Tag: ransomware
-
0APT ransomware group rises swiftly with bluster, along with genuine threat of attack
Most signs suggest the group is running a massive hoax by claiming hundreds of initial victims, but at least some of the threat 0APT poses is grounded in truth backed by proven capabilities. First seen on cyberscoop.com Jump to article: cyberscoop.com/0apt-ransomware-group-hoax-technical-capabilities/
-
Arctic Wolf targets mid-market security gap in APAC
Following the launch of its full portfolio in Malaysia, the SOC provider discusses the security challenges facing lean IT teams, the value of supplier neutrality, and its roadmap for AI and ransomware protection First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639032/Arctic-Wolf-targets-mid-market-security-gap-in-APAC
-
Crazy ransomware gang abuses employee monitoring tool in attacks
A member of the Crazy ransomware gang is abusing legitimate employee monitoring software and the SimpleHelp remote support tool to maintain persistence in corporate networks, evade detection, and prepare for ransomware deployment. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/crazy-ransomware-gang-abuses-employee-monitoring-tool-in-attacks/
-
From 10M to 25M: Conduent Breach Balloons Into One of 2025’s Largest
The Conduent ransomware attack has grown to impact 25 million Americans, exposing Social Security numbers and medical data in one of 2025’s largest breaches. The post From 10M to 25M: Conduent Breach Balloons Into One of 2025’s Largest appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-conduent-ransomware-breach-25m/
-
Billing Services Firm Notifying Medical Lab Patients of Hack
Ransomware Gang Everest Claims It Has Leaked All Stolen Data. A revenue cycle management software firm is notifying an undisclosed number of patients of several medical diagnostic labs that their sensitive information, including diagnoses and treatments, was stolen in a November hack. Ransomware gang Everest Group claims it has leaked all the data. First seen…
-
Fake Out: 0APT Data-Leak Ransomware Group Branded a Scam
Bitcoin Joining Fee for Affiliates and No Proven Victims Cited by Researchers. Newcomer ransomware group 0APT is being branded a likely scam operation, not least after a list of over 200 supposed victims turned out to be bogus, if not entirely AI-generated – never mind a 1 bitcoin joining fee for would-be affiliates and outdated…
-
Writing Ransomware Using AI to Get Rich? Don’t Bet the Farm
Attackers that want to use artificial intelligence tools to build ransomware or help run their cyber operations risk getting much less than they bargained for, said security expert Candid Wuest, in part because they’ll still rely on known tactics that can be readily spotted and blocked. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/writing-ransomware-using-ai-to-get-rich-dont-bet-farm-i-5523
-
Ransomware in Großunternehmen Bessere Abwehr, sinkende Kosten aber weiterhin konstanter Druck auf die IT
Ransomware ist nach wie vor eine der größten Sicherheitsherausforderungen für Unternehmen. Das zeigt der aktuelle ‘State of Ransomware in Enterprise 2025″ Report von Sophos, der erstmals gezielt die Erfahrungen großer Organisationen auswertet. Die gute Nachricht: Die Abwehr wird effektiver. Die schlechte: Die Angriffe bleiben hartnäckig und der Druck auf die IT-Teams wächst weiter. Der Report […]…
-
Picus Red Report 2026 Shows Attackers Favor Stealth Over Disruption
The Picus Red Report 2026 shows attackers shifting from ransomware to stealthy, long-term access techniques. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/picus-red-report-2026-shows-attackers-favor-stealth-over-disruption/
-
Sophos Studie beleuchtet Ransomware-Erfahrungen in Großunternehmen
Die Ergebnisse basieren auf einer unabhängigen Umfrage unter 3.400 IT- und Cybersicherheitsverantwortlichen in 17 Ländern. Die Studie wurde 2025 vom Forschungsinstitut Vanson Bourne im Auftrag von Sophos durchgeführt. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-studie-beleuchtet-ransomware-erfahrungen-in-grossunternehmen/a43658/
-
Phorpiex Phishing Delivers Low-Noise Global Group Ransomware
High-volume phishing campaign delivers Phorpiex malware via malicious Windows Shortcut files First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phorpiex-phishing-global-group/
-
Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools
Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself.BYOVD refers to an adversarial technique that abuses legitimate but flawed driver software to escalate privileges and disable Endpoint Detection First seen…
-
Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools
Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself.BYOVD refers to an adversarial technique that abuses legitimate but flawed driver software to escalate privileges and disable Endpoint Detection First seen…
-
From Ransomware to Residency: Inside the Rise of the Digital Parasite
Are ransomware and encryption still the defining signals of modern cyberattacks, or has the industry been too fixated on noise while missing a more dangerous shift happening quietly all around them?According to Picus Labs’ new Red Report 2026, which analyzed over 1.1 million malicious files and mapped 15.5 million adversarial actions observed across 2025, attackers…
-
Windows shortcut weaponized in Phorpiex-linked ransomware campaign
Phorpiex as the distribution layer: Forcepoint attributed the email distribution in this campaign to the Phorpiex botnet, also known as Trik. Phorpiex has been operating for more than a decade and is known for maintaining a large global footprint capable of delivering spam at scale. In this campaign, infected systems within the botnet are used…
-
Windows shortcut weaponized in Phorpiex-linked ransomware campaign
Phorpiex as the distribution layer: Forcepoint attributed the email distribution in this campaign to the Phorpiex botnet, also known as Trik. Phorpiex has been operating for more than a decade and is known for maintaining a large global footprint capable of delivering spam at scale. In this campaign, infected systems within the botnet are used…
-
Senegal shuts National ID office after ransomware attack
Senegal closed its national ID card office after a ransomware cyberattack disrupted ID, passport, and biometric services. Senegal confirmed a cyberattack on the Directorate of File Automation, the government office that manages national ID cards, passports, and biometric data. After ransomware claims surfaced, authorities temporarily closed the office to contain the incident. The agency warned…
-
Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server
SmarterTools confirmed last week that the Warlock (aka Storm-2603) ransomware gang breached its network by exploiting an unpatched SmarterMail instance.The incident took place on January 29, 2026, when a mail server that was not updated to the latest version was compromised, the company’s Chief Commercial Officer, Derek Curtis, said.”Prior to the breach, we had approximately…
-
Attackers Weaponize Windows Shortcut Files to Deploy Global Group Ransomware
A high-volume phishing campaign leveraging the Phorpiex botnet has been distributing GLOBAL GROUP ransomware through weaponized Windows shortcut files. The attack begins with an email attachment named Document.doc.lnk. Windows’ default behavior of hiding known file extensions makes this shortcut appear as a legitimate Word document to unsuspecting users. Attackers enhance deception by borrowing icons from…
-
Threat Actors Using Ivanti EPMM Flaws to Install Stealth Backdoors
A sophisticated new cyber campaign has been detected targeting Ivanti Endpoint Manager Mobile (EPMM) systems. Starting on February 4, 2026, threat actors began exploiting two critical vulnerabilities, CVE-2026-1281 and CVE-2026-1340, to plant dormant backdoors. Unlike typical attacks that immediately steal data or deploy ransomware, this campaign focuses on silence and persistence. Stealth Backdoors The attackers…
-
‘Reynolds’ Bundles BYOVD With Ransomware Payload
Researchers discovered a newly disclosed vulnerable driver embedded in Reynolds’ ransomware, illustrating the increasing popularity of the defense-evasion technique. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/black-basta-bundles-byovd-ransomware-payload
-
Warlock Gang Breaches SmarterTools Via SmarterMail Bugs
The ransomware group breached SmarterTools through a vulnerability in the company’s own SmarterMail product. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/warlock-gang-breaches-smartertools-smartermail-bugs
-
Hackers Deliver Global Group Ransomware Offline via Phishing Emails
Global Group ransomware is delivered through phishing emails and can encrypt files offline without any internet connection. First seen on hackread.com Jump to article: hackread.com/hackers-global-group-ransomware-offline-phishing-emails/
-
McLaren Health Will Pay $14M to Settle Lawsuits in 2 Attacks
2023 and 2024 Ransomware Breaches Affected More Than 2.5M. Michigan-based McLaren Health Care has agreed to pay $14 million to settle consolidated class action litigation involving two ransomware attacks – allegedly by Alphv/BlackCat in 2023 and by Inc Ransom in 2024 – that affected about 2.5 million patients and employees. First seen on govinfosecurity.com Jump…
-
Black Basta Bundles BYOVD With Ransomware Payload
Researchers discovered a newly disclosed vulnerable driver embedded in Black Basta’s ransomware, illustrating the increasing popularity of the defense-evasion technique. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/black-basta-bundles-byovd-ransomware-payload
-
Senegal confirms breach of national ID card department after ransomware claims
A cybersecurity incident affecting the government of Senegal has forced the closure of an office tasked with managing sensitive information, including national ID cards, passports and other biometric data. First seen on therecord.media Jump to article: therecord.media/senegal-breach-national-id-agency
-
Hackers breach SmarterTools network using flaw in its own software
SmarterTools confirmed last week that the Warlock ransomware gang breached its network after compromising an email system, but did not impact business applications or account data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-breach-smartertools-network-using-flaw-in-its-own-software/
-
Ransomware group breached SmarterTools via flaw in its SmarterMail deployment
SmarterTools, the company behind the popular Microsoft Exchange alternative SmarterMail, has been breached by a ransomware-wielding group that leveraged a recently fixed … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/09/smartertools-breach-smartermail-vulnerability/
-
BridgePay Ransomware Causes Widespread Payment Outages
A ransomware attack on BridgePay caused widespread U.S. payment outages, forcing some organizations to go cash-only. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/bridgepay-ransomware-causes-widespread-payment-outages/
-
Payment tech provider for Texas, Florida governments working with FBI to resolve ransomware attack
BridgePay Network Solutions initially warned customers on Friday that it was dealing with system-wide outages and later said that it was working with the FBI and U.S. Secret Service forensic team to resolve a ransomware attack. First seen on therecord.media Jump to article: therecord.media/payment-tech-provider-texas-florida-govs-ransomware-attack