Tag: ransomware
-
An overview of ransomware threats in Japan in 2025 and early detection insights from Qilin cases
There were 134 ransomware incidents reported in Japan in 2025, representing a 17.5% year-over-year increase from 2024. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/an-overview-of-ransomware-threats-in-japan-in-2025-and-early-detection-insights-from-qilin-cases/
-
North Dakota water treatment plant reports March ransomware attack
A water treatment plant in the city of Minot, North Dakota, was hit with ransomware but city officials said it continues to operate normally. First seen on therecord.media Jump to article: therecord.media/north-dakota-ransomware-water-plant
-
Ransomware Groups Exploit Legit IT Tools to Bypass Antivirus
New research from Seqrite explains the ‘dual-use dilemma,’ where ransomware attackers repurpose legitimate IT tools like IOBit Unlocker… First seen on hackread.com Jump to article: hackread.com/ransomware-groups-exploit-it-tools-bypass-antivirus/
-
Google Drive ransomware detection now on by default for paying users
Google announced that the AI-powered Google Drive ransomware detection feature has reached general availability and is now enabled by default for all paying users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-drive-ransomware-detection-now-on-by-default-for-paying-users/
-
LeakNet Changes Tactics, But Consistency Gives Defenders an Advantage
LeakNet may be expanding its reach and scaling up, changing techniques and running campaigns directly, but the ransomware operator’s use of a repeatable post-exploitation sequence gives defenders a leg up. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/leaknet-changes-tactics-but-consistency-gives-defenders-an-advantage/
-
Google Drive Expands AI Ransomware Detection, File Recovery to More Users
Google expands Drive ransomware detection and file recovery with its latest AI model, which detects 14 times more infections as the features move beyond beta. The post Google Drive Expands AI Ransomware Detection, File Recovery to More Users appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-drive-ransomware-detection-file-recovery/
-
Iran Deploys ‘Pseudo-Ransomware,’ Revives Pay2Key Operations
Iranian APTs are blurring the lines between state-sponsored and cybercriminal activities to target high-impact US organizations. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/iran-pseudo-ransomware-pay2key-operations
-
Panera’s 5.1 Million User Breach: When ‘No Hack’ Becomes a Ransomware Business Model
ShinyHunters leaked 5.1M Panera accounts after extortion failed. Contact data can’t be changed like passwords”, it’s permanent exposure fueling years of scams. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/paneras-5-1-million-user-breach-when-no-hack-becomes-a-ransomware-business-model/
-
Panera’s 5.1 Million User Breach: When ‘No Hack’ Becomes a Ransomware Business Model
ShinyHunters leaked 5.1M Panera accounts after extortion failed. Contact data can’t be changed like passwords”, it’s permanent exposure fueling years of scams. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/paneras-5-1-million-user-breach-when-no-hack-becomes-a-ransomware-business-model/
-
New criminal service plans to monetize data stolen by ransomware gangs
A site called Leak Bazaar pitches itself as something closer to a data-processing business than a typical hacking or ransomware-as-a-service operation. First seen on therecord.media Jump to article: therecord.media/new-criminal-service-plans-to-monetize-ransomware-data
-
Windows Tools Abused to Kill AV Ahead of Ransomware Attacks
Hackers are increasingly turning legitimate Windows administration tools into stealthy weapons to disable antivirus and EDR before launching ransomware, making attacks faster, quieter, and harder to stop. Instead of dropping noisy custom malware upfront, modern operators chain trusted utilities to gain SYSTEM access, kill security processes, and then encrypt at scale. Because many of these…
-
TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets
TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ and Vect ransomware gangs First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/teampcp-exploit-stolen-supply/
-
Ransomware in 2025: Blending in is the strategy
A summary of the top ransomware trends from the Talos 2025 Year in Review, with a focus on identity, attacker tactics, and practical defenses. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/ransomware-in-2025-blending-in-is-the-strategy/
-
Google Drive now detects ransomware and helps restore affected files
To help organizations minimize the impact of malware attacks on personal computers, Google launched ransomware detection and file restoration in beta in September 2025. These … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/31/google-drive-ransomware-detection-and-file-restoration/
-
Google Introduces Advanced Ransomware Defense and Recovery Features in Drive
Google has officially moved its advanced ransomware detection and file restoration features for Google Drive out of beta, making them generally available to organizations globally. Originally launched for beta testing in September 2025, these security enhancements are designed to minimize the destructive impact of malware attacks on both personal and corporate endpoints. The general availability…
-
Fahndung nach Cyberkriminellen 130 Firmen attackiert
130 Unternehmen und Institutionen gerieten ins Visier der Hacker.Nach jahrelangen Cybercrime-Angriffen auf mehr als Hundert Unternehmen und Einrichtungen in Deutschland haben Ermittler zwei zentrale Verdächtige identifiziert. Der eine sei der mutmaßliche Kopf von zwei Hackergruppen, der andere der mutmaßliche Programmierer der von diesen Gruppen genutzten Schadsoftware. Dies teilten das bei der Generalstaatsanwaltschaft Karlsruhe eingerichtete Cybercrime-Zentrum…
-
Qilin Ransomware allegedly breached chemical manufacturer giant Dow Inc
Qilin ransomware claims a breach of Dow Inc., listing it on its Tor leak site, but no proof of the hack has been released yet. Qilin Ransomware group allegedly breached the chemical manufacturing giant Dow Inc. The cybercrime group added the company to its Tor data leak site, but at this time, it has not…
-
National Cyber Resilience Demands Unified Defense
UK NCSC’s Richard Horne on Strengthening Cyber Defense and Incident Response. Cyber risk is rising as digital dependence grows and threat actors expand. NCSC CEO Richard Horne outlines why leaders must treat cybersecurity as mission-critical, strengthen their resilience, and align defense efforts to counter ransomware, AI-driven threats, and supply chain attacks. First seen on govinfosecurity.com…
-
Global Cybercrime Investigations Gain Ground
Stan Duijf of Dutch National Police on Collaborative Law Enforcement. Global law enforcement agencies are shifting tactics to disrupt ransomware earlier in the attack chain. Stan Duijf of the Dutch National Police describes how collaboration, threat intelligence and cryptocurrency seizures are making cybercrime more costly and less effective for criminals. First seen on govinfosecurity.com Jump…
-
Partei Die Linke wurde Opfer eines Cyberangriffs
Wie Trend Micro berichtet, wurde vergangenen Donnerstag das IT-Netzwerk der Partei Die Linke Ziel eines Cyberangriffs. In der veröffentlichten Pressemeldung heißt es: ‘Uns liegen Hinweise vor, dass es sich um einen Ransomware-Angriff der Hackergruppe “šQilin’ handelt. Dabei handelt es sich um eine mutmaßlich russischsprachige Cybercrime-Organisation, deren Aktivitäten sowohl finanziell als auch politisch motiviert sein können.”…
-
TeamPCP’s attack spree slows, but threat escalates with ransomware pivot
TeamPCP’s destructive run of supply chain breaches has stopped, for now: it has been three days since the group published malicious versions of Telnyx’s SDK on PyPI, and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/30/teampcp-supply-chain-attacks-ransomware/
-
Am WorldDay geht es nicht mehr nur um Datensicherung, sondern auch um das Identitäts- und Zugriffsmanagement
Shane Barney, Chief Information Security Officer bei Keeper SecurityDer World-Backup-Day unterstreicht eine grundlegende Anforderung für Organisationen in ganz Europa: Die Fähigkeit, Daten schnell und sicher wiederherzustellen. Dies ist von zentraler Bedeutung für die Cybersicherheit und die Geschäftskontinuität. Ob durch Ransomware, menschliche Fehler oder Systemstörungen verursacht, ein Datenverlust gehört nach wie vor zu den unmittelbarsten und…
-
WorldDay Mehr als nur Schutz vor Ransomware
In einer Welt voller KI, Zero-Day-Exploits und nationalstaatlichen Cyberbedrohungen mag die Datensicherung wie eine Aufgabe aus dem Grundkurs Cybersicherheit erscheinen. Doch einige der schwerwiegendsten Vorfälle, mit denen Unternehmen konfrontiert sind, sind nicht auf hochkomplexe Angriffe zurückzuführen, sondern darauf, dass sie nicht auf das Unvermeidliche vorbereitet sind und Datenverlust ist unvermeidlich. Wenn die meisten Unternehmen […]…
-
Exposed Server Leaks TheGentlemen Ransomware Toolkit, Credentials, and Ngrok Tokens
A fully operational TheGentlemen ransomware toolkit on an exposed server, revealing victim credentials, ngrok tokens, and a complete pre-encryption playbook. This led them to an unauthenticated HTTP server at 176.120.22[.]127:80, hosted by Russian bulletproof provider Proton66 OOO, exposing 126 files across 18 subdirectories and about 140 MB of data. Proton66 has previously been tied to…
-
RSAC Focuses Cybersecurity Insights, Tech, and Community in One Place
The RSAC conference has once again descended upon San Francisco and delivered an event that brings together the largest collection of industry leaders, technologies, and cybersecurity community events! Over the course of several days, attendees accessed exceptional keynotes, thought-leading expert sessions, and an unmatched technology expo. During the evenings, there were countless private events, get-togethers,…
-
Cyberangriff auf die Linke
Die Hackergruppe “Qilin” steht möglicherweise hinter dem Angriff.Die Linke ist nach eigenen Angaben Opfer einer schweren Cyberattacke geworden und vermutet dahinter russischsprachige Hacker. Man habe am Donnerstag sofort reagiert und Teile der IT-Infrastruktur vom Netz genommen, teilte Bundesgeschäftsführer Janis Ehling mit. «Nach derzeitigen Erkenntnissen zielen die Täter darauf ab, sensible Daten aus dem inneren Bereich der…
-
The Cyber Express Weekly Roundup: Cyberattacks, AI Risks, and Geopolitical Cyber Threats
In this week’s weekly roundup, The Cyber Express brings together the latest developments in global cybersecurity news, from high-profile ransomware attacks to emerging risks in AI adoption and geopolitical cyber activity. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/the-cyber-express-weekly-roundup-march-27/
-
The Energy Sector Isn’t Ready for Ransomware”, and 2025 Proved It
The global surge in energy sector ransomware attacks intensified throughout 2025, exposing deep vulnerabilities in critical infrastructure. As organizations prepare for what’s coming next, the lessons are becoming harder to ignore. The systems that power homes, fuel industries, and sustain modern life are under siege, not by isolated hackers, but by highly organized ransomware groups operating at scale. First seen on thecyberexpress.com Jump…
-
BianLian Ransomware Spreads via Fake Invoice SVG Images in New Attacks
Researchers at WatchGuard have identified a new phishing campaign targeting companies in Venezuela. Using malicious SVG image files… First seen on hackread.com Jump to article: hackread.com/bianlian-ransomware-fake-invoice-svg-images-attacks/