
Mackay Sugar said it was “working urgently” to verify claims that a highly active ransomware group was behind a cyberattack that shut down harvesting and milling operations. First seen on therecord.media Jump to article: therecord.media/mackay-sugar-cyberattack-claimed-gentlemen
-
INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023
Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most prolific cybercrime groups in 2026, claiming no less than 830 victims since August 2023.”The disruption of LockBit and the shutdown of BlackCat created opportunities for INC to expand as affiliates migrated to alternative ransomware operations,” Acronis…
-
DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic
Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control (C2) traffic inside Microsoft Teams relay infrastructure.According to findings from Broadcom-owned Symantec and Carbon Black, the backdoor was deployed against a major U.S. services firm. The name of the company was First…
-
DragonForce Ransomware Abused Microsoft Teams to Hide Malware Activity
DragonForce ransomware abused Microsoft Teams relay systems to hide a custom backdoor, steal files and encrypt systems at a US services firm. First seen on hackread.com Jump to article: hackread.com/dragonforce-ransomware-microsoft-teams-malware/
-
DragonForce Ransomware Abused Microsoft Teams to Hide Malware Activity
DragonForce ransomware abused Microsoft Teams relay systems to hide a custom backdoor, steal files and encrypt systems at a US services firm. First seen on hackread.com Jump to article: hackread.com/dragonforce-ransomware-microsoft-teams-malware/
-
Microsoft Teams als Tarnung: Ransomware-Bande versteckt Datenverkehr
Die DragonForce-Ransomware nutzt eine Schwachstelle in Microsoft Teams, um den Datenverkehr zu ihren Steuerungsservern unbemerkt zu tarnen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/teams-ransomware
-
Attackers drop DragonForce ransomware leveraging MS Teams relay systems
Tags: ransomwareFirst seen on scworld.com Jump to article: www.scworld.com/news/attackers-drop-dragonforce-ransomware-leveraging-ms-teams-relay
-
The Gentlemen Ransomware Gang Standardizes EDR Killing
Eset Links Group’s Growth to Integrated Endpoint-Killing Tools. Eset researchers say the rapidly growing Gentlemen ransomware operation differentiates itself by supplying affiliates with a standardized EDR-killer suite that disables security tools, quickly incorporates newly disclosed vulnerable drivers and helps scale attacks across multiple regions worldwide. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/gentlemen-ransomware-gang-standardizes-edr-killing-a-32007
-
GentleKiller targets more than 400 security processes across 48 products
Most ransomware operations leave the work of disabling endpoint security software to their affiliates. The ransomware-as-a-service gang Gentlemen runs a different model. Its … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/18/eset-gentlemen-edr-killers/
-
INC Ransomware Thrives by Mastering the Basics
Tags: ransomwareAnd one of those basics is focusing on sectors where a ransomware disruption creates immediate pressure to pay up, like with healthcare. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/inc-ransomware-thrives-by-mastering-the-basics
-
DragonForce Hid Inside Microsoft Teams and Nobody Noticed for Two Months
DragonForce hid for months by routing malware traffic through Microsoft Teams infrastructure, masking C2 activity and evading network detection. DragonForce ransomware operators hit a major U.S. services firm and stayed hidden for one to two months by routing their command-and-control traffic through Microsoft’s own Teams relay servers. Symantec’s threat hunters tracked the custom backdoor they…
-
Cybercriminals Are Targeting EdTech: Data Breaches and Ransomware Attacks on the Rise
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/cybercriminals-are-targeting-edtech-data-breaches-and-ransomware-attacks-on-the-rise
-
CISA Issues Alert on Oracle PeopleSoft Vulnerability Exploited by Ransomware Groups
Tags: authentication, cisa, control, cve, cyber, cybersecurity, exploit, flaw, group, infrastructure, oracle, ransomware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools, identified as CVE-2026-35273. This vulnerability, categorized as CWE-306 (Missing Authentication for Critical Function), allows unauthenticated attackers to gain full control of vulnerable PeopleSoft environments. According to CISA, this flaw…
-
CISA Issues Alert on Oracle PeopleSoft Vulnerability Exploited by Ransomware Groups
Tags: authentication, cisa, control, cve, cyber, cybersecurity, exploit, flaw, group, infrastructure, oracle, ransomware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools, identified as CVE-2026-35273. This vulnerability, categorized as CWE-306 (Missing Authentication for Critical Function), allows unauthenticated attackers to gain full control of vulnerable PeopleSoft environments. According to CISA, this flaw…
-
DragonForce ransomware uses Microsoft Teams for covert command and control
First seen on scworld.com Jump to article: www.scworld.com/brief/dragonforce-ransomware-uses-microsoft-teams-for-covert-command-and-control