Tag: ransomware
-
Cybercriminals Exploit Microsoft Teams to Phish Login Credentials and Bypass MFA
Tags: authentication, credentials, cyber, cybercrime, espionage, exploit, iran, login, mfa, microsoft, phishing, ransomware, threatIranian state-sponsored threat actors linked to MuddyWater (Seedworm) have been caught hiding behind the Chaos ransomware brand to conduct sophisticated espionage operations, using Microsoft Teams as a phishing vector to steal credentials and manipulate multi-factor authentication (MFA). Rapid7 researchers uncovered the intrusion in early 2026, revealing a calculated false flag operation designed to mimic financially…
-
The Winter Games effect: When gold meets DDoS
Tags: attack, botnet, cctv, ddos, defense, detection, dns, government, group, infrastructure, international, Internet, iot, jobs, lockbit, network, penetration-testing, ransomware, router, service, strategy, threat, windowsAttack volumes 610x historical levels during the Winter Games period (February 623, 2026)Peak attack count reached more than 2,200 attacks on February 23NoName057(16) dominated public DDoS hacktivist claims with 47, although ransomware groups (Qilin, LockBit 5.0) also claimed success in various attacksTactical shift from pre-Winter Games high-bandwidth attacks (412.89Gbps peak) to Winter Games-period high-throughput attacksGeographic…
-
DOJ says ransomware gang tapped into Russian government databases
U.S. prosecutors said a ransomware gang fueled Russian government corruption, and allowed the gang’s leaders to avoid paying taxes and dodge the country’s military draft. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/06/doj-says-ransomware-gang-tapped-into-russian-government-databases/
-
Iranian cyber espionage disguised as a Chaos Ransomware attack
Iran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing, credential theft, data exfiltration, and extortion without encryption. A newly discovered cyber intrusion attributed to the Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) reveals how state-sponsored attackers are increasingly leveraging ransomware tactics to disguise espionage operations. The campaign, uncovered by security researchers at Rapid7, blended…
-
Why ransomware attacks succeed even when backups exist
Backups don’t fail because they’re missing, they fail because attackers destroy them first. Acronis explains how ransomware targets backup systems before encryption, leaving no path to recovery. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/why-ransomware-attacks-succeed-even-when-backups-exist/
-
Iran-Linked APT Posed as Chaos Ransomware Member in Espionage Campaign
Rapid7 reveals an Iranian false flag operation masquerading as a Chaos ransomware attack First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-linked-apt-chaos-ransomware/
-
Train like you fight: Why cyber operations teams need no-notice drills
Tags: breach, business, cloud, communications, credentials, cyber, cybersecurity, detection, framework, healthcare, injection, login, military, psychology, ransomware, risk, skills, soc, threat, training, updateThe Yerkes-Dodson inverted-U curve: Performance rises with arousal to an optimal point, then falls sharply.Wikimedia Commons, CC-ZeroWhat repeated no-notice drills do is shift a team’s position on that curve. By building familiarity with threat-level arousal, they raise the threshold at which stress becomes performance-impairing. The stimulus is no longer novel. The cascade is shorter. Executive…
-
Ransomware Gang Member Linked to Russian Cybercrime Group Sentenced to Prison
A Latvian national operating from Moscow has been sentenced to 102 months in federal prison for his role as a key negotiator within a prolific Russian ransomware network. Deniss Zolotarjovs, 35, participated in a cybercrime syndicate that orchestrated data theft and extortion campaigns against over 54 organizations worldwide between June 2021 and August 2023. The…
-
Ransomware Gangs Escalate Attacks on Aviation and Aerospace Sector
Ransomware and data extortion groups are increasingly targeting the aviation and aerospace sector, exploiting interconnected systems, shared platforms, and identity-based access models to cause operational disruption and data compromise. Cyber risk across aviation has shifted beyond traditional IT incidents toward ransomware attacks, credential theft, and platform-level compromise. The aviation ecosystem relies heavily on shared IT…
-
U.S. court sentences Karakurt ransomware negotiator to 8.5 years
Deniss Zolotarjovs was sentenced to 8.5 years in the U.S. after pleading guilty to money laundering and fraud tied to ransomware. Deniss Zolotarjovs, a Latvian national linked to the Karakurt ransomware gang, has been sentenced to 8.5 years in U.S. prison, marking a significant step in efforts to combat global ransomware operations. >>A Latvian national…
-
Conti, Akira ransomware affiliate given 8-year sentence
Deniss Zolotarjovs pleaded guilty in July 2025 to money laundering and wire fraud charges after being arrested in the country of Georgia. First seen on therecord.media Jump to article: therecord.media/conti-akira-ransomware-affiliate-sentenced
-
Latvian national sentenced for ransomware attacks run by former Conti leaders
Deniss Zolotarjovs was mostly tasked with putting pressure on the Russia-based crew’s victims, in one case leaking hundreds of children’s health records. First seen on cyberscoop.com Jump to article: cyberscoop.com/latvian-russia-ransomware-conti-sentenced/
-
Conti ransomware gang member sentenced to 102 months in prison
A Latvian national who was part of a major Russian ransomware organization that stole from and extorted more than 54 companies has been sentenced to 102 months in prison. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/05/usa-conti-ransomware-member-sentenced/
-
Education Sector Hit by Espionage, Phishing, and Supply Chain Attacks
Educational institutions are now facing a coordinated mix of state espionage, spear”‘phishing, and supply chain intrusions, even as classic ransomware and vulnerability volumes show signs of easing. Every attributed campaign was linked to state actors, with no financially motivated groups observed. China-aligned clusters led by MISSION2074 dominate, with additional activity from Stone Panda, Hafnium, Lotus…
-
Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison
A Latvian national extradited to the United States was sentenced to 8.5 years in prison for his “cold case” negotiator role in the Russian Karakurt ransomware group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/karakurt-extortion-gang-negotiator-sentenced-to-85-years-in-prison/
-
Everest Group Begins Leaking Alleged Liberty Mutual Data
Cybercrime Gang Claims to Have 108-Gbyte Trove of Insurer’s Files, Folders. Ransomware gang Everest Group claims to have stolen more than 108 gigabytes of data- including policyholder details – belonging to insurer Liberty Mutual. The cybercrime group began leaking the company’s alleged data on Monday afternoon, saying the insurer failed to respond to the gang’s…
-
Frost Bank Hit With Class-Action Lawsuits Over Data Breach Affecting More Than 100,000 Customers
What happened Frost Bank, San Antonio’s largest bank, is facing two proposed class-action lawsuits following a cyberattack attributed to the Everest ransomware group that allegedly exposed the sensitive personal data of an estimated 109,000 customers. The bank has not publicly confirmed the scope of the breach or reported it to the Texas Attorney General’s Office,…The…
-
Two cybersecurity pros get prison time for helping ransomware gang
Two American cybersecurity professionals were sentenced to four years in prison for facilitating BlackCat ransomware attacks in 2023. They pleaded guilty in December 2025 to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/04/cybersecurity-experts-alphv-blackcat-ransomware-sentenced/
-
DOJ Sentences Two Americans for ALPHV BlackCat Ransomware Attacks
The U.S. Department of Justice (DOJ) has sentenced two American cybersecurity professionals to prison for their involvement in ALPHV BlackCat ransomware attacks that targeted multiple U.S. organizations in 2023. The case highlights the growing threat of insider expertise being misused in ransomware-as-a-service (RaaS) operations. Ryan Goldberg, 40, from Georgia, and Kevin Martin, 36, from Texas,…
-
cPanel-Lücke: Hacker kapern massenhaft Webportale und schleusen Ransomware ein
Für Webdienstbetreiber wird es höchste Zeit, ihre cPanel-Instanzen zu patchen. Angreifer nutzen eine kritische Lücke für Ransomware-Attacken aus. First seen on golem.de Jump to article: www.golem.de/news/cpanel-luecke-hacker-kapern-massenhaft-webportale-und-fordern-loesegeld-2605-208263.html
-
cPanel-Lücke: Hacker kapern massenhaft Webportale und fordern Lösegeld
Für Webdienstbetreiber wird es höchste Zeit, ihre cPanel-Instanzen zu untersuchen. Angreifer schleusen durch eine kritische Lücke Ransomware ein. First seen on golem.de Jump to article: www.golem.de/news/cpanel-luecke-hacker-kapern-massenhaft-webportale-und-fordern-loesegeld-2605-208263.html
-
Paying Ransom Won’t Help as VECT 2.0 Ransomware Destroys Data Irreversibly
VECT 2.0 ransomware contains fatal flaws that permanently destroy files, making recovery impossible and rendering ransom payments useless for victims worldwide. First seen on hackread.com Jump to article: hackread.com/paying-ransom-vect-2-0-ransomware-destroys-data/
-
Security Affairs newsletter Round 575 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Two US cybersecurity experts sentenced in ransomware case, third awaits July ruling Trellix discloses the breach…
-
Global Cyber Threat Brief: Identity Breaches, Supply Chain Attacks, and the Rise of Organized Cybercrime
Tags: attack, breach, cyber, cybercrime, data, exploit, identity, organized, ransomware, service, supply-chain, threatIn the past week, the global cyber threat landscape has once again demonstrated how rapidly attackers are evolving shifting from isolated intrusions to coordinated, multi-stage campaigns targeting identities, supply chains, and service providers. From large-scale identity data exposure to sophisticated token abuse and ransomware-driven disruptions, these incidents highlight a critical reality: attackers are increasingly exploiting…
-
2 US Cybersecurity Experts Jailed for Aiding ALPHV (BlackCat) Ransomware
Two US cybersecurity experts jailed for aiding BlackCat ransomware group, extorting victims worldwide and exploiting insider access for profit. First seen on hackread.com Jump to article: hackread.com/us-cybersecurity-experts-jail-alphv-blackcat-ransomware/