Tag: ransomware
-
March 2026 Cyber Threat Landscape Fueled by Ransomware, Breaches, and Access Markets
Tags: access, attack, breach, cyber, cybersecurity, data, data-breach, intelligence, ransomware, threatThe 2026 threat landscape continued to intensify in March, with ransomware attacks, expanding data breach activity, and a growing underground market for compromised access shaping the global cybersecurity environment. According to analysis from CRIL (Cyble Research & Intelligence Labs), organizations worldwide faced a highly active and coordinated threat ecosystem throughout the month. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/march-2026-threat-landscape/
-
UK could face ‘hacktivist attacks at scale’, says head of security agency
Officials warn a conflict situation could cause disruption similar to recent major ransomware incidentsThe UK could face “hacktivist attacks at scale” if it becomes embroiled in a conflict and the impact could be similar to recent high-profile <a href=”https://www.theguardian.com/technology/2023/sep/14/who-is-behind-latest-wave-of-ransomware-attacks”>ransomware incidents, according to the head of the country’s online security agency.Richard Horne, chief executive of the…
-
Ransomware Negotiator Pleads Guilty to BlackCat Scheme
A cautionary tale illustrates why the person negotiating should never be involved with any part of the ransom payment process, experts noted. First seen on darkreading.com Jump to article: www.darkreading.com/insider-threats/ransomware-negotiator-pleads-guilty-blackcat-scheme
-
Former DigitalMint ransomware negotiator pleads guilty to extortion scheme
Angelo Martino helped accomplices extort a combined $75.3 million in ransom payments from five victim companies. First seen on cyberscoop.com Jump to article: cyberscoop.com/digitalmint-ransomware-negotiator-angelo-martino-guilty-plea/
-
Murder, she wrote: Ex-FBI chief wants some ransomware crims charged with homicide
Lawmakers decry CISA cuts: ‘We are shooting ourselves in the foot’ First seen on theregister.com Jump to article: www.theregister.com/2026/04/21/exfbi_cyber_chief_urges_felony_charges_ransomware/
-
Ransomware negotiator caught secretly assisting BlackCat extortion scheme
Angelo Martino pleaded guilty to helping BlackCat ransomware group while acting as a ransomware negotiator. Another U.S. cybersecurity expert, Angelo Martino, admitted helping the BlackCat ransomware group while working as a ransomware negotiator. Angelo Martino (41) admitted helping the BlackCat ransomware group while working for a U.S. incident response firm. >>A Florida man, formerly employed…
-
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
Threat actors associated with The Gentlemen ransomware”‘as”‘a”‘service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC.According to new research published by Check Point, the command-and-control (C2 or C&C) server linked to SystemBC has led to the discovery of a botnet of more than 1,570 victims.”SystemBC establishes SOCKS5 network tunnels within…
-
Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks
The ideas came up at a House Homeland Security Committee hearing, as health care ransomware attacks are on the rise. First seen on cyberscoop.com Jump to article: cyberscoop.com/lawmakers-ponder-terrorism-designations-homicide-charges-over-hospital-ransomware-attacks/
-
Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk
The critical remote code execution flaw (CVE-2026-1731) in the remote monitoring and management tool can be exploited to spread ransomware and compromise supply chains. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/surge-bomgar-rmm-exploitation-demonstrates-supply-chain-risk
-
Ransomware negotiator pleads guilty to helping ransomware gang
A former employee of a cybersecurity firm pleaded guilty to aiding ransomware criminals to maximize their profits, with the goal of taking a cut of the ransom. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/21/ransomware-negotiator-pleads-guilty-to-helping-ransomware-gang/
-
Ransomware negotiator admits role in attacks he was hired to resolve
A Florida man, formerly employed as a ransomware negotiator, pleaded guilty to conspiring to carry out ransomware attacks against US companies. Prosecutors say Angelo Martino, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/21/ransomware-negotiator-blackcat-alphv-group/
-
Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023
A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting ransomware attacks against U.S. companies in 2023.Angelo Martino, 41, of Land O’Lakes, Florida, teamed up with the operators of the BlackCat ransomware starting in April 2023 to assist the e-crime gang in extracting higher amounts as ransoms.”Working as a negotiator…
-
Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords
Plus: Court papers reveal nonprofit paid a ransom worth nearly $26.8 million First seen on theregister.com Jump to article: www.theregister.com/2026/04/21/yet_another_ex_ransomware_negotiator_pleads/
-
The Gentlemen Ransomware Expands With Rapid Affiliate Growth
Gentlemen RaaS expands quickly with multi-platform attacks and SystemBC-linked infections First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/gentlemen-ransomware-rapid/
-
Former ransomware negotiator pleads guilty to BlackCat attacks
41-year-old Angelo Martino, a former employee of cybersecurity incident response company DigitalMint, has pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/former-ransomware-negotiator-pleads-guilty-to-blackcat-attacks/
-
Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul
Fake emails already doing the rounds as ransomware crew boasts about what it allegedly stole First seen on theregister.com Jump to article: www.theregister.com/2026/04/21/adaptavist_group_breach_spawns_impostor/
-
Die stille Expansion der Gentlemen Deutschland im Fokus
Ein zentraler Baustein für das schnelle Wachstum der Gruppe liegt offenbar im Geschäftsmodell. ‘The Gentlemen” setzen auf ein besonders attraktives Partnerprogramm First seen on infopoint-security.de Jump to article: www.infopoint-security.de/die-stille-expansion-der-gentlemen-ransomware/a44707/
-
Ransomware-Attacken: Versicherungs- und Rechtsfragen in Zeiten zunehmender Cyberangriffe
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/ransomware-attacken-versicherung-rechtsfragen-zunahme-cyberangriffe
-
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-gentlemen-ransomware-now-uses-systembc-for-bot-powered-attacks/
-
Weltweit schon 1.570 Opfer der Gentlemen-Ransomware
Check Point Research hat eine neue Ransomware-Gruppe namens ‘The Gentlemen” beobachtet und die Ergebnisse zeigen, dass das tatsächliche Ausmaß ihrer Aktivitäten weit über das hinausgeht, was bisher berichtet wurde. Die Gruppe hat seit Mitte 2025 öffentlich 320 Opfer gemeldet. 240 Angriffe fanden davon im Jahr 2026 statt, was sie zur zweitaktivsten Ransomware-Gruppe dieses Jahres macht…
-
The backup myth that is putting businesses at risk
Backups protect data, but don’t keep your business running during downtime. Datto shows why BCDR is essential to keep operations running during ransomware and outages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-backup-myth-that-is-putting-businesses-at-risk/
-
DFIR Report The Gentlemen SystemBC: A Sneak Peek Behind the Proxy
ey Points The Gentlemen RaaS The Gentlemen ransomware”‘as”‘a”‘service (RaaS) operation is a relatively new group that emerged around mid”‘2025. The operators advertise their services across multiple underground forums, promoting their ransomware platform and inviting penetration testers (and other technically skilled actors) to join as affiliates. The RaaS provides affiliates with multi”‘OS lockers for Windows, Linux,…
-
Die Erben von Blackbasta formieren sich neu als ‘Payouts King” mit raffinierter Ransomware
Im Februar 2025 endete die Ära der berüchtigten Ransomware-Gruppierung Blackbasta abrupt. Nachdem interne Chat-Protokolle an die Öffentlichkeit gelangt waren, sah sich die Gruppe gezwungen, ihre Operationen einzustellen. Doch die kriminelle Energie blieb: Ehemalige Blackbasta-Partner setzten ihre Angriffe umgehend mit anderen Ransomware-Familien fort. Die Analysten des Zscaler-ThreatLabz-Forschungsteams haben in den vergangenen Monaten kontinuierliche Ransomware-Aktivitäten beobachtet, die…
-
Tempo ist nicht Resilienz – Ohne Benchmark keine sichere Ransomware-Recovery
First seen on security-insider.de Jump to article: www.security-insider.de/ohne-benchmark-keine-sichere-ransomware-recovery-a-e5669e6719dea955c75b429de8a8fe65/
-
JanaWare Ransomware Hits Turkish Users via Tailored Adwind RAT
A newly analyzed ransomware campaign dubbed “JanaWare” is targeting users in Turkey by leveraging a customized version of the Adwind Remote Access Trojan (RAT). The campaign combines stealthy delivery techniques, geographic restrictions, and polymorphic malware to evade detection while maintaining long-term activity. Researchers identified that JanaWare is specifically designed to infect systems located in Turkey.…
-
QEMU Hijacked as Stealth Backdoor for Credential Theft, Ransomware
Attackers are increasingly abusing QEMU virtual machines to hide credential theft and ransomware staging inside “invisible” virtual environments, making detection and forensics significantly harder for defenders. QEMU is a legitimate open-source emulator and virtualizer that allows running full operating systems as virtual machines on a host. Threat actors are weaponizing this capability by running their…
-
Wie Hacker QEMU als Schutzschild für Ransomware missbrauchen
Hacker haben eine Methode perfektioniert, um unter dem Radar moderner Sicherheitssoftware zu fliegen. Durch den Missbrauch des Open-Source-Emulators QEMU verstecken sie komplette Angriffsszenarien als Ransomware in virtuellen Maschinen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/hacker-qemu-ransomware-missbrauchen
-
Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware
Tags: control, data, detection, endpoint, hacker, malicious, malware, open-source, ransomware, sophosAttackers abuse QEMU to hide malware in virtual machines, bypass detection, steal data, and deploy ransomware without leaving any trace. Sophos researchers report a rise in attackers abusing QEMU, an open-source emulator, to hide malicious activity inside virtual machines. By running malware in a VM, attackers avoid endpoint security controls and leave minimal traces on…
-
NAKIVO v11.2: Ransomware Defense, Faster Replication, vSphere 9, and Proxmox VE 9.0 Support
NAKIVO Inc. announced the general availability of NAKIVO Backup & Replication v11.2, focused on fast, reliable, and proactive data protection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nakivo-v112-ransomware-defense-faster-replication-vsphere-9-and-proxmox-ve-90-support/