Tag: ransomware
-
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
Germany’s Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identity of the main threat actors associated with the now-defunct REvil (aka Sodinokibi) ransomware-as-a-service (RaaS) operation.The threat actor, who went by the alias UNKN, functioned as a representative of the group, advertising the ransomware in June 2019 on the XSS cybercrime…
-
Security Affairs newsletter Round 571 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Qilin ransomware group claims the hack of German political party Die Linke U.S. CISA adds a…
-
Ransomware Attack on Vivaticket Disrupts Louvre and Major European Museums
What happened A ransomware attack on Vivaticket disrupted online reservations at major European museums and monuments after the ticketing provider was hit in early March. The incident reportedly took place on March 2 and affected about 3,500 European museums and monuments. Vivaticket, which serves thousands of organizations across 50 countries and manages about 850 million…The…
-
Qilin ransomware group claims the hack of German political party Die Linke
Qilin ransomware claims it stole data from Germany’s Die Linke and threatens to leak it; the party confirmed the incident, but not a breach. The Qilin ransomware group claims it stole data from Die Linke, a German political party, and is threatening to release it. Die Linke is a left-wing political party in Germany. Its…
-
Cisco fixes critical IMC auth bypass present in many products
Tags: access, ai, api, apt, attack, authentication, cisco, computing, credentials, cybersecurity, dns, email, exploit, firewall, firmware, flaw, group, infrastructure, linux, malicious, monitoring, network, password, ransomware, risk, router, vulnerability, zero-day[ Related: More Cisco news and insights ] The Cisco IMC is a baseboard management controller (BMC), a dedicated controller embedded into server motherboards with its own RAM and network interface that gives administrators monitoring and management capabilities as if they were physically connected to the server with a keyboard, monitor, and mouse (KVM). Because BMCs run…
-
7 ways to improve your business resilience with backup and recovery
Tags: attack, automation, backup, business, cloud, compliance, control, cyber, data, dns, HIPAA, identity, malware, metric, network, PCI, ransomware, resilience, risk, service, soc, threat, vulnerability2. Ensure off-site backup copies : Local backups are fast, but they are also vulnerable to the same physical disasters and ransomware attacks that hit your primary servers. If your production environment and your backups are on the same network segment without air-gapping, a single compromise becomes a total extinction event. The Fix: Adopt a 3-2-1 strategy (3 total copies of data, 2 different media…
-
5 Steps to break free from alert fatigue and build resilient security operations
2. Prioritize outcomes over ticket volume : Stop focusing on how many alerts are cleared. This may be a metric for a better understanding of where automation or headcount are necessary but prioritize outcomes. Instead, the right questions are: How quickly did you contain a threat? Did we disrupt business operations or keep recovery swift and effective? A practical, outcome-driven SOC measures: Dwell time: How long before a threat was neutralized? Mean Time to Contain: How quickly…
-
6 critical mistakes that undermine cyber resilience (and how to fix them)
Tags: attack, automation, backup, best-practice, business, compliance, cyber, cybersecurity, data, detection, edr, endpoint, guide, identity, intelligence, malware, metric, network, ransomware, resilience, risk, soc, strategy, threat, tool, update, vulnerabilityGuide to Managing Strong Personalities During a Cybercrisis. Mistake 2: Fragmented asset and risk views: Fragmented asset and risk views make it difficult for teams to understand what is actually in their environment and where the most pressing exposures reside. When devices, configurations, and identity data live in separate tools or are maintained inconsistently, gaps…
-
5 critical steps to achieve business resilience in cybersecurity
Tags: access, ai, attack, authentication, automation, backup, breach, business, communications, control, credentials, cybersecurity, data, defense, detection, endpoint, identity, malicious, mfa, msp, password, ransomware, resilience, soc, threat, tool, updateLooking for end-to-end coverage of your environment? Check out N-able Unified Security Solutions. 2. Transition from manual to automated response : SOC teams can’t keep up with the flood of alerts”, N-able handled 2 alerts per minute on average in 2025. That’s why automation and Security Orchestration, Automation and Response (SOAR) saw a 500% YoY surge”, almost one in four responses are now…
-
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
Tags: access, ai, attack, breach, cisco, data, data-breach, extortion, group, network, ransom, ransomware, saas, supply-chainExtortion boost: The origins and deeper motives of TeamPCP, which emerged in late 2025, remain unclear. The leaking of stolen data suggests it might be styling itself as a sort of initial access broker which sells data and network access on to the highest bidder.However, the fact that stolen data was handed to a major…
-
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
Tags: access, ai, attack, breach, cisco, data, data-breach, extortion, group, network, ransom, ransomware, saas, supply-chainExtortion boost: The origins and deeper motives of TeamPCP, which emerged in late 2025, remain unclear. The leaking of stolen data suggests it might be styling itself as a sort of initial access broker which sells data and network access on to the highest bidder.However, the fact that stolen data was handed to a major…
-
Die Linke German political party confirms data stolen by Qilin ransomware
The Qilin ransomware group has claimed responsibility for an attack against Die Linke (‘The Left’), forcing an IT systems outage at the political party, and threatening sensitive data leak. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/die-linke-german-political-party-confirms-data-stolen-by-qilin-ransomware/
-
Evolution of Ransomware: Multi-Extortion Ransomware Attacks
Multi-extortion ransomware relies on stolen data to pressure victims with public leaks. Penta Security explains how its D.AMO platform keeps exfiltrated files encrypted and useless to attackers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/evolution-of-ransomware-multi-extortion-ransomware-attacks/
-
Clean vs fast recovery: why MTCR matters
Learn how MTCR (Mean Time to Clean Recovery) differs from MTTR, why attackers target backups, and how to build a ransomware-resilient recovery strategy. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/clean-vs-fast-recovery-why-mtcr-matters/
-
Phorpiex Botnet Fuels Ransomware, Sextortion, and Crypto-Theft Attacks
Hackers are abusing the long-running Phorpiex (Trik) botnet to run large-scale ransomware, sextortion, and crypto-clipping operations, turning one infrastructure into a multi-purpose crime machine. A newer variant called Twizt gives the botnet a hybrid architecture that combines traditional command-and-control (C2) with a peer”‘to”‘peer (P2P) protocol, allowing infected machines to share commands and node lists directly with each…
-
The Cyber Express Weekly Roundup: Ransomware, and Supply Chain Breaches Surge
In this week’s weekly roundup, The Cyber Express delivers a concise overview of the latest cybersecurity news, highlighting major cyberattacks, new ransomware risks, and supply chain vulnerabilities. Organizations across industries continue to face a surge in modern cyber threats, ranging from targeted breaches to large-scale exploitation campaigns that disrupt operations and expose sensitive data. First seen on…
-
Qilin Ransomware Deploys Malicious DLL to Disable Most EDR Defenses
The Qilin ransomware group has developed a highly sophisticated infection chain that targets and disables over 300 endpoint detection and response (EDR) solutions. As defenders improve behavioral detection capabilities, attackers are increasingly targeting the defense layer itself during the early stages of a breach. By deploying a malicious >>msimg32.dll<< file, attackers can bypass traditional antivirus…
-
Breach Roundup: Feds Confirm ‘Major’ Hack of FBI System
Also, Lloyds Data Leak, Dutch Treasury Breach, Citrix Bug Exploit, Pay2Key Activity. This week, Lloyds data leak hits 450K, Dutch treasury breach, Citrix flaw exploited, Iran-linked ransomware ops, TrueConf zero-day, Russian fraud ring sentenced, Romania targeted, patch gaps persist, and U.S. hospital breach affects 257K. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/breach-roundup-feds-confirm-major-hack-fbi-system-a-31329
-
State AG Sues Change Healthcare in 2024 Ransomware Attack
Iowa Seeking Civil Monetary Fines, Damages for Alleged Violations. Iowa’s state attorney general is seeking financial damages, civil penalties and improvements to UnitedHealth Group’s data security practices for alleged violations of state and federal laws and other claims involving the 2024 ransomware attack on its Change Healthcare unit. First seen on govinfosecurity.com Jump to article:…
-
Emulating the Concealed Sinobi Ransomware
AttackIQ has released a new attack graph that emulates the behaviors of Sinobi ransomware, a ransomware strain that has been active since mid 2025. Sinobi is suspected to be a rebrand of Lynx, a Ransomware-as-a-Service (RaaS) group that first emerged in 2024. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/emulating-the-concealed-sinobi-ransomware/
-
Akira ransomware group can achieve initial access to data encryption in less than an hour
A new report from Halcyon finds that the group also puts more effort than usual into developing working decryptors, likely to incentivize businesses to pay up. First seen on cyberscoop.com Jump to article: cyberscoop.com/akira-ransomware-initial-access-to-encryption-in-hours/
-
Yurei Ransomware Uses Common Tools, Adds Stranger Things References
Team Cymru details the Yurei ransomware campaign, using standard tools and a few Stranger Thingsnamed payloads to breach and encrypt systems. First seen on hackread.com Jump to article: hackread.com/yurei-ransomware-tools-stranger-things-references/
-
Researchers Observe Sub-One-Hour Ransomware Attacks
Halcyon says Akira is now capable of carrying out an entire ransomware attack in less than an hour First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/researchers-subonehour-ransomware/
-
Akira-Style Ransomware Campaign Hits Windows Users Across South America
A newly identified ransomware campaign is targeting Windows users across South America, leveraging tactics that closely mimic the notorious Akira ransomware group. According to ESET’s findings, the threat actors behind this campaign are attempting to exploit Akira’s reputation by replicating its branding, ransom notes, and dark web infrastructure references. This includes the use of Tor-based…
-
OT Cyber Resilience: Strategic Data Protection for IEC 62443 and NIS2 Compliance
Learn how to protect OT systems, ICS, and SCADA infrastructure from ransomware with backup strategies built for legacy, air-gapped industrial environments. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/ot-cyber-resilience-strategic-data-protection-for-iec-62443-and-nis2-compliance/
-
Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense
A chief medical information officer provided a peek into what hospitals face when they inevitably suffer a ransomware attack”, whether it leads to short or long-term outages. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/ransomware-hospitals-preparation-key-defense
-
Qilin EDR killer infection chain
This blog provides an in-depth analysis of the malicious “msimg32.dll” used in Qilin ransomware attacks, which is a multi-stage infection chain targeting EDR systems. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/qilin-edr-killer/