Ransomware  List -  2024  2023  2021  2020  2019  2018

DATE

NAME

Info

CATEG.

WEB

28.10.24

Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of Ransom

The Hacker News

27.10.24

New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics Ransom

The Hacker News

27.10.24

Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks Threat actors have been observed abusing Amazon S3 (Simple Storage Service) Transfer Acceleration feature as part of Ransom

The Hacker News

27.10.24

Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks

A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government

Ransom

The Hacker News

26.10.24 Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program Cybersecurity researchers have gleaned additional insights into a nascent ransomware-as-a-service (RaaS) called Cicada3301 after RansomThe Hacker News

29.9.24

Embargo ransomware escalates attacks to cloud environmentsMicrosoft warns that ransomware threat actor Storm-0501 has recently switched tactics and now targets hybrid cloud environments, expanding its strategy to compromise all victim assets.Ransom

BleepingComputer

28.9.24

AutoCanada says ransomware attack "may" impact employee dataAutoCanada is warning that employee data may have been exposed in an August cyberattack claimed by the Hunters International ransomware gang.Ransom

BleepingComputer

24.9.24

New Mallox ransomware Linux variant based on leaked Kryptina codeAn affiliate of the Mallox ransomware operation, also known as TargetCompany, was spotted using a slightly modified version of the Kryptina ransomware to attack Linux systems.Ransom

BleepingComputer

21.9.24

X hacking spree fuels "$HACKED" crypto token pump-and-dump​Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks.RansomBleepingComputer

21.9.24

Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomwareMicrosoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks.RansomBleepingComputer

21.9.24

Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware​Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks.Ransom

BleepingComputer

20.9.24

Ransomware gangs now abuse Microsoft Azure tool for data theftRansomware gangs like BianLian and Rhysida increasingly use Microsoft's Azure Storage Explorer and AzCopy to steal data from breached networks and store it in Azure Blob storage.Ransom

BleepingComputer

19.9.24

Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare SectorMicrosoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the firstRansomThe Hacker News

15.9.24

Port of Seattle hit by Rhysida ransomware in August attackPort of Seattle, the United States government agency overseeing Seattle's seaport and airport, confirmed on Friday that the Rhysida ransomware operation was behind a cyberattack impacting its systems over the last three weeks.Ransom

BleepingComputer

15.9.24

RansomHub claims Kawasaki cyberattack, threatens to leak stolen dataKawasaki Motors Europe has announced that it's recovering from a cyberattack that caused service disruptions as the RansomHub ransomware gang threatens to leak stolen data.Ransom

BleepingComputer

14.9.24

RansomHub ransomware abuses Kaspersky TDSSKiller to disable EDR softwareThe RansomHub ransomware gang has been using TDSSKiller, a legitimate tool from Kaspersky, to attempt disabling endpoint detection and response (EDR) services on target systems.Ransom

BleepingComputer

14.9.24

NoName ransomware gang deploying RansomHub malware in recent attacksThe NoName ransomware gang has been trying to build a reputation for more than three years targeting small and medium-sized businesses worldwide with its encryptors and may now be working as a RansomHub affiliate.RansomBleepingComputer

11.9.24

CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHubThe threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- andRansomThe Hacker News

10.9.24

Critical SonicWall SSLVPN bug exploited in ransomware attacksRansomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims' networks.Ransom

BleepingComputer

8.9.24

Planned Parenthood confirms cyberattack as RansomHub claims breachPlanned Parenthood has confirmed it suffered a cyberattack affecting its IT systems, forcing it to take parts of its infrastructure offline to contain the damage.Ransom

BleepingComputer

7.9.24

Linux version of new Cicada ransomware targets VMware ESXi serversA new ransomware-as-a-service (RaaS) operation named Cicada3301 has already listed 19 victims on its extortion portal, as it quickly attacked companies worldwide.Ransom

BleepingComputer

4.9.24

New Rust-Based Ransomware Cicada3301 Targets Windows and Linux SystemsCybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similaritiesRansomThe Hacker News

4.9.24

RansomHub Ransomware Group Targets 210 Victims Across Critical SectorsThreat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception inRansomThe Hacker News

1.9.24

Halliburton cyberattack linked to RansomHub ransomware gangThe RansomHub ransomware gang is behind the recent cyberattack on oil and gas services giant Halliburton, which disrupted the company's IT systems and business operations.Ransom

BleepingComputer

1.9.24

FBI: RansomHub ransomware breached 210 victims since FebruarySince surfacing in February 2024, RansomHub ransomware affiliates have breached over 200 victims from a wide range of critical U.S. infrastructure sectors.Ransom

BleepingComputer

31.8.24

Iranian hackers work with ransomware gangs to extort breached orgsAn Iran-based hacking group known as Pioneer Kitten is breaching defense, education, finance, and healthcare organizations across the United States and working with affiliates of several ransomware operations to extort the victims.Ransom

BleepingComputer

31.8.24

BlackSuit ransomware stole data of 950,000 from software vendorYoung Consulting is sending data breach notifications to 954,177 people who had their information exposed in a BlackSuit ransomware attack on April 10, 2024.Ransom

BleepingComputer

31.8.24

US Marshals Service disputes ransomware gang's breach claimsThe U.S. Marshals Service (USMS) denies its systems were breached by the Hunters International ransomware gang after being listed as a new victim on the cybercrime group's leak site on Monday.Ransom

BleepingComputer

29.8.24

U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware AttacksU.S. cybersecurity and intelligence agencies have called out an Iranian hacking group for breaching multiple organizations acrossRansomThe Hacker News

28.8.24

BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack WaveThe threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impactingRansomThe Hacker News

27.8.24

Patelco notifies 726,000 customers of ransomware data breachPatelco Credit Union warns customers it suffered a data breach after personal data was stolen in a RansomHub ransomware attack earlier this year.Ransom

BleepingComputer

25.8.24

American Radio Relay League confirms $1 million ransom paymentThe American Radio Relay League (ARRL) paid a $1 million ransom for a decryptor that helped restore systems encrypted in a May ransomware attackRansom

BleepingComputer

25.8.24

Qilin ransomware now steals credentials from Chrome browsersThe Qilin ransomware group has been using a new tactic and deploys a custom stealer to steal account credentials stored in Google Chrome browser.Ransom

BleepingComputer

24.8.24

QNAP adds NAS ransomware protection to latest QTS versionTaiwanese hardware vendor QNAP has added a Security Center with ransomware protection capabilities to the latest version of its QTS operating system for network-attached storage (NAS) devices.Ransom

BleepingComputer

24.8.24

New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome DataThe threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers onRansomThe Hacker News

23.8.24

CannonDesign confirms Avos Locker ransomware data breachThe Cannon Corporation dba CannonDesign is sending notices of a data breach to more than 13,000 of current and former employees, informing that hackers breached and stole data from its network in an attack in early 2023.Ransom

BleepingComputer

23.8.24

Ransomware rakes in record-breaking $450 million in first half of 2024Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, setting the stage for a new record this year if ransom payments continue at this level.Ransom

BleepingComputer

21.8.24

Ransomware gang deploys new malware to kill security softwareRansomHub ransomware operators have been spotted deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacksRansom

BleepingComputer

20.8.24

CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware AttacksThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its KnownRansomThe Hacker News

17.8.24

3AM ransomware stole data of 464,000 Kootenai Health patientsKootenai Health has disclosed a data breach impacting over 464,000 patients after their personal information was stolen and leaked by the 3AM ransomware operation.Ransom

BleepingComputer

17.8.24

Ransom Cartel, Reveton ransomware owner arrested, charged in USBelarusian-Ukrainian national Maksim Silnikau was arrested in Spain and is now extradited to the USA to face charges for creating the Ransom Cartel ransomware operation in 2021 and running a malvertising operation from 2013 to 2022.Ransom

BleepingComputer

16.8.24

Australian gold producer Evolution Mining hit by ransomwareEvolution Mining has informed that it has been targeted by a ransomware attack on August 8, 2024, which impacted its IT systems.Ransom

BleepingComputer

15.8.24

RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber AttacksA cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpointRansomThe Hacker News

15.8.24

Black Basta-Linked Attackers Target Users with SystemBC MalwareAn ongoing social engineering campaign with alleged links to the Black Basta ransomware group has been linked to "multiple intrusionRansomThe Hacker News

11.8.24

McLaren hospitals disruption linked to INC ransomware attackOn Tuesday, IT and phone systems at McLaren Health Care hospitals were disrupted following an attack linked to the INC Ransom ransomware operation.Ransom

BleepingComputer

11.8.24

UK IT provider faces $7.7 million fine for 2022 ransomware breachThe UK's Information Commissioner's Office (ICO) has announced a provisional decision to impose a fine of £6.09M ($7.74 million) on Advanced Computer Software Group Ltd (Advanced) for its failure to protect the personal information of tens of thousands when it was hit by ransomware in 2022.Ransom

BleepingComputer

9.8.24

Ransomware gang targets IT workers with new SharpRhino malwareThe Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks.Ransom

BleepingComputer

9.8.24

Keytronic reports losses of over $17 million after ransomware attackElectronic manufacturing services provider Keytronic has revealed that it suffered losses of over $17 million due to a May ransomware attack.Ransom

BleepingComputer

9.8.24

Surge in Magniber ransomware attacks impact home users worldwideA massive Magniber ransomware campaign is underway, encrypting home users' devices worldwide and demanding thousand-dollar ransoms to receive a decryptor.Ransom

BleepingComputer

8.8.24

FBI and CISA Warn of BlackSuit Ransomware That Demands Up to $500 MillionThe ransomware strain known as BlackSuit has demanded as much as $500 million in ransoms to date, with one individual ransomRansomThe Hacker News

4.8.24

OneBlood's virtual machines encrypted in ransomware attackOneBlood, a large not-for-profit blood center that serves hospitals and patients in the United States, is dealing with an IT systems outage caused by a ransomware attack.Ransom

BleepingComputer

3.8.24

Dark Angels ransomware receives record-breaking $75 million ransomA Fortune 50 company paid a record-breaking $75 million ransom payment to the Dark Angels ransomware gang, according to a report by Zscaler ThreatLabz.Ransom

BleepingComputer

3.8.24

CISA warns of VMware ESXi bug exploited in ransomware attacksCISA has ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks.Ransom

BleepingComputer

3.8.24

Black Basta ransomware switches to more evasive custom malwareThe Black Basta ransomware gang has shown resilience and an ability to adapt to a constantly shifting space, using new custom tools and tactics to evade detection and spread throughout a network.Ransom

BleepingComputer

3.8.24

Columbus investigates whether data was stolen in ransomware attackThe City of Columbus, Ohio, says it's investigating whether personal data was stolen in a ransomware attack on July 18, 2024 that disrupted the City's services.Ransom

BleepingComputer

3.8.24

Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacksMicrosoft warned today that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in attacks.Ransom

BleepingComputer

31.7.24

VMware ESXi Flaw Exploited by Ransomware Groups for Admin AccessA recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by "several" ransomware groups to gainRansomThe Hacker News

28.7.24

Russian ransomware gangs account for 69% of all ransom proceedsRussian-speaking threat actors accounted for at least 69% of all crypto proceeds linked to ransomware throughout the previous year, exceeding $500,000,000.Ransom

BleepingComputer

28.7.24

US offers $10M for tips on DPRK hacker linked to Maui ransomware attacksThe U.S. State Department is offering a reward of up to $10 million for information that could help capture a North Korean military hacker.Ransom

BleepingComputer

26.7.24

New Play ransomware Linux version targets VMware ESXi VMsPlay ransomware is the latest ransomware gang to start deploying a dedicated Linux locker for encrypting VMware ESXi virtual machines.Ransom

BleepingComputer

26.7.24

Los Angeles Superior Court shuts down after ransomware attackThe largest trial court in the United States, the Superior Court of Los Angeles County, closed all 36 courthouse locations on Monday to restore systems affected by a Friday ransomware attack.Ransom

BleepingComputer

26.7.24

North Korean Hackers Shift from Cyber Espionage to Ransomware AttacksA North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacksRansomThe Hacker News

23.7.24

New Linux Variant of Play Ransomware Targeting VMware ESXi SystemsCybersecurity researchers have discovered a new Linux variant of a ransomware strain known as Play (aka Balloonfly and PlayCrypt)RansomThe Hacker News

20.7.24

MediSecure: Ransomware gang stole data of 12.9 million peopleMediSecure, an Australian prescription delivery service provider, revealed that roughly 12.9 million people had their personal and health information stolen in an April ransomware attack.Ransom

BleepingComputer

20.7.24

Russians plead guilty to involvement in LockBit ransomware attacksTwo Russian individuals admitted to participating in many LockBit ransomware attacks, which targeted victims worldwide and across the United States.Ransom

BleepingComputer

18.7.24

Microsoft links Scattered Spider hackers to Qilin ransomware attacksMicrosoft says the Scattered Spider cybercrime gang has added Qilin ransomware to its arsenal and is now using it in attacks.Ransom

BleepingComputer

18.7.24

SEXi ransomware rebrands to APT INC, continues VMware ESXi attacksThe SEXi ransomware operation, known for targeting VMware ESXi servers, has rebranded under the name APT INC and has targeted numerous organizations in recent attacks.Ransom

BleepingComputer

17.7.24

Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber AttacksThe infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin intoRansom

The Hacker News

15.7.24

Rite Aid confirms data breach after June ransomware attackPharmacy giant Rite Aid confirmed a data breach after suffering a cyberattack in June, which was claimed by the RansomHub ransomware operation.Ransom

BleepingComputer

15.7.24

New HardBit Ransomware 4.0 Uses Passphrase Protection to Evade DetectionCybersecurity researchers have shed light on a new version of a ransomware strain called HardBit that comes packaged with newRansom

The Hacker News

14.7.24

Dallas County: Data of 200,000 exposed in 2023 ransomware attackDallas County is notifying over 200,000 people that the Play ransomware attack, which occurred in October 2023, exposed their personal data to cybercriminals.Ransom

BleepingComputer

11.7.24

Avast releases free decryptor for DoNex ransomware and past variantsAntivirus company Avast have discovered a weakness in the cryptographic scheme of the DoNex ransomware family and released a decryptor so victims can recover their files for free.Ransom

BleepingComputer

11.7.24

New Ransomware Group Exploiting Veeam Backup Software VulnerabilityA now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operationRansom

The Hacker News

8.7.24

New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux SystemsAn emerging ransomware-as-a-service (RaaS) operation called Eldorado comes with locker variants to encrypt files on Windows andRansomThe Hacker News

6.7.24

New Eldorado ransomware targets Windows, VMware ESXi VMsA new ransomware-as-a-service (RaaS) called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows.Ransom

BleepingComputer

5.7.24

Patelco shuts down banking systems following ransomware attackPatelco Credit Union has disclosed it experienced a ransomware attack that led to the proactive shutdown of several of its customer-facing banking systems to contain the incident's impact.Ransom

BleepingComputer

30.6.24

Meet Brain Cipher — The new ransomware behind Indonesia's data center attackThe new Brain Cipher ransomware operation has begun targeting organizations worldwide, gaining media attention for a recent attack on Indonesia's temporary National Data Center.Ransom

BleepingComputer

30.6.24

BlackSuit ransomware gang claims attack on KADOKAWA corporationThe BlackSuit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid.Ransom

BleepingComputer

29.6.24

Chinese Cyberspies Employ Ransomware in Attacks for DiversionCyberespionage groups have been using ransomware as a tactic to make attack attribution more challenging, distract defenders, or for a financial reward as a secondary goal to data theft.Ransom

BleepingComputer

29.6.24

LockBit lied: Stolen data is from a bank, not US Federal ReserveRecently-disrupted LockBit ransomware group, in a desperate attempt to make a comeback, claimed this week that it had hit the Federal Reserve, the central bank of the United States. Except, the rumor has been quashed.Ransom

BleepingComputer

28.6.24P2PInfect botnet targets REdis servers with new ransomware moduleP2PInfect, originally a dormant peer-to-peer malware botnet with unclear motives, has finally come alive to deploy a ransomware module and a cryptominer in attacks on Redis servers.Ransom

BleepingComputer

28.6.24Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware PayloadsThe peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware andRansomThe Hacker News
27.6.24Linux version of RansomHub ransomware targets VMware ESXi VMsThe RansomHub ransomware operation is using a Linux encryptor designed specifically to encrypt VMware ESXi environments in corporate attacks.Ransom

BleepingComputer

19.6.24Panera Bread likely paid a ransom in March ransomware attackPanera Bread, an American chain of fast food restaurants, most likely paid a ransom after being hit by a ransomware attack, suggests language used an internal email sent to employees.Ransom

BleepingComputer

16.6.24London hospitals cancel over 800 operations after ransomware attackNHS England revealed today that multiple London hospitals impacted by last week's Synnovis ransomware attack were forced to cancel hundreds of planned operations and appointments.Ransom

BleepingComputer

16.6.24CISA warns of Windows bug exploited in ransomware attacksThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Windows vulnerability abused in ransomware attacks as a zero-day to its catalog of actively exploited security bugs.Ransom

BleepingComputer

15.6.24Ascension hacked after employee downloaded malicious fileAscension, one of the largest U.S. healthcare systems, revealed that a May 2024 ransomware attack was caused by an employee who downloaded a malicious file onto a company device.Ransom

BleepingComputer

15.6.24Toronto District School Board hit by a ransomware attackThe Toronto District School Board (TDSB) is warning that it suffered a ransomware attack on its software testing environment and is now investigating whether any personal information was exposed.Ransom

BleepingComputer

15.6.24Panera warns of employee data breach after March ransomware attackU.S. food chain giant Panera Bread is notifying employees of a data breach after unknown threat actors stole their sensitive personal information in a March ransomware attack.Ransom

BleepingComputer

14.6.24Police arrest Conti and LockBit ransomware crypter specialistThe Ukraine cyber police have arrested a 28-year-old Russian man in Kyiv for working with Conti and LockBit ransomware operations to make their malware undetectable by antivirus software and conducting at least one attack himself.Ransom

BleepingComputer

14.6.24Black Basta ransomware gang linked to Windows zero-day attacksThe Cardinal cybercrime group (Storm-1811, UNC4394), who are the main operators of the Black Basta ransomware, is suspected of exploiting a Windows privilege escalation vulnerability, CVE-2024-26169, before a fix was made available.Ransom

BleepingComputer

13.6.24Ukraine Police Arrest Suspect Linked to LockBit and Conti Ransomware GroupsThe Cyber Police of Ukraine has announced the arrest of a local man who is suspected to have offered their services to LockBit and ContiRansomThe Hacker News
13.6.24TellYouThePass ransomware exploits recent PHP RCE flaw to breach serversThe TellYouThePass ransomware gang has been exploiting the recently patched CVE-2024-4577 remote code execution vulnerability in PHP to deliver webshells and execute the encryptor payload on target systems.Ransom

BleepingComputer

13.6.24London hospitals face blood shortage after Synnovis ransomware attackEngland's NHS Blood and Transplant (NHSBT) has issued an urgent call to O Positive and O Negative blood donors to book appointments and donate after last week's cyberattack on pathology provider Synnovis impacted multiple hospitals in London.Ransom

BleepingComputer

13.6.24Black Basta Ransomware May Have Exploited MS Windows Zero-Day FlawThreat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in theRansomThe Hacker News
9.6.24Christie's starts notifying clients of RansomHub data breachBritish auction house Christie's is notifying individuals whose data was stolen by the RansomHub ransomware gang in a recent network breach.Ransom

BleepingComputer

9.6.24New Fog ransomware targets US education sector via breached VPNsA new ransomware operation named 'Fog' launched in early May 2024, is using compromised VPN credentials to breach the networks of educational organizations in the U.S.Ransom

BleepingComputer

9.6.24PandaBuy pays ransom to hacker only to get extorted againChinese shopping platform Pandabuy told BleepingComputer it previously paid a a ransom demand to prevent stolen data from being leaked, only for the same threat actor to extort the company again this week.Ransom

BleepingComputer

9.6.24Linux version of TargetCompany ransomware focuses on VMware ESXiResearchers observed a new Linux variant of the TargetCompany ransomware family that targets VMware ESXi environments using a custom shell script to deliver and execute payloads.RansomBleepingComputer
8.6.24FBI recovers 7,000 LockBit keys, urges ransomware victims to reach outThe FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000 LockBit decryption keys that they can use to recover encrypted data for free.Ransom

BleepingComputer

8.6.24Qilin ransomware gang linked to attack on London hospitalsA ransomware attack that hit pathology services provider Synnovis on Monday and impacted several major NHS hospitals in London has now been linked to the Qilin ransomware operation.Ransom

BleepingComputer

8.6.24RansomHub extortion gang linked to now-defunct Knight ransomwareSecurity researchers analyzing the relatively new RansomHub ransomware-as-a-service believe that it has evolved from the currently defunct Knight ransomware project.Ransom

BleepingComputer

8.6.24Major London hospitals disrupted by Synnovis ransomware attackA ransomware attack affecting pathology and diagnostic services provider Synnovis has impacted healthcare services at multiple major NHS hospitals in London.Ransom

BleepingComputer

7.6.24

FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help VictimsThe U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated withRansom

The Hacker News

5.6.24

Rebranded Knight Ransomware Targeting Healthcare and Businesses WorldwideAn analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of KnightRansomThe Hacker News

26.5.24

New ShrinkLocker ransomware uses BitLocker to encrypt your filesA new ransomware strain called ShrinkLocker creates a new boot partition to encrypt corporate systems using Windows BitLocker.Ransom

BleepingComputer

25.5.24

ShrinkLocker: Turning BitLocker into ransomwareThe Kaspersky GERT has detected a VBS script that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom.RansomSecurelist

25.5.24

LockBit says they stole data in London Drugs ransomware attackToday, the LockBit ransomware gang claimed they were behind the April cyberattack on Canadian pharmacy chain London Drugs and is now threatening to publish stolen data online after allegedly failed negotiations.Ransom

BleepingComputer

24.5.24

DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?Introduction The infamous Colonial pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were moreRansomThe Hacker News

23.5.24

OmniVision discloses data breach after 2023 ransomware attackThe California-based imaging sensors manufacturer OmniVision is warning of a data breach after the company suffered a Cactus ransomware attack last year.Ransom

BleepingComputer

19.5.24

Ransomware gang targets Windows admins via PuTTy, WinSCP malvertisingA ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP.Ransom

BleepingComputer

19.5.24

The Week in Ransomware - May 17th 2024 - Mailbombing is backThis week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. However, that does not mean there was nothing of interest released this week about ransomware.Ransom

BleepingComputer

18.5.24

Windows Quick Assist abused in Black Basta ransomware attacksFinancially motivated cybercriminals abuse the Windows Quick Assist feature in social engineering attacks to deploy Black Basta ransomware payloads on victims' networks.Ransom

BleepingComputer

18.5.24

INC ransomware source code selling on hacking forums for $300,000A cybercriminal using the name "salfetka" claims to be selling the source code of INC Ransom, a ransomware-as-a-service (RaaS) operation launched in August 2023.Ransom

BleepingComputer

16.5.24

Cybercriminals Exploiting Microsoft's Quick Assist Feature in Ransomware AttacksThe Microsoft Threat Intelligence team said it has observed a threat it tracks under the name Storm-1811 abusing the clientRansomThe Hacker News

12.5.24

CISA: Black Basta ransomware breached over 500 orgs worldwideCISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024.Ransom

BleepingComputer

12.5.24

The Week in Ransomware - May 10th 2024 - Chipping away at LockBitAfter many months of taunting law enforcement and offering a million-dollar reward to anyone who could reveal his identity, the FBI and NCA have done just that, revealing the name of LockBitSupp, the operator of the LockBit ransomware operation.Ransom

BleepingComputer

12.5.24

Ascension redirects ambulances after suspected ransomware attackAscension, a major U.S. healthcare network, is diverting ambulances from several hospitals due to a suspected ransomware attack that has been causing clinical operation disruptions and system outages since Wednesday.Ransom

BleepingComputer

12.5.24

Ohio Lottery ransomware attack impacts over 538,000 individualsThe Ohio Lottery is sending data breach notification letters to over 538,000 individuals affected by a cyberattack that hit the organization's systems on Christmas Eve.Ransom

BleepingComputer

11.5.24

FBI warns of gift card fraud ring targeting retail companiesThe LockBit ransomware gang has claimed responsibility for a disruptive cyberattack on the City of Wichita, which has forced the City's authorities to shut down IT systems used for online bill payment, including court fines, water bills, and public transportation.Ransom

BleepingComputer

9.5.24City of Wichita breach claimed by LockBit ransomware gangThe LockBit ransomware gang has claimed responsibility for a disruptive cyberattack on the City of Wichita, which has forced the City's authorities to shut down IT systems used for online bill payment, including court fines, water bills, and public transportation.Ransom

BleepingComputer

8.5.24LockBit ransomware admin identified, sanctioned in US, UK, AustraliaThe FBI, UK National Crime Agency, and Europol have unveiled sweeping indictments and sanctions against the admin of the LockBit ransomware operation, with the identity of the Russian threat actor revealed for the first time.Ransom

BleepingComputer

8.5.24City of Wichita shuts down IT network after ransomware attackThe City of Wichita, Kansas, disclosed it was forced to shut down portions of its network after suffering a weekend ransomware attack.Ransom

BleepingComputer

8.5.24Lockbit's seized site comes alive to tease new police announcementsThe NCA, FBI, and Europol have revived a seized LockBit ransomware data leak site to hint at new information being revealed by law enforcement this Tuesday.Ransom

BleepingComputer

6.5.24REvil hacker behind Kaseya ransomware attack gets 13 years in prisonYaroslav Vasinskyi, a Ukrainian national, was sentenced to 13 years and seven months in prison and ordered to pay $16 million in restitution for his involvement in the REvil ransomware operation.Ransom

BleepingComputer

5.5.24French hospital CHC-SV refuses to pay LockBit extortion demandThe Hôpital de Cannes - Simone Veil (CHC-SV) in France announced it received a ransom demand from the Lockbit 3.0 ransomware gang, saying they refuse to pay the ransom.Ransom

BleepingComputer

24.4.24UnitedHealth confirms it paid ransomware gang to stop data leakThe UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to protect sensitive data stolen during the Optum ransomware attack in late February.Ransom

BleepingComputer

24.4.24Synlab Italia suspends operations following ransomware attackSynlab Italia has suspended all its medical diagnostic and testing services after a ransomware attack forced its IT systems to be taken offline.Ransom

BleepingComputer

24.4.24Unmasking the True Cost of Cyberattacks: Beyond Ransom and RecoveryCybersecurity breaches can be devastating for both individuals and businesses alike. While many people tend to focus onRansomThe Hacker News
22.4.24Ransomware payments drop to record low of 28% in Q1 2024Ransomware actors have had a rough start this year, as stats from cybersecurity firm Coveware show that the trend of victims declining to pay the cybercriminals continues and has now reached a new record low of 28%.Ransom

BleepingComputer

20.4.24The Week in Ransomware - April 19th 2024 - Attacks Ramp UpWhile ransomware attacks decreased after the LockBit and BlackCat disruptions, they have once again started to ramp up with other operations filling the void.Ransom

BleepingComputer

20.4.24HelloKitty ransomware rebrands, releases CD Projekt and Cisco dataAn operator of the HelloKitty ransomware operation announced they changed the name to 'HelloGookie,' releasing passwords for previously leaked CD Projekt source code, Cisco network information, and decryption keys from old attacks..Ransom

BleepingComputer

19.4.24Akira Ransomware Gang Extorts $42 Million; Now Targets Linux ServersThreat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching theRansomThe Hacker News
19.4.24FBI: Akira ransomware raked in $42 million from 250+ victimsAccording to a joint advisory from the FBI, CISA, Europol's European Cybercrime Centre (EC3), and the Netherlands' National Cyber Security Centre (NCSC-NL), the Akira ransomware operation has breached the networks of over 250 organizations and raked in roughly $42 million in ransom payments.Ransom

BleepingComputer

18.4.24Moldovan charged for operating botnet used to push ransomwareThe U.S. Justice Department charged Moldovan national Alexander Lefterov, the owner and operator of a large-scale botnet that infected thousands of computers across the United States.Ransom

BleepingComputer

18.4.24Using the LockBit builder to generate targeted ransomwareThe LockBit 3.0 builder has significantly simplified creating customized ransomware. The image below shows the files that constitute it. As we can see, keygen.exe generates public and private keys used for encryption and decryption. After that, builder.exe generates the variant according to the options set in the config.json file. RansomSecurelist
17.4.24Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber RansomwareThreat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacksRansomThe Hacker News
16.4.24Ransomware gang starts leaking alleged stolen Change Healthcare dataThe RansomHub extortion gang has begun leaking what they claim is corporate and patient data stolen from United Health subsidiary Change Healthcare in what has been a long and convoluted extortion process for the company.Ransom

BleepingComputer

16.4.24Daixin ransomware gang claims attack on Omni HotelsThe Daixin Team ransomware gang claimed a recent cyberattack on Omni Hotels & Resorts and is now threatening to publish customers' sensitive information if a ransom is not paid.Ransom

BleepingComputer

14.4.24Optics giant Hoya hit with $10 million ransomware demandA recent cyberattack on Hoya Corporation was conducted by the 'Hunters International' ransomware operation, which demanded a $10 million ransom for a file decryptor and not to release files stolen during the attack.RansomBleepingComputer
11.4.24GHC-SCW: Ransomware gang stole health data of 533,000 peopleNon-profit healthcare service provider Group Health Cooperative of South Central Wisconsin (GHC-SCW) has disclosed that a ransomware gang breached its network in January and stole documents containing the personal and medical information of over 500,000 individuals.Ransom

BleepingComputer

7.4.24The Week in Ransomware - April 5th 2024 - Virtual Machines under AttackRansomware attacks targeting VMware ESXi and other virtual machine platforms are wreaking havoc among the enterprise, causing widespread disruption and loss of services.Ransom

BleepingComputer

7.4.24Panera Bread week-long IT outage caused by ransomware attackPanera Bread's recent week-long outage was caused by a ransomware attack, according to people familiar with the matter and emails seen by BleepingComputer.Ransom

BleepingComputer

6.4.24Hosting firm's VMware ESXi servers hit by new SEXi ransomwareChilean data center and hosting provider IxMetro Powerhost has suffered a cyberattack at the hands of a new ransomware gang known as SEXi, which encrypted the company's VMware ESXi servers and backups.Ransom

BleepingComputer

6.4.24Jackson County in state of emergency after ransomware attackJackson County, Missouri, is in a state of emergency after a ransomware attack took down some county services on Tuesday.Ransom

BleepingComputer

31.3.24INC Ransom threatens to leak 3TB of NHS Scotland stolen dataThe INC Ransom extortion gang is threatening to publish three terabytes of data allegedly stolen after breaching the National Health Service (NHS) of Scotland.RansomBleepingComputer
30.3.24Ransomware as a Service and the Strange Economics of the Dark WebRansomware is quickly changing in 2024, with massive disruptions and large gangs shutting down. Learn from Flare how affiliate competition is changing in 2024, and what might come next.Ransom

BleepingComputer

23.3.24What the Latest Ransomware Attacks Teach About Defending NetworksRecent ransomware attacks have shared valuable lessons on how to limit risk to your own networks. Learn from Blink Ops about how organizations can limit their ransomware risk.Ransom

BleepingComputer

20.3.24TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT AttacksMultiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners,RansomThe Hacker News
17.3.24Hackers exploit Aiohttp bug to find vulnerable networksThe ransomware actor 'ShadowSyndicate' was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library.Ransom

BleepingComputer

16.3.24StopCrypt: Most widely distributed ransomware evolves to evade detectionA new variant of StopCrypt ransomware (aka STOP) was spotted in the wild, employing a multi-stage execution process that involves shellcodes to evade security tools.Ransom

BleepingComputer

16.3.24Nissan confirms ransomware attack exposed data of 100,000 peopleNissan Oceania is warning of a data breach impacting 100,000 people after suffering a cyberattack in December 2023 that was claimed by the Akira ransomware operation.Ransom

BleepingComputer

16.3.24US govt probes if ransomware gang stole Change Healthcare dataThe U.S. Department of Health and Human Services is investigating whether protected health information was stolen in a ransomware attack that hit UnitedHealthcare Group (UHG) subsidiary Optum, which operates the Change Healthcare platform, in late February.Ransom

BleepingComputer

14.3.24LockBit ransomware affiliate gets four years in jail, to pay $860kRussian-Canadian cybercriminal Mikhail Vasiliev has been sentenced to four years in prison by an Ontario court for his involvement in the LockBit ransomware operation.Ransom

BleepingComputer

14.3.24Stanford: Data of 27,000 people stolen in September ransomware attackStanford University says the personal information of 27,000 individuals was stolen in a ransomware attack impacting its Department of Public Safety (SUDPS) network.Ransom

BleepingComputer

13.3.24Equilend warns employees their data was stolen by ransomware gangNew York-based securities lending platform EquiLend Holdings confirmed in data breach notification letters sent to employees that their data was stolen in a January ransomware attack.Ransom

BleepingComputer

11.3.24BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware AttacksThe threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct theirRansomThe Hacker News
10.3.24The Week in Ransomware - March 8th 2024 - Waiting for the BlackCat rebrandWe saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government.Ransom

BleepingComputer

10.3.24Switzerland: Play ransomware leaked 65,000 government documentsThe National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files.Ransom

BleepingComputer

7.3.24Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million PayoutThe threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus lawRansomThe Hacker News
6.3.24BlackCat ransomware shuts down in exit scam, blames the "feds"The BlackCat ransomware gang is pulling an exit scam, trying to shut down and run off with affiliates' money by pretending the FBI seized their site and infrastructure.Ransom

BleepingComputer

6.3.24BlackCat ransomware turns off servers amid claim they stole $22 million ransomThe ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million.Ransom

BleepingComputer

6.3.24Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 CountriesThe cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker . "TheGhostSec and StormousRansom

The Hacker News

4.3.24Phobos Ransomware Aggressively Targeting U.S. Critical InfrastructureU.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructureRansom

The Hacker News

3.3.24The Week in Ransomware - March 1st 2024 - Healthcare under siegeRansomware attacks on healthcare over the last few months have been relentless, with numerous ransomware operations targeting hospitals and medical services, causing disruption to patient care and access to prescription drugs in the USA.Ransom

BleepingComputer

3.3.24Rhysida ransomware wants $3.6 million for children’s stolen dataThe Rhysida ransomware gang has claimed the cyberattack on Lurie Children's Hospital in Chicago at the start of the month.Ransom

BleepingComputer

2.3.24Ransomware gang claims they stole 6TB of Change Healthcare dataThe BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform.Ransom

BleepingComputer

2.3.24LockBit ransomware returns to attacks with new encryptors, serversThe LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week's law enforcement disruption.Ransom

BleepingComputer

2.3.24FBI, CISA warn US hospitals of targeted BlackCat ransomware attacksToday, the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks.Ransom

BleepingComputer

2.3.24Black Basta, Bl00dy ransomware gangs join ScreenConnect attacksThe Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability.Ransom

BleepingComputer

2.3.24Hessen Consumer Center says systems encrypted by ransomwareThe Hessen Consumer Center in Germany has been hit with a ransomware attack, causing IT systems to shut down and temporarily disrupting its availability.Ransom

BleepingComputer

29.2.24LockBit ransomware returns, restores servers after police disruptionThe LockBit gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, and is threatening to focus more of their attacks on the government sector.Ransom

BleepingComputer

28.2.24FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware AttacksThe U.S. government is warning about the resurgence of BlackCat (aka ALPHV) ransomware attacks targeting the healthcare sector as recently asRansomThe Hacker News
27.2.24LockBit Ransomware Group Resurfaces After Law Enforcement TakedownThe threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international lawRansomThe Hacker News
25.2.24Authorities Claim LockBit Admin "LockBitSupp" Has Engaged with Law EnforcementLockBitSupp, the individual(s) behind the persona representing the LockBit ransomware service on cybercrime forums such as Exploit and XSS, "hasRansomThe Hacker News
25.2.24Insomniac Games alerts employees hit by ransomware data breachSony subsidiary Insomniac Games is sending data breach notification letters to employees whose personal information was stolen and leaked online following a Rhysida ransomware attack in November.Ransom

BleepingComputer

25.2.24LockBit ransomware gang has over $110 million in unspent bitcoinThe LockBit ransomware gang received more than $125 million in ransom payments over the past 18 months, according to the analysis of hundreds of cryptocurrency wallets associated with the operation.Ransom

BleepingComputer

24.2.24New ScreenConnect RCE flaw exploited in ransomware attacksAttackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks.Ransom

BleepingComputer

24.2.24LockBit ransomware secretly building next-gen encryptor before takedownLockBit ransomware developers were secretly building a new version of their file encrypting malware, dubbed LockBit-NG-Dev - likely a future LockBit 4.0, when law enforcement took down the cybercriminal's infrastructure earlier this week.Ransom

BleepingComputer

24.2.24US offers $15 million bounty for info on LockBit ransomware gangThe U.S. State Department is now also offering rewards of up to $15 million to anyone who can provide information about LockBit ransomware gang members and their associates.Ransom

BleepingComputer

23.2.24Knight ransomware source code for sale after leak site shuts downThe alleged source code for the third iteration of the Knight ransomware is being offered for sale to a single buyer on a hacker forum by a representative of the operation.Ransom

BleepingComputer

23.2.24Ransomware Groups, Targeting Preferences, and the Access EconomyThe cybercrime ecosystem has created a supply chain of stolen accounts and breached networks that are used to fuel ransomware attacks and data breaches. Learn more from Flare about how this supply chain has led to an explosion of cybercrime.Ransom

BleepingComputer

23.2.24Critical infrastructure software maker confirms ransomware attackPSI Software SE, a German software developer for complex production and logistics processes, has confirmed that the cyber incident it disclosed last week is a ransomware attack that impacted its internal infrastructure.Ransom

BleepingComputer

23.2.24Police arrest LockBit ransomware members, release decryptor in global crackdownLaw enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized over 200 crypto-wallets after hacking the cybercrime gang's servers in an international crackdown operation.Ransom

BleepingComputer

23.2.24LockBit ransomware disrupted by global police operationLaw enforcement agencies from 10 countries have disrupted the notorious LockBit ransomware operation in a joint operation known as ''Operation Cronos."Ransom

BleepingComputer

23.2.24Cactus ransomware claim to steal 1.5TB of Schneider Electric dataThe Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month.Ransom

BleepingComputer

23.2.24ALPHV ransomware claims loanDepot, Prudential Financial breachesThe ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company Prudential Financial and mortgage lender loanDepot.Ransom

BleepingComputer

23.2.24Alpha ransomware linked to NetWalker operation dismantled in 2021Security researchers analyzing the Alpha ransomware payload and modus operandi discovered overlaps with the now-defunct Netwalker ransomware operation.Ransom

BleepingComputer

22.2.24U.S. Offers $15 Million Bounty to Hunt Down LockBit Ransomware LeadersThe U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leadersRansomThe Hacker News
20.2.24LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys ReleasedThe U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit's source code as well as intelligence pertaining to itsRansomThe Hacker News
20.2.24LockBit Ransomware's Darknet Domains Seized in Global Law Enforcement RaidUpdate: The U.K. National Crime Agency (NCA) has confirmed the takedown of LockBit infrastructure. Read here for more details . An international lawRansomThe Hacker News
18.2.24US offers up to $15 million for tips on ALPHV ransomware gangThe U.S. State Department is offering rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders.Ransom

BleepingComputer

18.2.24LockBit claims ransomware attack on Fulton County, GeorgiaThe LockBit ransomware gang claims to be behind the recent cyberattack on Fulton County, Georgia, and is threatening to publish "confidential" documents if a ransom is not paid.Ransom

BleepingComputer

18.2.24Trans-Northern Pipelines investigating ALPHV ransomware attack claimsTrans-Northern Pipelines (TNPI) has confirmed its internal network was breached in November 2023 and that it's now investigating claims of data theft made by the ALPHV/BlackCat ransomware gang. Ransom

BleepingComputer

17.2.24Free Rhysida ransomware decryptor for Windows exploits RNG flawSouth Korean researchers have publicly disclosed an encryption flaw in the Rhysida ransomware encryptor, allowing the creation of a Windows decryptor to recover files for free.Ransom

BleepingComputer

17.2.24Ransomware attack forces 100 Romanian hospitals to go offline100 hospitals across Romania have taken their systems offline after a ransomware attack hit their healthcare management system.Ransom

BleepingComputer

17.2.24CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD VulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco AdaptiveRansomThe Hacker News
12.2.24Rhysida Ransomware Cracked, Free Decryption Tool ReleasedRhysida Ransomware Cracked, Free Decryption Tool ReleasedRansomThe Hacker News
10.2.24Hyundai Motor Europe hit by Black Basta ransomware attackCar maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data.Ransom

BleepingComputer

9.2.24US offers $10 million for tips on Hive ransomware leadershipThe U.S. State Department offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware gang.Ransom

BleepingComputer

7.2.24Ransomware payments reached record $1.1 billion in 2023Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs.Ransom

BleepingComputer

4.2.24The Week in Ransomware - February 2nd 2024 - No honor among thievesAttacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks.Ransom

BleepingComputer

3.2.24

Johnson Controls says ransomware attack cost $27 million, data stolenJohnson Controls International has confirmed that a September 2023 ransomware attack cost the company $27 million in expenses and led to a data breach after hackers stole corporate data.Ransom

BleepingComputer

3.2.24

Online ransomware decryptor helps recover partially encrypted filesCyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption.Ransom

BleepingComputer

2.2.24

Energy giant Schneider Electric hit by Cactus ransomware attackEnergy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter.Ransom

BleepingComputer

2.2.24

Ransomware payments drop to record low as victims refuse to payThe number of ransomware victims paying ransom demands has dropped to a record low of 29% in the final quarter of 2023, according to ransomware negotiation firm Coveware.Ransom

BleepingComputer

2.2.24

The Week in Ransomware - January 26th 2024 - Govts strike backGovernments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison.Ransom

BleepingComputer

2.2.24

Kansas City public transportation authority hit by ransomwareThe Kansas City Area Transportation Authority (KCATA) announced it was targeted by a ransomware attack on Tuesday, January 23.Ransom

BleepingComputer

31.1.24

Water services giant Veolia North America hit by ransomware attackVeolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems.Ransom

BleepingComputer

31.1.24

Kasseika ransomware uses antivirus driver to kill other antivirusesA recently uncovered ransomware operation named 'Kasseika' has joined the club of threat actors that employs Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files.Ransom

BleepingComputer

31.1.24

US, UK, Australia sanction REvil hacker behind Medibank data breachThe Australian government has announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group.Ransom

BleepingComputer

31.1.24

Tietoevry ransomware attack causes outages for Swedish firms, citiesFinnish IT services and enterprise cloud hosting provider Tietoevry has suffered an Akira ransomware attack impacting cloud hosting customers in one of its data centers in Sweden.Ransom

BleepingComputer

30.1.24

Albabat, Kasseika, Kuiper: New Ransomware Gangs Rise with Rust and GolangCybersecurity researchers have detected in the wild yet another variant of the Phobos ransomware family known as Faust . Fortinet FortiGuard Labs, whichRansomThe Hacker News

24.1.24

Kasseika Ransomware Using BYOVD Trick to Disarm Security Pre-EncryptionThe ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver ( BYOVD ) attack to disarm security-RansomThe Hacker News

24.1.24

U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank BreachGovernments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomwareRansomThe Hacker News

21.1.24

Researchers link 3AM ransomware to Conti, Royal cybercrime gangsSecurity researchers analyzing the activity of the recently emerged 3AM ransomware operation uncovered close connections with infamous groups, such as the Conti syndicate and the Royal ransomware gang.Ransom

BleepingComputer

21.1.24

Vans, North Face owner says ransomware breach affects 35 million peopleVF Corporation, the company behind brands like Vans, Timberland, The North Face, Dickies, and Supreme, said that more than 35 million customers had their personal information stolen in a December ransomware attack.Ransom

BleepingComputer

21.1.24

TeamViewer abused to breach networks in new ransomware attacksRansomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder.Ransom

BleepingComputer

20.1.24

Credentials are Still King: Leaked Credentials, Data Breaches and Dark Web MarketsLearn how threat actors utilize credentials to break into privileged IT infrastructure to create data breaches and distribute ransomware.Ransom

BleepingComputer

19.1.24

Majorca city Calvià extorted for $11M in ransomware attackThe Calvià City Council in Majorca announced it was targeted by a ransomware attack on Saturday, which impacted municipal services.Ransom

BleepingComputer

13.1.24

The Week in Ransomware - January 12th 2024 - Targeting homeowners' dataMortgage lenders and related companies are becoming popular targets of ransomware gangs, with four companies in this sector recently attacked.Ransom

BleepingComputer

12.1.24

Finland warns of Akira ransomware wiping NAS and tape backup devicesThe Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups.Ransom

BleepingComputer

12.1.24

Medusa Ransomware on the Rise: From Data Leaks to Physical ThreatsThe threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark webRansomThe Hacker News

11.1.24

Ransomware victims targeted by fake hack-back offersSome organizations victimized by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data.RansomBleepingComputer

11.1.24

Hackers target Microsoft SQL servers in Mimic ransomware attacksA group of financially motivated Turkish hackers targets Microsoft SQL (MSSQL) servers worldwide to encrypt the victims' files with Mimic (N3ww4v3) ransomware.Ransom

BleepingComputer

11.1.24

Decryptor for Babuk ransomware variant released after hacker arrestedResearchers from Cisco Talos working with the Dutch police obtained a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that led to the arrest of the ransomware's operator.Ransom

BleepingComputer

11.1.24

Paraguay warns of Black Hunt ransomware attacks after Tigo Business breachThe Paraguay military is warning of Black Hunt ransomware attacks after Tigo Business suffered a cyberattack last week impacting cloud and hosting services in the company's business division.Ransom

BleepingComputer

10.1.24

Free Decryptor Released for Black Basta and Babuk's Tortilla Ransomware VictimsA decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regainRansomThe Hacker News

9.1.24

Toronto Zoo: Ransomware attack had no impact on animal wellbeingToronto Zoo, the largest zoo in Canada, says that a ransomware attack that hit its systems on early Friday had no impact on the animals, its website, or its day-to-day operations.Ransom

BleepingComputer

9.1.24

US mortgage lender loanDepot confirms ransomware attack​Leading U.S. mortgage lender loanDepot confirmed today that a cyber incident disclosed over the weekend was a ransomware attack that led to data encryption.Ransom

BleepingComputer

9.1.24

Capital Health attack claimed by LockBit ransomware, risk of data leakThe Lockbit ransomware operation has claimed responsibility for a November 2023 cyberattack on the Capital Health hospital network and threatens to leak stolen data and negotiation chats by tomorrow.Ransom

BleepingComputer

6.1.24

The Week in Ransomware - January 5th 2024 - Secret decryptorsWith it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information.Ransom

BleepingComputer

6.1.24

Zeppelin ransomware source code sold for $500 on hacking forumA threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500.Ransom

BleepingComputer

4.1.24

Online museum collections down after cyberattack on service providerMuseum software solutions provider Gallery Systems has disclosed that its ongoing IT outages were caused by a ransomware attack last week.Ransom

BleepingComputer

4.1.24

Xerox says subsidiary XBS U.S. breached after ransomware gang leaks dataThe U.S. division of Xerox Business Solutions (XBS) has been compromised by hackers, and a limited amount of personal information might have been exposed, according to an announcement by the parent company, Xerox Corporation.Ransom

BleepingComputer

4.1.24

Victoria court recordings exposed in reported ransomware attackAustralia's Court Services Victoria (CSV) is warning that video recordings of court hearings were exposed after suffering a reported Qilin ransomware attack.Ransom

BleepingComputer