Tag: ransomware
-
Critical Flaw Turns Vect Ransomware into Data Destroying Wiper
The Vect 2.0 ransomware wipes large files instead of merely encrypting them, making recovery impossible even for the attackers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/critical-flaw-vect-ransomware-data/
-
VECT 2.0 Ransomware Wipes Large Files Across Windows, Linux ESXi
The “new” VECT 2.0 ransomware is essentially a cross”‘platform data wiper that permanently destroys most enterprise files rather than encrypting them for recovery. For any file larger than 131,072 bytes (128 KB), VECT processes four separate chunks using four different randomly generated ChaCha20″‘IETF nonces, but only writes the last nonce to disk at the end…
-
Entschlüsselung unmöglich: Ransomware-Panne führt zu Datenverlust
Tags: ransomwareWer der Vect-Ransomware zum Opfer fällt, sollte nicht mit einer Datenrettung per Lösegeldzahlung rechnen. Ein Bug vernichtet einen Großteil der Daten. First seen on golem.de Jump to article: www.golem.de/news/datenverlust-durch-bug-ransomware-panne-macht-verschluesselte-daten-unbrauchbar-2604-208141.html
-
Betting on Cybercrime Prediction Markets and Hacking
Cybercriminals are evolving from stealing data to “shaping the future” by leveraging prediction markets. By exploiting early access to disclosures, manipulating sensor data, or timing ransomware leaks to coincide with market bets, attackers can transform illegal access into guaranteed financial gains. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/betting-on-cybercrime-prediction-markets-and-hacking/
-
Vect 2.0 RaaS Expands Attacks Across Windows, Linux, and ESXi
Vect 2.0 Ransomware”‘as”‘a”‘Service (RaaS) operation is rapidly evolving into a multi”‘platform threat that can encrypt Windows, Linux, and VMware ESXi environments across modern hybrid infrastructures. The group runs a classic affiliate model, renting out its ransomware and TOR”‘based infrastructure to partners in exchange for a share of ransom payments. Its operators are strongly suspected to be…
-
Vect ransomware actually destructive wiper malware
Analysis of a new form of ransomware called Vect has uncovered a serious flaw that breaks its core functionality and turns it from a locker to a wiper. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366642421/Vect-ransomware-actually-destructive-wiper-malware
-
Broken VECT 2.0 ransomware acts as a data wiper for large files
Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/broken-vect-20-ransomware-acts-as-a-data-wiper-for-large-files/
-
Feuding Ransomware Groups Leak Each Other’s Data
When 0APT and KryBit attacked each other, they exposed infrastructure and operational data, giving defenders rare insight into ransomware operations. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/feuding-ransomware-groups-leak-data
-
VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi
Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that renders recovery impossible even for the threat actors.The fact that VECT’s locker permanently destroys large files rather than encrypting…
-
VECT: Ransomware by design, Wiper by accident
ey Takeaways Background VECT Ransomware is a Ransomware-as-a-Service (RaaS) program that made its first appearance in December 2025 on a Russian-language cybercrime forum. After claiming their first two victims in January 2026, the group got back into the public eye due to an announcement of a partnership with TeamPCP, the actor behind several supply-chain attacks…
-
Ransomware Turf War as 0APT and KryBit Groups Trade Blows
Ransomware groups 0APT and KryBit have doxxed each other online First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ransomware-turf-war-0apt-krybit/
-
Drei RaaS-Gruppen dominieren Deutschlands Bedrohungslandschaft – Ransomware trifft Deutschland in Produktion, Dienstleistung und Handel
First seen on security-insider.de Jump to article: www.security-insider.de/ransomware-deutschland-produktion-raas-gruppen-a-ad5be19861d7eeb80970fb059c00d4c6/
-
As the NVD scales back CVE enrichment, here’s what Tenable customers need to know
Tags: access, ai, cisa, cloud, cve, cvss, data, data-breach, exploit, infrastructure, intelligence, kev, metric, mitre, nist, nvd, ransomware, risk, software, strategy, technology, threat, vulnerability, vulnerability-management, zero-dayNIST’s shift toward selective CVE enrichment creates significant visibility gaps for teams relying solely on the National Vulnerability Database. As AI accelerates vulnerability disclosure rates, organizations need independent, high-fidelity intelligence to prioritize risks that the NVD may now overlook. Key takeaways NIST is pivoting to a prioritized enrichment model, focusing only on specific criteria like…
-
Cyberkriminelle zielen auf den Fertigungssektor ab
Ein Bericht von Check-Point-Exposure-Management zur Bedrohungslage in der Fertigungsindustrie zeigt eine drastische Zunahme von Ransomware, Angriffen auf die Lieferkette und OT-bezogenen Cybervorfällen. Mit der zunehmenden Verbreitung intelligenter Fabriken und vernetzter Lieferketten ändern Angreifer ihre Taktiken, um Störungen, finanziellen Druck und geopolitische Auswirkungen zu maximieren. Die Fertigungsindustrie ist mittlerweile weltweit die am stärksten von Ransomware betroffene…
-
Trigona ransomware adopts custom tool to steal data and evade detection
Trigona ransomware now uses a custom command-line tool to steal data faster and evade detection, replacing tools like Rclone and MegaSync. Symantec researchers report that recent Trigona ransomware attacks used a custom-built data exfiltration tool instead of common utilities like Rclone or MegaSync. This shift, seen in March 2026 incidents, gives attackers more control and…
-
‘Payouts King”: Die Erben von BlackBasta formieren sich neu
Tags: ransomwareNach dem plötzlichen Ende der bekannten Ransomware-Gruppe BlackBasta Anfang 2025 ist die Bedrohung keineswegs verschwunden. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/payouts-king-erben-von-blackbasta
-
Poor Risk Analysis Cost 4 Firms $1.7 Million in HIPAA Fines
HHS OCR Breach Investigators Again Find All-Too-Common Risk Analysis Failures. Faulty or non-existent security risk analyses cost a medical imaging provider, a women’s healthcare group, a health plan and a third-party insurance administrator a collective $1.7 million in fines after federal regulators concluded they didn’t do enough to prevent ransomware attacks. First seen on govinfosecurity.com…
-
Ransomware Gang Unveils Custom Data-Theft Tool
Ransomware operators introduced a custom-built data exfiltration tool, signaling a notable evolution in attack techniques. Unlike most ransomware groups that rely on publicly available utilities such as Rclone or MegaSync, Trigona affiliates are now using a proprietary tool to steal sensitive data with greater precision and stealth. Trigona, active since late 2022, operates as a…
-
Breach Roundup: Myanmar Scam Compound Managers Charged
Also, Europol Cracks DDoS Networks, Mythos Finds Bugs, France Portal Hit. This week, scam compounds. Attackers exploit flaws pre-disclosure. A crackdown on DDoS-for-hire. No Mythos for CISA, yes for Mozilla. France ID portal breach. Israeli and Venezuelan critical infrastructure targeted. Russian hacking in Ukraine. An Apache flaw. A ransomware negotiator aided BlackCat. First seen on…
-
In a first, a ransomware family is confirmed to be quantum-safe
Tags: ransomwareTechnically speaking, there’s no practical benefit to use PQC. So why is it being used? First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/now-even-ransomware-is-using-post-quantum-cryptography/
-
3 practical ways AI threat detection improves enterprise cyber resilience
Legitimate admin activity and malicious behavior often look similar without contextHybrid environments generate fragmented telemetry that rule sets can’t correlateLean teams don’t have time to manually connect the dots across systemsPlatforms like Adlumin MDR apply behavioral models and automated triage to suppress low”‘value alerts and elevate incidents that actually matter. Fewer alerts, better context, and…
-
3 practical ways AI threat detection improves enterprise cyber resilience
Legitimate admin activity and malicious behavior often look similar without contextHybrid environments generate fragmented telemetry that rule sets can’t correlateLean teams don’t have time to manually connect the dots across systemsPlatforms like Adlumin MDR apply behavioral models and automated triage to suppress low”‘value alerts and elevate incidents that actually matter. Fewer alerts, better context, and…
-
Trigona ransomware attacks use custom exfiltration tool to steal data
Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more efficiently. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trigona-ransomware-attacks-use-custom-exfiltration-tool-to-steal-data/
-
RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace
Leaked data from RAMP reveals Russia’s ransomware ecosystem, analyzing 1,732 threads, 7,707 users, and 340,000 IP records from the forum. RAMP was not just another dark web forum. It was one of the clearest examples of how ransomware has become an organized marketplace, with sellers, buyers, brokers, and recruiters all playing different roles in the…
-
Unterhändler sollte Unternehmen nach Ransomware-Angriffen helfen aber unterstützte heimlich die Hacker
First seen on t3n.de Jump to article: t3n.de/news/unternehmen-bei-ransomware-angriffen-helfen-hacker-unterstuetzt-1739462/
-
Ransomware, fraud, and lawsuits drive cyber insurance claims to new peaks
The 2026 InsurSec Report from At-Bay, covering more than 100,000 policy years of claims data, documents a 7% year-over-year rise in overall claim frequency and an all-time … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/23/cyber-insurance-claims-report/
-
‘The Gentlemen’ Rapidly Rises to Ransomware Prominence
Tags: ransomwareNot nearly as polite as the name suggests, the ransomware gang has impressed researchers with its speed in scaling up operations, and its sophistication. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/gentlemen-rapidly-rise-ransomware
-
Kyber ransomware gang toys with post-quantum encryption on Windows
A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum encryption. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/kyber-ransomware-gang-toys-with-post-quantum-encryption-on-windows/
-
5 zentrale Schwachstellen gefährden die IT-Sicherheitslage im Mittelstand
Ransomware, Phishing, gestohlene Zugangsdaten: Cyberangriffe verursachen im Mittelstand regelmäßig spürbaren wirtschaftlichen Schaden. Der aktuelle ‘Cyber-Risikocheck für den Mittelstand” von Trufflepig IT-Forensics, dem spezialisierten Cybersecurity-Partner für den gehobenen Mittelstand und den öffentlichen Sektor im DACH-Raum, zeigt auf Basis von 273 realen Angriffssimulationen (Penetrationstests) in mittelständischen DACH-Unternehmen, wo sich Angreifern die vielversprechendsten Einfallstore bieten. Besonders relevant für…
-
Former Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber Gang
A former ransomware negotiator has pleaded guilty to abusing his position by working with noted cybercrime group BlackCat First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/former-ransomware-negotiator/