Tag: ransomware
-
GootLoader uses malformed ZIP files to bypass security controls
GootLoader malware uses malformed ZIP files made of hundreds of concatenated archives to evade detection. GootLoader is used by ransomware actors for initial access, then handed off to others. Built to evade detection, it accounted for 11% of bypassing malware in the past years. GootLoader runs on an access-a-as-a-service model, it is used by different groups to…
-
UkraineGermany operation targets Black Basta, Russian leader wanted
Police in Ukraine and Germany identified Black Basta suspects and issued an international wanted notice for the group’s alleged Russian leader. Ukrainian and German police raided homes linked to alleged Black Basta ransomware members, identifying two Ukrainian suspects. Law enforcement also issued an international wanted notice for the group’s alleged Russian ringleader. >>The Office of…
-
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS) group Black Basta.In addition, the group’s alleged leader, a 35-year-old Russian national named Oleg Evgenievich Nefedov (Ðефедов Олег Евгеньевич), has been added to the European Union’s Most Wanted and INTERPOL’s Red Notice lists, authorities First seen on…
-
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS) group Black Basta.In addition, the group’s alleged leader, a 35-year-old Russian national named Oleg Evgenievich Nefedov (Ðефедов Олег Евгеньевич), has been added to the European Union’s Most Wanted and INTERPOL’s Red Notice lists, authorities First seen on…
-
Ransomware activity never dies, it multiplies
Ransomware attacks kept climbing through 2025, even as major criminal groups collapsed and reformed. A new study conducted by the Symantec and Carbon Black Threat Hunter Team … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/16/ransomware-attacks-extortion-trends/
-
Black Basta: Internationale Fahndung nach dem Kopf der Ransomware-Gruppierung
Tags: ransomwareFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/black-basta-international-fahndung-kopf-ransomware-gruppierung
-
A ransomware attack disrupted operations at South Korean conglomerate Kyowon
South Korean conglomerate Kyowon confirmed a ransomware attack that disrupted operations and may have exposed customer data. Kyowon Group is a major South Korean conglomerate with diverse business interests spanning education, publishing, media, and technology. It operates nationwide, serving millions of customers through its various subsidiaries and brands. The company is a significant player in…
-
Ransomware by the Numbers: Count of Victims and Groups Surge
Despite Some Well-Known Groups Disappearing, Ransomware Competition Remains Fierce. Here’s unwelcome ransomware news: Groups’ victim listings and underground chatter suggest that the count of victims and number of criminal groups behind such attacks have both risen over the past 12 months, despite repeat disruptions by law enforcement, fierce competition and fewer victims paying. First seen…
-
Ransomware-Boss gesucht: Dieser Mann soll der Anführer von Black Basta sein
Interpol, Europol und das BKA fahnden nach dem Boss der Ransomware-Gruppe Black Basta, die allein in Deutschland über 100 Organisationen geschädigt hat. First seen on golem.de Jump to article: www.golem.de/news/ransomware-boss-gesucht-dieser-mann-soll-der-anfuehrer-von-black-basta-sein-2601-204218.html
-
Ransomware gangs extort victims by citing compliance violations
Tags: ai, attack, breach, compliance, data, data-breach, extortion, group, ransomware, regulation, threat, toolAI amplifies attacks: Hild points to another problem: “AI-powered tools dramatically accelerate these attacks. Criminals can now screen stolen documents for ‘material’ compliance violations within hours of a data breach, faster and more accurately than many companies can audit their own systems.”The SailPoint specialist explains: “They create detailed, legally sound complaints for authorities and set…
-
Ransomware trifft Industrie besonders hart
Die Bedrohung durch Ransomware bleibt für deutsche Unternehmen hoch. Laut einer Analyse von Digital Recovery PHD sind vor allem Betriebe des produzierenden Gewerbes betroffen, die mit 34,1 % den größten Anteil der Angriffe ausmachen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/ransomware-industrie
-
Ransomware trifft Industrie besonders hart
Die Bedrohung durch Ransomware bleibt für deutsche Unternehmen hoch. Laut einer Analyse von Digital Recovery PHD sind vor allem Betriebe des produzierenden Gewerbes betroffen, die mit 34,1 % den größten Anteil der Angriffe ausmachen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/ransomware-industrie
-
PharMerica Will Pay at Least $5.2M to Settle Hack Lawsuit
Ransomware Gang Money Message Claimed It Exfiltrated 4.7TB of Firm’s Data. Pharmacy services firm PharMerica will pay at least $5.27 million – plus millions more on enhancing its security – as part of a preliminary class action settlement approved this week by a federal court involving a 2023 data theft incident the company reported as…
-
South Korean giant Kyowon confirms data theft in ransomware attack
The Kyowon Group (Kyowon), a South Korean conglomerate, disclosed that a cyberattack has disrupted its operations and customer information may have been exposed in the incident. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/south-korean-giant-kyowon-confirms-data-theft-in-ransomware-attack/
-
SpyCloud Launches Supply Chain Solution to Combat Rising Third-Party Identity Threats
Tags: access, ai, authentication, breach, business, communications, compliance, credentials, cybercrime, cybersecurity, dark-web, data, data-breach, defense, government, grc, group, identity, incident response, infosec, infrastructure, malware, monitoring, phishing, ransomware, risk, risk-management, service, supply-chain, technology, theft, threat, toolFor government agencies and critical infrastructure operators, supply chain threats present national security risks that demand heightened vigilance. Public sector organizations managing sensitive data and critical services increasingly rely on contractors and technology vendors whose compromised credentials could provide adversaries with pathways into classified systems or essential infrastructure. Last year alone, the top 98 Defense…
-
‘Imagination the limit’: DeadLock ransomware gang using smart contracts to hide their work
New crooks on the block get crafty with blockchain to evade defenses First seen on theregister.com Jump to article: www.theregister.com/2026/01/14/deadlock_ransomware_smart_contracts/
-
DeadLock Ransomware Group Utilizes Polygon Smart Contracts
Stealthy Group Taps Blockchain ‘EtherHiding’ to Facilitate Victim Communications. The DeadLock ransomware group, a newly emerged digital extortion group, is using blockchain smart contracts to store proxy server addresses for facilitating ransomware negotiations with victim organizations. The technique suggests the group is made up of experienced cybercriminals. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/deadlock-ransomware-group-utilizes-polygon-smart-contracts-a-30518
-
DragonForce Ransomware Breakdown and Decryptor for ESXi Windows
Security researchers have published an in”‘depth technical analysis of the DragonForce ransomware operation, along with details of working decryptors for both Windows and ESXi systems targeting specific victims. By the time its dedicated Data Leak Site (DLS) was identified later that month, 17 victim organizations had already been listed. DragonForce markets itself as a cartel…
-
DeadLock Ransomware Uses Polygon Smart Contracts For Proxy Rotation
A new DeadLock ransomware operation uses Polygon blockchain smart contracts to manage proxy server addresses First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/deadlock-polygon-smart-contracts/
-
Cyber Fraud Takes the Lead: What the Shift Away From Ransomware Signals for Enterprises
A new global assessment shows that cyber fraud has overtaken ransomware as the top cybersecurity concern for business leaders, driven by a sharp rise in phishing, business email compromise, and identity-based scams, according to the World Economic Forum. While ransomware continues to pose a serious risk, this shift highlights a critical change in attacker behavior.…
-
Cybersecurity risk will accelerate this year, fueled in part by AI, says World Economic Forum
Tags: ai, attack, automation, business, ceo, ciso, control, country, cryptography, cyber, cybercrime, cybersecurity, data, detection, exploit, finance, framework, fraud, governance, healthcare, incident, infrastructure, international, middle-east, phishing, ransomware, resilience, risk, service, skills, software, strategy, supply-chain, technology, threat, tool, vulnerabilityAI is anticipated to be the most significant driver of change in cybersecurity in 2026, according to 94% of survey respondents;87% of respondents said AI-related vulnerabilities had increased in the past year. Other cyber risks that had increased were (in order) cyber-enabled fraud and phishing, supply chain disruption, and exploitation of software vulnerabilities;confidence in national cyber…
-
Cancer Center: Hackers Stole Research Files, Encrypted Data
University of Hawaii Cancer Center Paid Ransom. Cancer patients who participated in University of Hawaii Cancer Center studies during the 1990s may soon receive a notification that ransomware hackers stole their data in an August 2025 incident. Experts said the hack spotlights concerning risks involving compromises of medical research data. First seen on govinfosecurity.com Jump…
-
Android Banking Malware deVixor Actively Targeting Users with Ransomware Capabilities.
A sophisticated Android banking trojan known as deVixor has emerged as a significant threat to mobile users, combining financial data theft, device surveillance, and ransomware capabilities into a single malicious platform. Active since October 2025, the malware represents a concerning evolution in Android-based financial threats, targeting victims through fake automotive websites and leveraging Telegram infrastructure…
-
Ransomware-Banden erpressen Opfer mit Compliance-Verstößen
Ransomware-Gruppen setzen ihre Opfer vermehrt mit Compliance-Verstößen unter Druck.Ransomware-Attacken zählen nach wie vor zu den häufigsten Angriffsmethoden. Wie aktuelle Analysen zeigen, drohen Cyberbanden ihren Opfern nun vermehrt damit, Verstöße gegen Vorschriften wie die DSGVO an die Aufsichtsbehörden zu melden.So haben Forscher des Security-Anbieters Akamai bereits in den vergangenen zwei Jahren einen zunehmenden Trend bei dieser…
-
Suspected ransomware attack threatens one of South Korea’s largest companies
Kyowon Group, a conglomerate owned by one of South Korea’s richest people, is the latest company there to report suspicious cyber activity to authorities. First seen on therecord.media Jump to article: therecord.media/kyowon-group-south-korea-suspected-ransomware-attack
-
Notorious BreachForums hacking site hit by ‘doomsday’ leak of 324,000 criminal users
Tags: access, breach, crime, cyber, cybercrime, dark-web, data, data-breach, email, extortion, group, hacking, intelligence, law, leak, password, penetration-testing, ransomware, risk, service, threatHave I Been Pwned, the data breach happened last August, two months before the police takedown of the BreachForums data extortion site after threats by Scattered Lapsus$ Hunters to use it to release one billion records stolen from Salesforce customers.This tallies with the August 11 date on the database leaked last week; that was the…
-
Cyberthreats Target Legacy Systems in Manufacturing
Digital Transformation and Legacy OT Systems. Manufacturers remain the top ransomware target in Europe, yet 80% still house critical vulnerabilities. As cyber-physical attacks escalate, Manusec Europe 2026 speakers urge organizations to break tool silos, empower responders and secure legacy OT without halting production. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cyberthreats-target-legacy-systems-in-manufacturing-a-30497
-
University of Hawaii Cancer Center hit by ransomware attack
University of Hawaii says a ransomware gang breached its Cancer Center in August 2025, stealing data of study participants, including documents from the 1990s containing Social Security numbers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/university-of-hawaii-cancer-center-hit-by-ransomware-attack/