Tag: ransomware
-
Top 10 Best DNS Filtering Solutions 2026
In 2026, the perimeter is gone. Your users are everywhere, and the >>castle and moat<< security model is obsolete. The most effective way to secure a hybrid workforce is through DNS filtering and Secure Access Service Edge (SASE). These tools act as the new control plane, stopping ransomware command-and-control (C2) callbacks and AI-driven phishing attacks…
-
FBI takes notorious RAMP ransomware forum offline
The FBI has seized control of RAMP, a notorious cybercrime online forum that bragged to be the only place that allowed ransomware, and boasted over 14,000 active users. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/fbi-takes-notorious-ramp-ransomware-forum-offline
-
Vibe-Coding-Verdacht: Ransomware-Panne mündet in totalem Datenverlust
Tags: ransomwareOpfer der Sicarii-Ransomware sollten besser kein Lösegeld zahlen. Die Daten lassen sich aufgrund eines Fehlers ohnehin nicht mehr entschlüsseln. First seen on golem.de Jump to article: www.golem.de/news/vibe-coding-verdacht-ransomware-panne-muendet-in-totalem-datenverlust-2601-204799.html
-
MongoDB Ransomware Is Still Actively Hitting Exposed Databases
MongoDB ransomware remains an active threat, fueled by exposed databases and insecure deployment practices rather than advanced exploits. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/mongodb-ransomware-is-still-actively-hitting-exposed-databases/
-
RAMP ransomware forum goes dark in probable FBI sting
RAMP, an infamous Russian-speaking cyber crime forum, has gone off the air after an apparent US operation. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366637992/RAMP-ransomware-forum-goes-dark-in-probable-FBI-sting
-
Marquis blames ransomware breach on SonicWall cloud backup hack
Marquis Software Solutions, a Texas-based financial services provider, is blaming a ransomware attack that impacted its systems and affected dozens of U.S. banks and credit unions in August 2025 on a security breach reported by SonicWall a month later. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/marquis-blames-ransomware-breach-on-sonicwall-cloud-backup-hack/
-
Matanbuchus Malware Evolves to Bypass AV Defenses by Swapping Core Components
Matanbuchus is a malicious C++-based downloader that has been sold as Malware-as-a-Service (MaaS) since 2020. Initially known as a simple loader for second-stage payloads, it has steadily evolved into a flexible backdoor platform that is increasingly tied to ransomware operations. In July 2025, researchers observed Matanbuchus version 3.0 in the wild, featuring redesigned components, stronger…
-
Notorious Russia-based RAMP cybercrime forum apparently seized by FBI
RAMP was used by Russian, Chinese and English-speaking cybercriminals and particularly catered to ransomware groups and their affiliates. First seen on therecord.media Jump to article: therecord.media/notorious-russia-based-ramp-forum-seized
-
How Can CISOs Respond to Ransomware Getting More Violent?
Ransomware defense requires focusing on business resilience. This means patching issues promptly, improving user education, and deploying multi-factor authentication. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/how-cisos-respond-ransomware-getting-more-violent
-
FBI Takes Down RAMP Ransomware Forum
The dark web forum administrator confirmed the takedown and said they had “no plans to rebuild” First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fbi-takes-down-ramp-ransomware/
-
Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups
Ransomware victims surged in Q4 2025 despite fewer active extortion groups, with data leaks rising 50%, ReliaQuest researchers report First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ransomware-numbers-rise-despite/
-
Schlag gegen Ransomware: FBI nimmt Cybergangstern ihr Forum weg
Das FBI hat ein vor allem an Ransomware-Hacker gerichtetes Cybercrime-Forum namens Ramp übernommen. Gründer war wohl ein alter Bekannter aus Russland. First seen on golem.de Jump to article: www.golem.de/news/schlag-gegen-ransomware-fbi-nimmt-cybergangstern-ihr-forum-weg-2601-204764.html
-
IR Trends Q4 2025: Exploitation remains dominant, phishing campaign targets Native American tribal organizations
A drop in exploitation and ransomware, but a spike in phishing and credential abuse, show why timely patching and robust MFA matter more than ever. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/ir-trends-q4-2025/
-
Ene, mene, muh? So wählen Ransomware-Gruppen ihre Opfer
Tags: ransomwareWer glaubt, Ransomware-Gruppen würden ihre Ziele akribisch nach Branchen, Standorten oder strategischer Bedeutung selektieren, liegt meist daneben. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/so-waehlen-ransomware-gruppen-opfer
-
Initial access hackers switch to Tsundere Bot for ransomware attacks
A prolific initial access broker tracked as TA584 has been observed using the Tsundere Bot alongside XWorm remote access trojan to gain network access that could lead to ransomware attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/initial-access-hackers-switch-to-tsundere-bot-for-ransomware-attacks/
-
Site catering to online criminals has been seized by the FBI
Tags: ransomwareOne of the last holdouts for ransomware discussions, RAMP is taken down. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/01/site-catering-to-online-criminals-has-been-seized-by-the-fbi/
-
Ransomware crims forced to take off-RAMP as FBI seizes forum
Cybercrime solved. The end First seen on theregister.com Jump to article: www.theregister.com/2026/01/28/fbi_seizes_ramp_forum/
-
Russian Cybercrime Platform RAMP Forum Seized by FBI
US authorities have seized the RAMP cybercrime forum, taking down both its clearnet and dark web domains in a major hit to the ransomware infrastructure. First seen on hackread.com Jump to article: hackread.com/russian-cybercrime-ramp-forum-seized-fbi/
-
FBI seizes RAMP cybercrime forum used by ransomware gangs
The FBI has seized the notorious RAMP cybercrime forum, a platform used to advertise a wide range of malware and hacking services, and one of the few remaining forums that openly allowed the promotion of ransomware operations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-seizes-ramp-cybercrime-forum-used-by-ransomware-gangs/
-
Russian Cybercrime Platform RAMP Forum Seized by Feds
US authorities have seized the RAMP cybercrime forum, taking down both its clearnet and dark web domains in a major hit to the ransomware infrastructure. First seen on hackread.com Jump to article: hackread.com/russian-cybercrime-ramp-forum-seized-feds/
-
Wie Ransomware-Gruppen ihre Opfer auswählen
Die Sophos-X-Ops-Counter-Threat-Unit (CTU) untersucht in einer neuen Studie, wie Ransomware-Akteure ihre Ziele auswählen. Das Ergebnis macht einmal mehr klar, dass die Cyberkriminelle gerne den Weg des geringsten Widerstands gehen: die überwiegende Mehrheit der untersuchten Ransomware-Angriffe erfolgte opportunistisch und nicht gezielt. Die Analyse der CTU-Telemetriedaten belegt, dass Angreifer in den meisten Fällen ihre vorhandenen Zugriffsrechte ausnutzen,…
-
Sophos X-Ops untersucht wie Ransomware-Akteure ihre Ziele auswählen
Werden Organisationen eines bestimmten Sektors Opfer einer spezifischen Gruppe, liegt dies wahrscheinlich daran, dass diese Gruppe eine Schwachstelle in einem in diesem Sektor weit verbreiteten Dienst ausnutzt. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-x-ops-untersucht-wie-ransomware-akteure-ihre-ziele-auswaehlen/a43490/
-
GoTo Resolve Tool’s Background Activities Compared to Ransomware Tactics
New research from Point Wild’s Lat61 team reveals how the HEURRemoteAdmin.GoToResolve.gen tool allows silent, unattended access to PCs. Learn why this legitimate remote administration software is being flagged as a security risk and its surprising connection to ransomware tactics. First seen on hackread.com Jump to article: hackread.com/goto-resolve-activities-ransomware-tactics/
-
Sicarii ransomware locks your data and throws away the keys
Tags: ai, business, communications, compliance, credentials, data, encryption, extortion, finance, malware, network, ransomware, risk, vulnerabilityUnusual technical profile hints at vibe-coding: One possible explanation for Sicarii’s broken encryption flow is immature or poorly implemented development practices. The ransomware’s failure to retain usable keys is inconsistent with established ransomware design and suggests it may have been assembled without rigorous testing or a clear understanding of operational consequences, or even vibe-coded.”Halcyon assesses…
-
Vibe-Coded ‘Sicarii’ Ransomware Can’t Be Decrypted
A new ransomware strain that entered the scene last year has poorly designed code and an odd Hebrew identity that might be a false flag. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/vibe-coded-sicarii-ransomware-decrypted
-
NDSS 2025 Detecting Ransomware Despite I/O Overhead: A Practical Multi-Staged Approach
Tags: attack, conference, cyber, detection, exploit, Internet, monitoring, network, phishing, ransomware, risk, windows, zero-daySession 10B: Ransomware Authors, Creators & Presenters: Christian van Sloun (RWTH Aachen University), Vincent Woeste (RWTH Aachen University), Konrad Wolsing (RWTH Aachen University & Fraunhofer FKIE), Jan Pennekamp (RWTH Aachen University), Klaus Wehrle (RWTH Aachen University) PAPER Detecting Ransomware Despite I/O Overhead: A Practical Multi-Staged Approach Ransomware attacks have become one of the most widely…
-
Broken decryptor leaves Sicarii ransomware victims adrift
A coding error in an emergent strain of ransomware leaves victims unable to recover their data, even if they cooperate with the hackers’ demands First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366637711/Broken-decryptor-leaves-Sicarii-ransomware-victims-adrift
-
Nike investigates data breach after extortion gang leaks files
Nike is investigating what it described as a “potential cyber security incident” after the World Leaks ransomware gang leaked 1.4 TB of files allegedly stolen from the sportswear giant. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nike-investigates-data-breach-after-extortion-gang-leaks-files/
-
From Cipher to Fear: The psychology behind modern ransomware extortion
Modern ransomware has shifted from encryption to psychological extortion that exploits fear, liability, and exposure. Flare shows how today’s ransomware groups weaponize stolen data and pressure tactics to force payment. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/from-cipher-to-fear-the-psychology-behind-modern-ransomware-extortion/