Tag: ransomware
-
Ransomware gangs focus on winning hearts and minds
Ransomware-as-a-service operations are increasingly seeking to forge connections with employees, contractors and trusted partners of their target organisations as an alternative to straight-up hacking, says NCC. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366638772/Ransomware-gangs-focus-on-winning-hearts-and-minds
-
Frequently Asked Questions About Notepad++ Supply Chain Compromise
Tags: advisory, attack, backdoor, china, credentials, cve, cyber, cybercrime, defense, espionage, government, group, Hardware, infrastructure, malware, ransomware, security-incident, service, software, supply-chain, threat, update, vulnerability, windowsThreat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes. Key takeaways: Beginning in June 2025, threat actors compromised the infrastructure Notepad++ uses to distribute software updates. The issue has been addressed and Notepad++ have released 8.9.1 which now includes XML signature validation (XMLDSig) for security…
-
CISA updated ransomware intel on 59 bugs last year without telling defenders
GreyNoise’s Glenn Thorpe counts the cost of missed opportunities First seen on theregister.com Jump to article: www.theregister.com/2026/02/03/greynoise_cisa_ransomware_gripe/
-
Researchers Warn of New “Vect” RaaS Variant
A new ransomware-as-a-service operation dubbed “Vect” features custom malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/researchers-warn-new-vect-raas/
-
Everest Ransomware Claims 90GB Data Theft Involving Legacy Polycom Systems
Everest ransomware claims a breach involving legacy Polycom systems later acquired by HP Inc., alleging the theft of 90GB of internal data. First seen on hackread.com Jump to article: hackread.com/everest-ransomware-data-theft-legacy-polycom-system/
-
Was tun, wenn die Erpresser kommen?
Tags: access, ai, backup, bsi, cio, cyberattack, cybercrime, data, encryption, hacker, infrastructure, Internet, mail, password, phishing, ransomware, service, supply-chain, update, vulnerabilityRuhe bewahren und keine übereilten Sachen machen, empfiehlt Podcast-Gast Joanna Lang-Recht. intersoft consulting services AGMontagmorgen, 8:00 Uhr. Die Mitarbeitenden können sich nicht einloggen. Die Produktionsbänder stehen still, und auf den Bildschirmen prangen digitale Erpresserschreiben. Der Albtraum eines jeden CIOs ist wahr geworden: Ein Ransomware-Angriff hat den Betrieb lahmgelegt. Jetzt endet der Regelbetrieb, und der Ausnahmezustand…
-
Nitrogen Ransomware: ESXi malware has a bug!
Nitrogen ransomware was derived from the previously leaked Conti 2 builder code, and is similar to Nitrogen ransomware, but a coding mistake in the ESXi malware causes it to encrypt all the files with the wrong public key, irrevocably corrupting them. This means that even the threat actor is incapable of decrypting them, and that…
-
Cybercrime Enters a New Era as Autonomous AI Agents Take Center Stage
As of February 2026, enterprise defenders are no longer just battling human-operated ransomware groups or credential thieves. The frontline has shifted to a new class of threat: autonomous AI agents that plan, execute, adapt, and even reinvest their own criminal profits without direct human oversight. The convergence of OpenClaw (local runtime), Moltbook (agent collaboration network),…
-
Capital Health to Pay $4.5M in LockBit Breach Settlement
Class Action Stems From 2023 Ransomware Attack Affecting More Than 500,000. Capital Health, which operates hospitals and other facilities in New Jersey and Pennsylvania, agreed to pay $4.5 million to settle consolidated class action litigation involving a 2023 LockBit ransomware and data theft attack affecting more than a 500,000 patients and employees. First seen on…
-
FCC urges telecoms to boost cybersecurity amid growing ransomware threat
The commission said it was aware of ransomware disruptions at a growing number of small and medium-sized telecoms. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/fcc-telecommunications-ransomware-warning/811100/
-
How risk culture turns cyber teams predictive
Tags: access, compliance, control, credentials, cyber, cybersecurity, data-breach, detection, identity, intelligence, jobs, ransomware, resilience, risk, serviceRisk culture: What it is when you strip the slogans: People talk about culture like it’s soft. Posters. Values. A town hall with applause on cue.Culture is harder. Culture is what people do when nobody is watching, and when the clock is loud. Culture is what gets you the truth at 4 p.m., not at…
-
Hackers Target MongoDB Instances to Delete Databases and Plant Ransom Notes
Tags: attack, authentication, cyber, data-breach, exploit, extortion, hacker, Internet, ransom, ransomware, threatA widespread ransomware campaign targeting misconfigured MongoDB databases continues to compromise thousands of servers worldwide, with attackers exploiting internet-exposed instances that lack basic authentication controls. Recent research reveals that opportunistic threat actors are leveraging automated scripts to wipe databases and demand Bitcoin ransoms, turning configuration negligence into a scalable extortion operation. Attack Resurfaces After Years…
-
Wie Unternehmen Compliance für Cyberversicherungen erreichen können
Möglichkeiten zur Senkung der Versicherungsprämien. Der weltweite Markt für Cybersicherheitsversicherungen ist bis 2026 auf rund 20 Milliarden US-Dollar angewachsen ein Trend, der sich voraussichtlich fortsetzen wird, da immer stärker ausgefeilte Ransomware-Kampagnen, KI-gestützte Angriffe und der regulatorische Druck zunehmen. Da Cyberkriminalität im Jahr 2026 voraussichtlich wirtschaftliche Schäden in Höhe von Billionen US-Dollar verursachen wird,… First seen…
-
Top 10 Best DNS Filtering Solutions 2026
In 2026, the perimeter is gone. Your users are everywhere, and the >>castle and moat<< security model is obsolete. The most effective way to secure a hybrid workforce is through DNS filtering and Secure Access Service Edge (SASE). These tools act as the new control plane, stopping ransomware command-and-control (C2) callbacks and AI-driven phishing attacks…
-
FBI takes notorious RAMP ransomware forum offline
The FBI has seized control of RAMP, a notorious cybercrime online forum that bragged to be the only place that allowed ransomware, and boasted over 14,000 active users. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/fbi-takes-notorious-ramp-ransomware-forum-offline
-
Vibe-Coding-Verdacht: Ransomware-Panne mündet in totalem Datenverlust
Tags: ransomwareOpfer der Sicarii-Ransomware sollten besser kein Lösegeld zahlen. Die Daten lassen sich aufgrund eines Fehlers ohnehin nicht mehr entschlüsseln. First seen on golem.de Jump to article: www.golem.de/news/vibe-coding-verdacht-ransomware-panne-muendet-in-totalem-datenverlust-2601-204799.html
-
MongoDB Ransomware Is Still Actively Hitting Exposed Databases
MongoDB ransomware remains an active threat, fueled by exposed databases and insecure deployment practices rather than advanced exploits. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/mongodb-ransomware-is-still-actively-hitting-exposed-databases/
-
RAMP ransomware forum goes dark in probable FBI sting
RAMP, an infamous Russian-speaking cyber crime forum, has gone off the air after an apparent US operation. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366637992/RAMP-ransomware-forum-goes-dark-in-probable-FBI-sting
-
Marquis blames ransomware breach on SonicWall cloud backup hack
Marquis Software Solutions, a Texas-based financial services provider, is blaming a ransomware attack that impacted its systems and affected dozens of U.S. banks and credit unions in August 2025 on a security breach reported by SonicWall a month later. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/marquis-blames-ransomware-breach-on-sonicwall-cloud-backup-hack/
-
Matanbuchus Malware Evolves to Bypass AV Defenses by Swapping Core Components
Matanbuchus is a malicious C++-based downloader that has been sold as Malware-as-a-Service (MaaS) since 2020. Initially known as a simple loader for second-stage payloads, it has steadily evolved into a flexible backdoor platform that is increasingly tied to ransomware operations. In July 2025, researchers observed Matanbuchus version 3.0 in the wild, featuring redesigned components, stronger…
-
Notorious Russia-based RAMP cybercrime forum apparently seized by FBI
RAMP was used by Russian, Chinese and English-speaking cybercriminals and particularly catered to ransomware groups and their affiliates. First seen on therecord.media Jump to article: therecord.media/notorious-russia-based-ramp-forum-seized
-
How Can CISOs Respond to Ransomware Getting More Violent?
Ransomware defense requires focusing on business resilience. This means patching issues promptly, improving user education, and deploying multi-factor authentication. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/how-cisos-respond-ransomware-getting-more-violent
-
FBI Takes Down RAMP Ransomware Forum
The dark web forum administrator confirmed the takedown and said they had “no plans to rebuild” First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fbi-takes-down-ramp-ransomware/
-
Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups
Ransomware victims surged in Q4 2025 despite fewer active extortion groups, with data leaks rising 50%, ReliaQuest researchers report First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ransomware-numbers-rise-despite/
-
Schlag gegen Ransomware: FBI nimmt Cybergangstern ihr Forum weg
Das FBI hat ein vor allem an Ransomware-Hacker gerichtetes Cybercrime-Forum namens Ramp übernommen. Gründer war wohl ein alter Bekannter aus Russland. First seen on golem.de Jump to article: www.golem.de/news/schlag-gegen-ransomware-fbi-nimmt-cybergangstern-ihr-forum-weg-2601-204764.html
-
IR Trends Q4 2025: Exploitation remains dominant, phishing campaign targets Native American tribal organizations
A drop in exploitation and ransomware, but a spike in phishing and credential abuse, show why timely patching and robust MFA matter more than ever. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/ir-trends-q4-2025/
-
Ene, mene, muh? So wählen Ransomware-Gruppen ihre Opfer
Tags: ransomwareWer glaubt, Ransomware-Gruppen würden ihre Ziele akribisch nach Branchen, Standorten oder strategischer Bedeutung selektieren, liegt meist daneben. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/so-waehlen-ransomware-gruppen-opfer
-
Initial access hackers switch to Tsundere Bot for ransomware attacks
A prolific initial access broker tracked as TA584 has been observed using the Tsundere Bot alongside XWorm remote access trojan to gain network access that could lead to ransomware attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/initial-access-hackers-switch-to-tsundere-bot-for-ransomware-attacks/
-
Site catering to online criminals has been seized by the FBI
Tags: ransomwareOne of the last holdouts for ransomware discussions, RAMP is taken down. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/01/site-catering-to-online-criminals-has-been-seized-by-the-fbi/