Topic: ransomware-as-a-service
-
New "Vect" RaaS Variant Poses Critical Threat, Researchers Warn
A new, highly sophisticated ransomware-as-a-service operation named **Vect** is rapidly emerging, posing a critical threat by targeting organizations and actively recruiting affiliates for expansion. Vect distinguishes itself with custom-built malware using fast encryption techniques and advanced...
Read More » -
Ransomware Surge Intensifies the Battle for Cyber Defenders
Ransomware attacks have surged dramatically, with a 20% increase in victims in the first half of the year, driven by the widespread Ransomware-as-a-Service model. The threat landscape is increasingly volatile, with 88 active groups and 35 new entities, making it difficult to track threats as atta...
Read More » -
Qilin Ransomware Attacks Spike, Targeting Small Businesses
The Qilin ransomware group exploits common security weaknesses like unpatched VPNs and lack of multi-factor authentication, primarily targeting small and medium-sized enterprises in sectors such as construction, healthcare, and finance. Recent intelligence indicates increased collaboration among ...
Read More » -
The Economics Fueling Global Ransomware
Ransomware has evolved into a sophisticated criminal business model, projected to cause $10.5 trillion in global economic losses by 2025, driven by professional networks and Ransomware-as-a-Service (RaaS) that lower entry barriers for attackers. Attackers employ double and triple extortion tactic...
Read More » -
North Korean Lazarus Group Unleashes Medusa Ransomware
North Korean state-sponsored hackers, specifically the Lazarus Group, are conducting a new wave of Medusa ransomware attacks targeting the U.S. healthcare sector to demand significant ransoms. The attacks employ a sophisticated toolkit of malware for network intrusion and data theft, with the exa...
Read More » -
INC Ransomware Blunder Exposes Data of 12 US Organizations
An operational security lapse by the INC ransomware gang allowed forensic investigators to discover and access a persistent repository containing stolen, encrypted data from twelve unrelated U.S. organizations. The discovery was made by analyzing attacker infrastructure, which revealed the gang's...
Read More » -
Qilin Ransomware Exposes 40+ Victims Monthly
The Qilin ransomware group has intensified global attacks, listing over 40 new victims monthly and primarily targeting the manufacturing industry, along with professional services and wholesale trade. Qilin uses a double-extortion tactic, encrypting victims' data and stealing sensitive informatio...
Read More » -
Akira Ransomware Hijacks Victim's Remote Management Tool
Hackers used the trusted Datto RMM tool and a Living Off The Land strategy to deploy Akira ransomware, disguising their actions as normal IT operations to avoid detection. The attack was halted by Barracuda Managed XDR, which detected the encryption activity and immediately isolated the compromis...
Read More » -
From $214K Cybersecurity Job to a Jail Cell: How It Happens
Cybersecurity experts face ethical dilemmas when negotiating ransomware payments, as they mediate between victims and criminals while enabling illegal profits. The accessibility of ransomware-as-a-service and cryptocurrency channels tempts professionals to transition from negotiation to committin...
Read More » -
Ransomware Groups Pivot as Victims Stop Paying
Ransomware payment rates have plummeted to just 23% in Q3 2025, significantly undermining the financial model of cybercriminals and marking a victory for cybersecurity efforts. Attackers are increasingly relying on social engineering tactics like insider threats, helpdesk impersonation, and callb...
Read More » AkzoNobel U.S. Site Hit by Cyberattack, Company Confirms
AkzoNobel, a major paints and coatings company, confirmed a contained cybersecurity breach at a U.S. facility, with the impact appearing limited. The Anubis ransomware gang claimed responsibility, alleging theft of 170 GB of sensitive data, including confidential agreements and employee personal ...
Read More »-
FBI Shuts Down Major Ransomware Hub: RAMP Forum
U.S. authorities seized the Russian Anonymous Marketplace (RAMP), a major dark web forum central to ransomware tool trading and discussion, dealing a significant blow to the cybercrime ecosystem. The forum, which emerged in 2021 and was linked to the Babuk ransomware group, became a primary hub f...
Read More » -
Poland Arrests Suspect in Major Phobos Ransomware Operation
Polish authorities arrested a man linked to the Phobos ransomware group, seizing devices containing stolen data like passwords and server access credentials. The arrest is part of Operation Aether, a coordinated international effort led by Europol targeting the infrastructure and affiliates of th...
Read More » -
Inside DragonForce Ransomware and Scattered Spider
The DragonForce ransomware operation has evolved into a "cartel" model, offering affiliates high profit shares to scale its impact, and has formed a high-profile partnership with the social engineering group Scattered Spider. This alliance merges Scattered Spider's sophisticated initial access te...
Read More » -
Pennsylvania AG Confirms Data Breach in INC Ransom Attack
The Pennsylvania Attorney General's office experienced a ransomware attack in August 2025, leading to a data breach where cybercriminals stole sensitive personal and medical information, but officials refused to pay the ransom. The attack exploited vulnerabilities in public-facing Citrix NetScale...
Read More » -
Ransomware's New Tactic: Creating Chaos
Ransomware attacks are increasing in frequency and sophistication, with over half occurring during weekends or holidays to exploit reduced staffing, and groups now employing aggressive tactics like quadruple extortion to cause operational paralysis. The economics are shifting as fewer victims pay...
Read More » -
Ransomware Attacks Surge as Extortion Tactics Evolve
Ransomware data leaks surged dramatically in late 2025, with victim organizations posted to extortion sites increasing by 50% from the prior quarter, even as the overall number of active ransomware gangs decreased. The threat evolved with attackers now systematically stealing and leaking data to ...
Read More » -
Interpol Issues Red Notice for Black Basta Ransomware Boss
Ukrainian and German authorities have identified and placed Russian national Oleg Evgenievich Nefedov, the leader of the Black Basta ransomware gang, on international wanted lists via Europol and Interpol. Two additional suspects in Ukraine were identified as key operatives who breached systems a...
Read More » -
Panama Economy Ministry Confirms INC Ransomware Attack
The Ministry of Economy and Finance in Panama experienced a cybersecurity incident on a single workstation, but core systems and operations remain unaffected. The INC Ransom group has claimed responsibility, alleging they stole over 1.5 terabytes of sensitive data including financial records and ...
Read More » -
Hackers Steal PornHub Premium User Data in Extortion Attack
A data breach at analytics provider Mixpanel exposed sensitive historical user data from PornHub Premium subscribers, though PornHub confirms its own servers and financial data were not compromised. The ShinyHunters extortion gang is demanding payment to prevent the release of over 200 million re...
Read More » -
UK Arrests Suspect in RTX Ransomware Attack That Disrupted Airports
A ransomware attack on Collins Aerospace's MUSE software caused widespread flight disruptions at European airports, leading to an arrest by UK authorities. The MUSE software, which runs on separate customer networks, is critical for shared airport operations like check-ins and baggage handling, a...
Read More » -
Nationwide Emergency Alerts Disrupted by OnSolve Cyberattack
The OnSolve CodeRED emergency notification system was compromised by a cyberattack, forcing its operator Crisis24 to decommission the legacy platform and causing widespread disruption to public safety alerts. Sensitive user data, including names, addresses, emails, phone numbers, and passwords, w...
Read More »