Tag: ransomware
-
Writing Ransomware Using AI to Get Rich? Don’t Bet the Farm
Attackers that want to use artificial intelligence tools to build ransomware or help run their cyber operations risk getting much less than they bargained for, said security expert Candid Wuest, in part because they’ll still rely on known tactics that can be readily spotted and blocked. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/writing-ransomware-using-ai-to-get-rich-dont-bet-farm-i-5523
-
Ransomware in Großunternehmen Bessere Abwehr, sinkende Kosten aber weiterhin konstanter Druck auf die IT
Ransomware ist nach wie vor eine der größten Sicherheitsherausforderungen für Unternehmen. Das zeigt der aktuelle ‘State of Ransomware in Enterprise 2025″ Report von Sophos, der erstmals gezielt die Erfahrungen großer Organisationen auswertet. Die gute Nachricht: Die Abwehr wird effektiver. Die schlechte: Die Angriffe bleiben hartnäckig und der Druck auf die IT-Teams wächst weiter. Der Report […]…
-
Picus Red Report 2026 Shows Attackers Favor Stealth Over Disruption
The Picus Red Report 2026 shows attackers shifting from ransomware to stealthy, long-term access techniques. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/picus-red-report-2026-shows-attackers-favor-stealth-over-disruption/
-
Sophos Studie beleuchtet Ransomware-Erfahrungen in Großunternehmen
Die Ergebnisse basieren auf einer unabhängigen Umfrage unter 3.400 IT- und Cybersicherheitsverantwortlichen in 17 Ländern. Die Studie wurde 2025 vom Forschungsinstitut Vanson Bourne im Auftrag von Sophos durchgeführt. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-studie-beleuchtet-ransomware-erfahrungen-in-grossunternehmen/a43658/
-
Phorpiex Phishing Delivers Low-Noise Global Group Ransomware
High-volume phishing campaign delivers Phorpiex malware via malicious Windows Shortcut files First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phorpiex-phishing-global-group/
-
Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools
Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself.BYOVD refers to an adversarial technique that abuses legitimate but flawed driver software to escalate privileges and disable Endpoint Detection First seen…
-
Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools
Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself.BYOVD refers to an adversarial technique that abuses legitimate but flawed driver software to escalate privileges and disable Endpoint Detection First seen…
-
From Ransomware to Residency: Inside the Rise of the Digital Parasite
Are ransomware and encryption still the defining signals of modern cyberattacks, or has the industry been too fixated on noise while missing a more dangerous shift happening quietly all around them?According to Picus Labs’ new Red Report 2026, which analyzed over 1.1 million malicious files and mapped 15.5 million adversarial actions observed across 2025, attackers…
-
Windows shortcut weaponized in Phorpiex-linked ransomware campaign
Phorpiex as the distribution layer: Forcepoint attributed the email distribution in this campaign to the Phorpiex botnet, also known as Trik. Phorpiex has been operating for more than a decade and is known for maintaining a large global footprint capable of delivering spam at scale. In this campaign, infected systems within the botnet are used…
-
Windows shortcut weaponized in Phorpiex-linked ransomware campaign
Phorpiex as the distribution layer: Forcepoint attributed the email distribution in this campaign to the Phorpiex botnet, also known as Trik. Phorpiex has been operating for more than a decade and is known for maintaining a large global footprint capable of delivering spam at scale. In this campaign, infected systems within the botnet are used…
-
Senegal shuts National ID office after ransomware attack
Senegal closed its national ID card office after a ransomware cyberattack disrupted ID, passport, and biometric services. Senegal confirmed a cyberattack on the Directorate of File Automation, the government office that manages national ID cards, passports, and biometric data. After ransomware claims surfaced, authorities temporarily closed the office to contain the incident. The agency warned…
-
Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server
SmarterTools confirmed last week that the Warlock (aka Storm-2603) ransomware gang breached its network by exploiting an unpatched SmarterMail instance.The incident took place on January 29, 2026, when a mail server that was not updated to the latest version was compromised, the company’s Chief Commercial Officer, Derek Curtis, said.”Prior to the breach, we had approximately…
-
Attackers Weaponize Windows Shortcut Files to Deploy Global Group Ransomware
A high-volume phishing campaign leveraging the Phorpiex botnet has been distributing GLOBAL GROUP ransomware through weaponized Windows shortcut files. The attack begins with an email attachment named Document.doc.lnk. Windows’ default behavior of hiding known file extensions makes this shortcut appear as a legitimate Word document to unsuspecting users. Attackers enhance deception by borrowing icons from…
-
Threat Actors Using Ivanti EPMM Flaws to Install Stealth Backdoors
A sophisticated new cyber campaign has been detected targeting Ivanti Endpoint Manager Mobile (EPMM) systems. Starting on February 4, 2026, threat actors began exploiting two critical vulnerabilities, CVE-2026-1281 and CVE-2026-1340, to plant dormant backdoors. Unlike typical attacks that immediately steal data or deploy ransomware, this campaign focuses on silence and persistence. Stealth Backdoors The attackers…
-
‘Reynolds’ Bundles BYOVD With Ransomware Payload
Researchers discovered a newly disclosed vulnerable driver embedded in Reynolds’ ransomware, illustrating the increasing popularity of the defense-evasion technique. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/black-basta-bundles-byovd-ransomware-payload
-
Warlock Gang Breaches SmarterTools Via SmarterMail Bugs
The ransomware group breached SmarterTools through a vulnerability in the company’s own SmarterMail product. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/warlock-gang-breaches-smartertools-smartermail-bugs
-
Hackers Deliver Global Group Ransomware Offline via Phishing Emails
Global Group ransomware is delivered through phishing emails and can encrypt files offline without any internet connection. First seen on hackread.com Jump to article: hackread.com/hackers-global-group-ransomware-offline-phishing-emails/
-
McLaren Health Will Pay $14M to Settle Lawsuits in 2 Attacks
2023 and 2024 Ransomware Breaches Affected More Than 2.5M. Michigan-based McLaren Health Care has agreed to pay $14 million to settle consolidated class action litigation involving two ransomware attacks – allegedly by Alphv/BlackCat in 2023 and by Inc Ransom in 2024 – that affected about 2.5 million patients and employees. First seen on govinfosecurity.com Jump…
-
Black Basta Bundles BYOVD With Ransomware Payload
Researchers discovered a newly disclosed vulnerable driver embedded in Black Basta’s ransomware, illustrating the increasing popularity of the defense-evasion technique. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/black-basta-bundles-byovd-ransomware-payload
-
Senegal confirms breach of national ID card department after ransomware claims
A cybersecurity incident affecting the government of Senegal has forced the closure of an office tasked with managing sensitive information, including national ID cards, passports and other biometric data. First seen on therecord.media Jump to article: therecord.media/senegal-breach-national-id-agency
-
Hackers breach SmarterTools network using flaw in its own software
SmarterTools confirmed last week that the Warlock ransomware gang breached its network after compromising an email system, but did not impact business applications or account data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-breach-smartertools-network-using-flaw-in-its-own-software/
-
Ransomware group breached SmarterTools via flaw in its SmarterMail deployment
SmarterTools, the company behind the popular Microsoft Exchange alternative SmarterMail, has been breached by a ransomware-wielding group that leveraged a recently fixed … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/09/smartertools-breach-smartermail-vulnerability/
-
Payment tech provider for Texas, Florida governments working with FBI to resolve ransomware attack
BridgePay Network Solutions initially warned customers on Friday that it was dealing with system-wide outages and later said that it was working with the FBI and U.S. Secret Service forensic team to resolve a ransomware attack. First seen on therecord.media Jump to article: therecord.media/payment-tech-provider-texas-florida-govs-ransomware-attack
-
BridgePay Ransomware Causes Widespread Payment Outages
A ransomware attack on BridgePay caused widespread U.S. payment outages, forcing some organizations to go cash-only. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/bridgepay-ransomware-causes-widespread-payment-outages/
-
BridgePay Confirms Ransomware Attack, No Card Data Compromised
The services of Florida-based payments platform BridgePay are offline due to a ransomware attack First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/bridgepay-confirms-ransomware/
-
Detecting Ransomware Using Windows Minifilters to Intercept File Change Events
Tags: cyber, detection, encryption, endpoint, github, malicious, ransomware, strategy, tool, windowsA security researcher has released a new proof-of-concept (PoC) tool on GitHub designed to stop ransomware at the deepest level of the operating system. Part of a broader Endpoint Detection and Response (EDR) strategy named >>Sanctum,<< the project demonstrates how defenders can use Windows Minifilters to detect and intercept malicious file encryption before it destroys…
-
Black Basta Ransomware Integrates BYOVD Technique to Evade Defenses
A recent campaign by the Black Basta ransomware group has revealed a significant shift in attack tactics. This is a departure from standard operations, where attackers typically deploy a separate tool to turn off security software before running the actual ransomware. In this specific campaign, the ransomware payload bundles a vulnerable driver known as the…
-
Payments platform BridgePay confirms ransomware attack behind outage
A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services. The incident began on Friday and quickly escalated into a nationwide disruption across BridgePay’s platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/payments-platform-bridgepay-confirms-ransomware-attack-behind-outage/
-
Payments platform BridgePay confirms ransomware attack behind outage
A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services. The incident began on Friday and quickly escalated into a nationwide disruption across BridgePay’s platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/payments-platform-bridgepay-confirms-ransomware-attack-behind-outage/
-
CISA warns of SmarterMail RCE flaw used in ransomware attacks
Tags: attack, cisa, cve, cybersecurity, flaw, infrastructure, ransomware, rce, remote-code-executionThe Cybersecurity & Infrastructure Security Agency (CISA) in the U.S. has issued a warning about CVE-2026-24423, an unauthenticated remote code execution (RCE) flaw in SmarterMail that is used in ransomware attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-smartermail-rce-flaw-used-in-ransomware-attacks/