Tag: ransomware
-
Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillow
Plus: A ransomware group is now stealing data in person, BusPatrol wants to hand its license plate surveillance data to the cops, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-cybercrime-crew-claims-it-hacked-mike-lindells-mypillow/
-
The Hidden Ransomware Economy Running on Exposed Databases
A 5-year study on the Ransomware Economy found that 30,515 exposed databases were hit by ransom attacks, causing massive damage despite victims never paying. Database extortion doesn’t look like the ransomware stories that usually grab headlines. There’s no slick branding, no leak-site countdown, no gang posting memes on Telegram. In most cases, there’s just a…
-
Kinetische Angriffe auf Cloud-Infrastrukturen Die physische Dimension digitaler Resilienz
Wenn wir an Bedrohungen für digitale Infrastrukturen denken, denken wir an Ransomware, an Zero-Day-Exploits, an kompromittierte Lieferketten. Woran wir seltener denken: Sabotageakte, durchtrennte Seekabel oder in Krisengebieten sogar Drohnen und Raketen. Doch genau diese physischen Bedrohungen rücken zunehmend ins Zentrum und zwingen zu einer unbequemen Erkenntnis: Die Cloud ist kein abstrakter Raum. Sie besteht aus…
-
AI Threat Landscape Digest March-April 2026
xecutive Summary During the MarchApril 2026 reporting period, AI use in offensive operations advanced from development and planning to real-time operational deployment. Multiple independent cases, involving individual criminal actors, mass exploitation platforms, ransomware groups, and state-sponsored espionage, show evidence of commercial AI models executing autonomous attack workflows across extended campaigns. Key findings: AI as Live…
-
NightSpire Ransomware Abuses RDP for Stealthy Persistence
NightSpire has quickly emerged as a significant ransomware threat since its discovery in early 2025, combining classic double-extortion tactics with stealthy intrusion techniques. The malware not only encrypts victim data but also exfiltrates sensitive files, threatening to publish them on a Tor-based leak site if ransom demands are not met. In just a three-month window…
-
Bundeslagebild Cybercrime 2025 Lösegelder explodieren bei sinkender Zahlungsquote
First seen on security-insider.de Jump to article: www.security-insider.de/bka-bundeslagebild-cybercrime-2025-ransomware-loesegeld-a-d6b7c82a963e014c07472141500f36de/
-
Product showcase: F-Secure Internet Security blocks phishing sites, fake stores, and SMS scams
F-Secure Internet Security protects against viruses, ransomware, spyware, infected email attachments, and other cyber threats. It focuses on securing devices and online … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/26/product-showcase-f-secure-internet-security-android/
-
Ransomware Uses ChaCha20 and Curve25519 to Encrypt Windows Files
Payload ransomware is a new Windows ransomware family that combines ChaCha20 stream encryption with per-file Curve25519 ECDH key exchange, making victim data effectively unrecoverable without the attackers’ private key. It also implements strong anti-forensics, including ETW patching, VSS deletion, event log wiping, and aggressive process/service termination to hinder detection and recovery. Payload first appeared publicly…
-
Ransomware Viele CISOs würden Lösegeld zahlen
Cyberangriffe mit Ransomware bleiben für Unternehmen weltweit eine der größten Bedrohungen. Besonders problematisch sind dabei nicht nur gestohlene Daten, sondern vor allem die Folgen für den laufenden Betrieb. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/ransomware-cisos-loesegeld-zahlen
-
Why pure extortion is replacing traditional ransomware
Ransomware gangs are shifting from encryption to pure extortion, focusing on stolen data, reputational pressure, and stealthier attacks. Ransomware groups are quietly changing strategy in 2026. Instead of encrypting systems and causing immediate disruption, many attackers are now focusing on pure extortion: stealing sensitive data and threatening to leak it publicly if victims refuse to…
-
WantToCry ransomware evades detection through SMB abuse, remote encryption
First seen on scworld.com Jump to article: www.scworld.com/news/wanttocry-ransomware-evades-detection-through-smb-abuse-remote-encryption
-
First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks.The disruption of First VPN Service was led by France and the Netherlands, with several other nations supporting the investigation since…
-
Operation Saffron Europol zerschlägt kriminellen VPN-Dienst ‘First VPN”
VPN-Dienste gelten für viele Nutzer als Synonym für Datenschutz und Anonymität. Doch dieselbe Infrastruktur wird zunehmend auch von Cyberkriminellen genutzt, um Angriffe zu verschleiern, Ransomware-Kampagnen zu koordinieren und Ermittlungen zu umgehen. Mit der internationalen Operation ‘Saffron” haben Strafverfolger nun erstmals gezielt einen solchen kriminellen VPN-Dienst zerschlagen. Unterstützt wurde die Aktion unter anderem von Bitdefender. Die…
-
Datenleck bei Hackerbande The Gentlemen
Ein Datenleck bei der Ransomware-Gruppe The Gentlemen offenbart deren Strukturen. Die Hacker nutzten KI-Modelle wie DeepSeek für ihre Infrastruktur. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/hackerbande-the-gentlemen-datenleck
-
Authorities Take Down “First VPN” Service Used in Ransomware Attacks
Authorities in Europe have dismantled a major criminal VPN service known as “First VPN,” which was widely used by ransomware operators and cybercriminal groups to conceal their activities. The coordinated operation, led by French and Dutch authorities with support from Eurojust and Europol, marks a significant disruption to cybercrime infrastructure across multiple countries. Criminal VPN…
-
New Verizon Report Reveals the Security Gap Attackers Are Exploiting Most
Verizon’s 2026 DBIR shows vulnerability exploitation, AI-enabled attacks, third-party risk, and ransomware are reshaping cyber threats. The post New Verizon Report Reveals the Security Gap Attackers Are Exploiting Most appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-verizon-dbir-vulnerability-exploitation-2026/
-
Law enforcement shuts down VPN service used by two dozen ransomware gangs
First VPN promised hackers complete anonymity for their cyberattacks. But Europol said it was able to notify the service’s users that they have now been identified. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/21/law-enforcement-shuts-down-vpn-service-used-by-two-dozen-ransomware-gangs/
-
Police op targets VPN service favoured by ransomware gangs
A multinational police operation has taken down the infamous First VPN service that provided cover for cyber criminal gangs and ransomware operators. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366643536/Police-op-targets-VPN-service-favoured-by-ransomware-gangs
-
Global law enforcement operation takes First VPN offline
Police seized First VPN in a global crackdown, exposed its cybercrime users, and shut down infrastructure tied to ransomware and data theft. A major international law enforcement operation has taken First VPN offline, a service that had become a quiet staple for ransomware crews, data thieves, and other cybercriminals trying to hide in plain sight. >>The coordinated…
-
2026 Verizon DBIR: The New Era of Cyber Threats
The 2026 Verizon DBIR reveals how AI, ransomware, and human error are shaping cybersecurity. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/2026-verizon-dbir-the-new-era-of-cyber-threats/
-
Cybercriminal VPN Dismantled in Europol Crackdown
First VPN, a service used by ransomware actors and fraudsters, was dismantled by Europol First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/first-vpn-takedown-europol/
-
Ransomware-Trends 2026 Weniger Gruppen, schnellere Angriffe, größere Auswirkungen
Check Point Research stellt die Ergebnisse seines <<State of Ransomware Q1 2026"-Berichts vor und stellt fest: Die Aktivitäten der Ransomware-Gruppen blieben auf hohem Niveau, auch wenn die Bedrohungslandschaft einem entscheidenden Wandel unterliegt. Denn im Fokus stehen wenige, aber leistungsfähige Ransomware-Gruppen. Die Sicherheitsforscher beobachten, dass diese Konzentration in Verbindung mit den Fähigkeiten der Angreifer und dem Einsatz von KI die potenziellen Auswirkungen jedes Angriffs erheblich erhöht. Die wichtigsten Ergebnisse…
-
Authorities dismantle First VPN, used by ransomware actors
First VPN, a virtual private network service marketed to cybercriminals, promising anonymity for its users, was taken offline on May 19 and 20 as part of Operation Saffron. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/21/operation-saffron-first-vpn-takedown/
-
Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs
Microsoft disrupted Fox Tempest, a malware-signing service accused of abusing Azure certificates to disguise ransomware and malware as trusted software. The post Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-fox-tempest-malware-signing-service/
-
Europe dismantles VPN service used by cybercriminals to hide ransomware attacks
The international operation targeted a service known as First VPN, which had been marketed for years on Russian-speaking cybercrime forums as a secure way for criminals to evade law enforcement. First seen on therecord.media Jump to article: therecord.media/europe-dismantles-first-vpn
-
Europol Seizes First VPN Used by Ransomware Gangs, Arrests Administrator
Europol has seized First VPN, a service used by ransomware gangs, arrested its administrator and gained access to data linked to thousands of users. First seen on hackread.com Jump to article: hackread.com/europol-seizes-first-vpn-ransomware-administrator-arrest/
-
Police seize “First VPN” service used in ransomware, data theft attacks
A virtual private network service called ‘First VPN,’ used in ransomware and data theft attacks, has been taken offline in a joint international law enforcement operation. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/police-seize-first-vpn-service-used-in-ransomware-data-theft-attacks/
-
Wenn Cyberkriminelle gehackt werden Was die Gentlemen-Leaks verraten
Check Point Research (CPR), die Sicherheitsforschungsabteilung von Check Point Software Technologies hat interne Daten der Ransomware-Gruppe ‘The Gentlemen” (CPR berichtete) analysiert, die nach einer Kompromittierung ihrer Infrastruktur öffentlich wurden. Die Erkenntnisse geben einen seltenen Einblick in die Struktur, Arbeitsweise und Angriffsmethoden einer der derzeit aktivsten Ransomware-Operationen weltweit. Die wichtigsten Ergebnisse im Überblick: Zweite Kraft im…