Tag: ransomware

Ransomware-Angriffe: nicht neu, aber schneller

Apr 9, 2026 1:59 PM

Tags: cyberattack, ransomware

Ransomware ist wahrlich kein neues Phänomen. Allerdings schreitet auch in diesem Bereich die Entwicklung dynamisch fort, sodass bei vielen Unternehmen ein dringender Handlungsbedarf besteht. Die Analyse der derzeitigen Gefahrenlage und der vorhandenen Schutzmaßnahmen liefert wichtige Erkenntnisse, die Unternehmen für die wirksame Risikoreduzierung und die Stärkung der Abwehrfähigkeit nutzen können. Ransomware-Angriffe laufen meistens in mehreren… First…
Patch windows collapse as timeexploit accelerates

Apr 9, 2026 11:52 AM

Tags: access, ai, application-security, attack, automation, botnet, ciso, cyber, cybercrime, cybersecurity, data-breach, exploit, incident response, insurance, Internet, mitigation, radius, ransomware, software, technology, threat, update, vulnerability, windows, zero-day

N-day exploitation: Rapid7 Labs validated its findings about a more febrile threat environment by producing both n-day and zero-day exploits using AI-assisted research, substantially reducing development time.In practice, n-day bugs, or the development of exploits against patched software, are a bigger problem than headline-grabbing zero-day vulnerabilities, adds Leeann Nicolo, incident response lead at Coalition, a technology…
Cyber ist weltweit das Top-Risiko, während KI-Risiken auf Platz 2 springen

Apr 9, 2026 9:52 AM

Tags: ai, cyber, cyberattack, germany, ransomware, risk

Cyber, insbesondere Ransomware-Angriffe, zum fünften Mal in Folge auf Platz 1 der Unternehmensrisiken (42 Prozent der Antworten weltweit). 32 Prozent der Befragten bewerten Künstliche Intelligenz (KI) als branchenübergreifendes, hohes Risiko und sorgen für einen Sprung von Platz 10 auf 2. In Deutschland liegen Cyberattacken und Betriebsunterbrechungen weiterhin auf den Plätzen 1 und 2 … First…
Storm-1175 Deploys Medusa Ransomware Within 24 Hours of Flaw Disclosure

Apr 8, 2026 4:52 PM

Tags: attack, exploit, flaw, group, healthcare, microsoft, ransomware

Microsoft researchers have uncovered a fast-moving group, Storm-1175, launching high-speed Medusa ransomware attacks against healthcare and education sectors in the UK, US, and Australia by exploiting security flaws in as little as 24 hours. First seen on hackread.com Jump to article: hackread.com/storm-1175-hackers-24-hour-medusa-ransomware-flaw/
Ein Login genügt: Warum moderne Ransomware keine Hightech-Tricks mehr braucht

Apr 8, 2026 4:52 PM

Tags: cyberattack, login, ransomware

Die Realität zeigt: Ransomware beginnt heute selten mit komplexer Technik. Sie beginnt mit einem Login. Und genau dort entscheidet sich, ob ein Angriff zur Katastrophe wird First seen on infopoint-security.de Jump to article: www.infopoint-security.de/ein-login-genuegt-warum-moderne-ransomware-keine-hightech-tricks-mehr-braucht/a44534/
Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions

Apr 8, 2026 1:52 PM

Tags: access, attack, backdoor, blizzard, breach, ceo, ciso, cloud, control, corporate, credentials, data, dns, finance, Hardware, login, malicious, malware, mobile, network, office, password, phishing, ransomware, risk, router, theft, threat, vpn, vulnerability

Invisible path to enterprise systems: This attack poses a serious risk to enterprises because, instead of beginning at the corporate perimeter, it starts from employee environments that are often less secure. Threat actors target vulnerable home or small office routers, which often have weak default passwords or unpatched software.The shift to remote work has dramatically…
Dutch healthcare software vendor goes dark after ransomware attack

Apr 8, 2026 1:52 PM

Tags: attack, email, healthcare, ransomware, software

ChipSoft’s website remains down but emails are functioning First seen on theregister.com Jump to article: www.theregister.com/2026/04/08/chipsoft_ransomware/
Storm-1175 Deploys Medusa Ransomware at ‘High Velocity’

Apr 7, 2026 11:54 PM

Tags: cybercrime, exploit, group, microsoft, ransomware, vulnerability, zero-day

Microsoft says the financially motivated cybercrime group has exploited N-day and zero-day vulnerabilities in campaigns predicated on speed. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/storm-1175-medusa-ransomware-high-velocity
5 practical steps to strengthen attack resilience with attack surface management

Apr 7, 2026 9:54 PM

Tags: access, api, attack, authentication, automation, backup, breach, business, cloud, container, control, credentials, cvss, cyber, cybersecurity, data, data-breach, detection, dns, email, endpoint, exploit, framework, government, identity, iot, malicious, monitoring, msp, network, nist, phishing, ransomware, resilience, risk, service, social-engineering, software, threat, tool, update, vpn, vulnerability, vulnerability-management, windows

What can attackers actually reach right now? By continuously identifying and prioritizing exposure across your environment, ASM transforms raw visibility into measurable cyber resilience.Below are five practical steps security teams can take to strengthen attack resilience using attack surface management principles. Effective attack surface management starts with complete visibility. Security gaps often appear because teams…
5 practical steps to strengthen attack resilience with attack surface management

Apr 7, 2026 9:54 PM

Tags: access, api, attack, authentication, automation, backup, breach, business, cloud, container, control, credentials, cvss, cyber, cybersecurity, data, data-breach, detection, dns, email, endpoint, exploit, framework, government, identity, iot, malicious, monitoring, msp, network, nist, phishing, ransomware, resilience, risk, service, social-engineering, software, threat, tool, update, vpn, vulnerability, vulnerability-management, windows

What can attackers actually reach right now? By continuously identifying and prioritizing exposure across your environment, ASM transforms raw visibility into measurable cyber resilience.Below are five practical steps security teams can take to strengthen attack resilience using attack surface management principles. Effective attack surface management starts with complete visibility. Security gaps often appear because teams…
5 practical steps to strengthen attack resilience with attack surface management

Apr 7, 2026 9:54 PM

Tags: access, api, attack, authentication, automation, backup, breach, business, cloud, container, control, credentials, cvss, cyber, cybersecurity, data, data-breach, detection, dns, email, endpoint, exploit, framework, government, identity, iot, malicious, monitoring, msp, network, nist, phishing, ransomware, resilience, risk, service, social-engineering, software, threat, tool, update, vpn, vulnerability, vulnerability-management, windows

What can attackers actually reach right now? By continuously identifying and prioritizing exposure across your environment, ASM transforms raw visibility into measurable cyber resilience.Below are five practical steps security teams can take to strengthen attack resilience using attack surface management principles. Effective attack surface management starts with complete visibility. Security gaps often appear because teams…
5 ways to strengthen identity security and improve attack resilience

Apr 7, 2026 9:54 PM

Tags: access, ai, api, attack, authentication, automation, cloud, control, corporate, credentials, data, detection, endpoint, identity, infrastructure, least-privilege, login, mfa, microsoft, monitoring, msp, network, password, phishing, ransomware, resilience, risk, service, soc, tactics, threat, unauthorized, update, vulnerability, zero-trust

Admin accountsMSP technician accountsCloud infrastructure accountsExternal-facing applicationsRemote access toolsAny MFA deployment is better than none, but phishing-resistant methods offer the strongest protection. Once privileged accounts are enforced, expand MFA to all users over the next 30 days. Doing so reduces the likelihood that compromised credentials lead directly to unauthorized access. 2. Implement privileged access management…
5 ways to strengthen identity security and improve attack resilience

Apr 7, 2026 9:54 PM

Tags: access, ai, api, attack, authentication, automation, cloud, control, corporate, credentials, data, detection, endpoint, identity, infrastructure, least-privilege, login, mfa, microsoft, monitoring, msp, network, password, phishing, ransomware, resilience, risk, service, soc, tactics, threat, unauthorized, update, vulnerability, zero-trust

Admin accountsMSP technician accountsCloud infrastructure accountsExternal-facing applicationsRemote access toolsAny MFA deployment is better than none, but phishing-resistant methods offer the strongest protection. Once privileged accounts are enforced, expand MFA to all users over the next 30 days. Doing so reduces the likelihood that compromised credentials lead directly to unauthorized access. 2. Implement privileged access management…
Ransomware im Wandel: Mehr Attacken – weniger zahlende Opfer

Apr 7, 2026 5:51 PM

Tags: ransomware

Statt sich zurückzuziehen, entwickeln Ransomware-Gruppen ihre Methoden stetig weiter. Ihr Ziel: maximaler Druck auch ohne direkte Zahlung. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/ransomware-im-wandel-mehr-attacken-weniger-zahlende-opfer/a44513/
Fast-moving Storm-1175 uses new exploits to breach networks and drop Medusa

Apr 7, 2026 4:53 PM

Tags: access, attack, breach, china, data, data-breach, exploit, flaw, group, network, ransomware, theft, update, vulnerability

China-based actor Storm-1175 runs fast ransomware attacks, exploiting new flaws to breach systems and quickly deploy Medusa ransomware. China-based actor Storm-1175 carries out fast, financially driven ransomware attacks by exploiting newly disclosed vulnerabilities before organizations patch them. The group targets exposed systems and quickly moves from initial access to data theft and Medusa ransomware deployment,…
Talos Takes: 2025’s ransomware trends and zombie vulnerabilities

Apr 7, 2026 2:50 PM

Tags: ransomware, vulnerability

In this episode of Talos Takes, Amy and Pierre Cadieux unpack the ransomware and vulnerability trends that defined 2025. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/talos-takes-2025s-ransomware-trends-and-zombie-vulnerabilities/
Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks

Apr 7, 2026 12:51 PM

Tags: attack, exploit, flaw, group, microsoft, ransomware

Microsoft has released a new report about the Storm-1175 group and its connection to Medusa ransomware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/storm1175-medusa-attacks/
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

Apr 7, 2026 10:51 AM

Tags: attack, china, data-breach, exploit, Internet, ransomware, threat, vulnerability, zero-day

A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate “high-velocity” attacks and break into susceptible internet-facing systems.”The threat actor’s high operational tempo and proficiency in identifying exposed perimeter assets have proven successful, with recent First seen on thehackernews.com Jump…
Microsoft Warns Storm-1175 Exploiting Web-Facing Vulnerabilities to Deploy Medusa Ransomware

Apr 7, 2026 8:51 AM

Tags: cyber, exploit, group, microsoft, ransomware, threat, vulnerability

Microsoft is warning that a fast”‘moving threat actor it tracks as Storm”‘1175 is aggressively exploiting vulnerabilities in internet”‘exposed systems to deliver Medusa ransomware in days and sometimes in under 24 hours. Storm”‘1175 is a financially motivated group known for high”‘velocity ransomware operations that weaponize recently disclosed, or “N”‘day”, vulnerabilities in web”‘facing services. The actor focuses…
German authorities identify REvil and GandCrab ransomware bosses

Apr 7, 2026 6:51 AM

Tags: germany, ransomware, russia

The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/german-authorities-identify-revil-and-gangcrab-ransomware-bosses/
German authorities identify REvil and GangCrab ransomware bosses

Apr 7, 2026 5:52 AM

Tags: germany, ransomware, russia

The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/german-authorities-identify-revil-and-gangcrab-ransomware-bosses/
Medusa ransomware group using zero-days to launch attacks within 24 hours of breach, Microsoft says

Apr 6, 2026 10:51 PM

Tags: access, attack, breach, data, group, microsoft, ransomware, zero-day

Microsoft said it has been alarmed to see how effective Medusa actors are, citing multiple cases where the group can move from initial access to data exfiltration and ransomware deployment within 24 hours. First seen on therecord.media Jump to article: therecord.media/medusa-ransomware-group-zero-days-microsoft
German police unmask two suspects linked to REvil ransomware gang

Apr 6, 2026 9:52 PM

Tags: ransomware, russia, ukraine

The suspects were named as Daniil Shchukin, a 31-year-old Russian national believed to have used the alias UNKN (UNKNOWN), and Anatoly Kravchuk, a 43-year-old Ukraine-born Russian citizen who investigators say worked as a developer for the group. First seen on therecord.media Jump to article: therecord.media/german-police-unmask-suspects-linked-revil-gandcrab
The Value of Immutability with Object First

Apr 6, 2026 8:52 PM

Tags: backup, hacker, ransomware

IT security teams today must have the feeling of a target on their back. It is not paranoia. Hackers target backup storage in nearly every single ransomware incident because they know that if they kill your safety net, you are likely to pay up. I have seen too many smart admins lose sleep wondering if..…
CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wild

Apr 6, 2026 7:52 PM

Tags: access, advisory, api, attack, authentication, cisa, control, cve, cyber, cybersecurity, data, exploit, flaw, fortinet, github, infrastructure, injection, kev, malicious, ransomware, sql, threat, update, vpn, vulnerability, zero-day

Exploitation has been observed for CVE-2026-35616, a critical improper access control zero-day vulnerability affecting Fortinet FortiClientEMS devices. Key takeaways: CVE-2026-35616, an improper access control vulnerability, has been exploited in the wild as a zero-day. Public exploit code has been identified and Fortinet products have a long history of targeting by malicious actors. Hotfixes have been…
Microsoft links Medusa ransomware affiliate to zero-day attacks

Apr 6, 2026 7:52 PM

Tags: attack, china, cybercrime, exploit, group, microsoft, ransomware, zero-day

Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-links-medusa-ransomware-affiliate-to-zero-day-attacks/
BKA unmasks two REvil Ransomware operators behind 130+ German attacks

Apr 6, 2026 5:52 PM

Tags: attack, germany, group, ransomware, russia

German police BKA identified two key REvil ransomware members, linking them to over 130 attacks in Germany. Germany’s Federal Criminal Police (BKA) has identified two key figures behind the REvil ransomware group, linking them to more than 130 attacks in the country. The first suspect is Daniil Maksimovich Shchukin (31), a Russian national known online…
Alleged REvil Leader ‘UNKN’ Identified by German Authorities in New Takedown Effort

Apr 6, 2026 12:51 PM

Tags: cyber, hacker, ransomware, russia

German authorities have officially put a face to one of the most notorious names in cybercrime. The German Federal Criminal Police (BKA) recently identified 31-year-old Russian national Daniil Maksimovich Shchukin as the man behind the hacker alias >>UNKN.<< According to the BKA, Shchukin led the infamous GandCrab and REvil ransomware operations. Working alongside 43-year-old Anatoly…
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

Apr 6, 2026 12:51 PM

Tags: attack, cisco, edr, malicious, ransomware, threat, tool, vulnerability

Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BYOVD) technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend Micro.Qilin attacks analyzed by Talos have been found to deploy a malicious DLL named “msimg32.dll,” First seen on…
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab

Apr 6, 2026 11:51 AM

Tags: computer, country, cybercrime, extortion, germany, group, hacker, ransomware, russia

An elusive hacker who went by the handle “UNKN” and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across…