Tag: ransomware
-
Three Factors Determine Whether a Ransomware Group is Successful
ReliaQuest’s Threat Spotlight: How Automation, Customization, and Tooling Signal Next Ransomware exposes how elite Ransomware-as-a-Service (RaaS) groups thrive. Automation, advanced tools, and attack customization attract top affiliates and drive faster, more effective ransomware operations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/three-factors-determine-whether-a-ransomware-group-is-successful/
-
Qilin Ransomware Exploits MSPaint and Notepad to Locate Sensitive Files
In the latter half of 2025, the Qilin ransomware group has solidified its standing as a formidable threat, continuing to post details of more than 40 victims per month on its public leak site. This rapid, relentless campaign”, primarily impacting manufacturing, professional and scientific services, and wholesale trade”, has propelled Qilin among the world’s most…
-
Qilin Ransomware Exploits MSPaint and Notepad to Locate Sensitive Files
In the latter half of 2025, the Qilin ransomware group has solidified its standing as a formidable threat, continuing to post details of more than 40 victims per month on its public leak site. This rapid, relentless campaign”, primarily impacting manufacturing, professional and scientific services, and wholesale trade”, has propelled Qilin among the world’s most…
-
Uncovering Qilin attack methods exposed through multiple cases
Cisco Talos investigated the Qilin ransomware group, uncovering its frequent attacks on the manufacturing sector, use of legitimate tools for credential theft and data exfiltration, and sophisticated methods for lateral movement, evasion, and persistence. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/uncovering-qilin-attack-methods-exposed-through-multiple-cases/
-
Everest Ransomware Says It Stole 1.5M Dublin Airport Passenger Records
Everest ransomware group claims to have stolen 1.5 million passenger records from Dublin Airport and personal data of 18,000 Air Arabia employees in latest breaches. First seen on hackread.com Jump to article: hackread.com/everest-ransomware-dublin-airport-passenger-data/
-
Safepay ransomware group claims the hack of professional video surveillance provider Xortec
Safepay group claims the hack of professional video surveillance provider Xortec and added the company to its data leak site. The Safepay group claimed responsibility for hacking German video surveillance provider Xortec and listed the company on its data leak site. The ransomware payment deadline is October 27, 2025. Xortec GmbH, based in Frankfurt with…
-
Schneider Electric Opfer der Oracle E-Business Suite 0-day Schwachstelle CVE-2025-61882
Nutzer der Oracle Oracle E-Business Suite (EBS) werden seit Juli 2025 über eine erst am 4. Oktober 2025 gepatchte 0-day-Schwachstelle CVE-2025-61882 erfolgreich angegriffen. Inzwischen werden die Namen von Opfern bekannt. So ist Schneider Electric Opfer der Clop-Ransomware-Gruppe geworden, die die … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/24/oracle-e-business-suite-0-day-schwachstelle-cve-2025-61882/
-
Everest Ransomware Claims ATT Careers Breach with 576K Records
Everest ransomware group claims a breach of ATT Careers, alleging theft of 576,000 applicant and employee records locked behind a password-protected listing. First seen on hackread.com Jump to article: hackread.com/everest-ransomware-att-careers-breach/
-
UK ramps up ransomware fightback with supply chain security guide
Multinational guidance, developed by the UK and Singapore, is designed to help organisations reinforce their supply chain against ransomware attacks First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366633558/UK-ramps-up-ransomware-fightback-with-supply-chain-security-guide
-
Top 10 Best Security Operations Center (SOC) as a Service Providers in 2025
In 2025, the digital landscape is more complex and perilous than ever. Organizations face an unrelenting barrage of sophisticated cyber threats, from advanced ransomware campaigns to nation-state-backed attacks. As a result, many are turning to SOC as a Service Providers to gain around-the-clock security monitoring, threat detection, and incident response without the overhead of building…
-
New LockBit Ransomware Victims Identified by Security Researchers
Check Point has identified a dozen attacks in September that bore the LockBit stamp, with half of them attributed to the group’s new ransomware version First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/new-lockbit-ransomware-victims/
-
LockBit 5.0 Targets Windows, Linux, and ESXi Systems in Ongoing Attacks
After months of disruption following Operation Cronos in early 2024, the notorious LockBit ransomware group has resurfaced with renewed vigor and a formidable new arsenal. In September 2025 alone, researchers identified a dozen organizations targeted by the revived operation. Particularly alarming is the rapid adoption of the new LockBit 5.0 variant, which accounted for half…
-
Counter Ransomware Initiative stresses importance of supply-chain security
As cybercriminals increasingly exploit third-party products to deploy ransomware against organizations, a global coalition is urging companies to pay more attention to their software supply chains. First seen on therecord.media Jump to article: therecord.media/counter-ransomware-initiative-software-supply-chain-guidance
-
Ransomware Actors Targeting Global Public Sectors and Critical Infrastructure
The public sector faces an unprecedented cybersecurity crisis as ransomware actors intensify their assault on government entities worldwide. According to Trustwave’s SpiderLabs research team, nearly 200 public sector organizations have been struck with ransomware in 2025 alone, with Babuk and Qilin emerging as the most prolific threat groups driving this surge in attacks against critical…
-
Ransomware recovery perils: 40% of paying victims still lose their data
Tags: access, attack, authentication, backup, breach, business, ceo, crypto, cyber, cybersecurity, data, data-breach, encryption, extortion, finance, GDPR, group, incident response, insurance, leak, mfa, privacy, ransom, ransomware, resilience, risk, risk-management, service, threat, updateAdditional recovery pressures: Modern ransomware attacks now routinely involve double or triple extortion whereby attackers threaten to leak stolen data or launch distributed denial of service (DDoS) attacks even after payment.This fundamentally changes the calculus on what victims can expect in cases where they decide to make a ransomware payment, which more often than not…
-
Ransomware recovery perils: 40% of paying victims still lose their data
Tags: access, attack, authentication, backup, breach, business, ceo, crypto, cyber, cybersecurity, data, data-breach, encryption, extortion, finance, GDPR, group, incident response, insurance, leak, mfa, privacy, ransom, ransomware, resilience, risk, risk-management, service, threat, updateAdditional recovery pressures: Modern ransomware attacks now routinely involve double or triple extortion whereby attackers threaten to leak stolen data or launch distributed denial of service (DDoS) attacks even after payment.This fundamentally changes the calculus on what victims can expect in cases where they decide to make a ransomware payment, which more often than not…
-
Linux RATs on Windows: Ransomware Actors Target VMware Deployments
The Agenda ransomware group has evolved its attack methodology with a sophisticated technique that deploys Linux ransomware variants directly on Windows systems, challenging traditional endpoint security controls. The attack represents a significant tactical evolution in ransomware deployment strategies. Threat actors utilized WinSCP for secure file transfer to move Linux ransomware binaries onto Windows machines, then…
-
Linux RATs on Windows: Ransomware Actors Target VMware Deployments
The Agenda ransomware group has evolved its attack methodology with a sophisticated technique that deploys Linux ransomware variants directly on Windows systems, challenging traditional endpoint security controls. The attack represents a significant tactical evolution in ransomware deployment strategies. Threat actors utilized WinSCP for secure file transfer to move Linux ransomware binaries onto Windows machines, then…
-
Medusa Ransomware Leaks 834 GB of Comcast Data After $1.2M Demand
Medusa ransomware leaks 186 GB of Comcast data, claiming 834 GB stolen after a $1.2M ransom demand apparently went unpaid. First seen on hackread.com Jump to article: hackread.com/medusa-ransomware-comcast-data-leak/
-
Medusa Ransomware Leaks 834 GB of Comcast Data After $1.2M Demand
Medusa ransomware leaks 186 GB of Comcast data, claiming 834 GB stolen after a $1.2M ransom demand apparently went unpaid. First seen on hackread.com Jump to article: hackread.com/medusa-ransomware-comcast-data-leak/
-
Kremlin Shaping Cybercrime Into Deniable Geopolitical Tool
Moscow Crackdowns ‘Less About Enforcement and More About Optics,’ Say Experts. Changing forces are reshaping the Russian cybercrime ecosystem, as the Kremlin takes a more direct role in leveraging ransomware and other groups for geopolitical influence, while not hesitating to occasionally burn lower-level players as a diplomatic token gesture, say researchers. First seen on govinfosecurity.com…
-
Microsoft stoppt Ransomware-Angriffe auf Teams-Nutzer
Eine Ransomware-Bande hat gefälschte MS Teams-Installationsprogramme verwendet, um Nutzer anzugreifen.Durch die zunehmende Verbreitung von Remote-Work geraten Collaboration-Tools immer wieder in das Visier von Cyberkriminellen. Microsoft entdeckte vor kurzem eine Angriffskampagne der Ransomware-Bande Vanilla Tempest, die auf gefälschten Teams-Installationsprogrammen basiert. Die Angreifer verwendeten dazu imitierte MSTeamsSetup.exe-Dateien, die auf bösartigen Domains gehostet wurden. Ziel war es, ahnungslose…
-
Microsoft Digital Defense Report 2025: Extortion and Ransomware Lead Global Cybercrime Surge
The newly released Microsoft Digital Defense Report 2025 reveals new data on global cyber threats. According to the report, more than half of all cyberattacks with known motives, 52%, are driven by extortion and ransomware. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/digital-defense-report-shares-cybercrime-trend/
-
Warlock Ransomware Exploits SharePoint ToolShell Zero-Day in New Attack Campaign
Tags: attack, china, cyber, cybercrime, cybersecurity, espionage, exploit, group, infrastructure, microsoft, ransomware, threat, zero-dayChinese-linked threat actors behind the Warlock ransomware operation have emerged as a significant cybersecurity concern following their exploitation of a critical Microsoft SharePoint vulnerability. The group’s sophisticated attack infrastructure, combined with evidence of historical espionage activities dating back to 2019, reveals a complex threat landscape where cybercriminal and state-sponsored operations increasingly converge. Warlock first surfaced…
-
IR Trends Q3 2025: ToolShell attacks dominate, highlighting criticality of segmentation and rapid response
Cisco Talos Incident Response observed a surge in attacks exploiting public-facing applications, mainly via ToolShell targeting SharePoint, for initial access, with post-exploitation phishing and evolving ransomware tactics also persisting this quarter. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/ir-trends-q3-2025/
-
IR Trends Q3 2025: ToolShell attacks dominate, highlighting criticality of segmentation and rapid response
Cisco Talos Incident Response observed a surge in attacks exploiting public-facing applications, mainly via ToolShell targeting SharePoint, for initial access, with post-exploitation phishing and evolving ransomware tactics also persisting this quarter. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/ir-trends-q3-2025/
-
Ransomware gang steals meeting videos, financial secrets from fence wholesaler
Jewett-Cameron Trading said hackers exfiltrated IT information as well as financial data the company has been gathering over the past few weeks in preparation of filing its annual fiscal report with the SEC. First seen on therecord.media Jump to article: therecord.media/ransomware-gang-steals-meeting-video-fence-manufacturer
-
SocGholish Malware Using Compromised Sites to Deliver Ransomware
New research on SocGholish (FakeUpdates) reveals how this MaaS platform is used by threat actors like Evil Corp and RansomHub to compromise websites, steal data, and launch high-impact attacks on healthcare and businesses worldwide. First seen on hackread.com Jump to article: hackread.com/socgholish-malware-compromised-sites-ransomware/
-
Ransomware-Attacke auf Nickelhütte Aue
Cyberkriminelle haben die Büro-IT der Nickelhütte Aue lahmgelegt.Wie die Nickelhütte Aue auf ihrer Webseite mitteilt, haben Cyberkriminelle die Büro-IT angegriffen und Daten verschlüsselt. Infolgedessen komme es derzeit zu Beeinträchtigungen der IT-Systeme, heißt es. Ein Sprecher erklärte gegenüber CSO, dass die betroffenen Daten aus den Bereichen HR, Buchhaltung, Finanzen sowie Einkauf und Verkauf stammen. ‘Wir können…