Topic: ransomware attacks
-
Hypervisors: The Hidden Ransomware Risk in Virtualization
Hypervisors are a critical but often overlooked ransomware target, as a single compromise can jeopardize hundreds of virtual machines, with traditional security tools lacking visibility into this layer. Hypervisor-based ransomware attacks surged dramatically in late 2025, driven by groups like Ak...
Read More » -
Why Ransomware Attacks Spike on Weekends
Threat actors deliberately target organizations on weekends and holidays when security staffing is minimal, exploiting slower detection to infiltrate systems more deeply. Business transitions like mergers and acquisitions create vulnerabilities, with 60% of incidents occurring after such shifts d...
Read More » -
Seamless VMware Migration for Uninterrupted Business
Ransomware has become a common threat for businesses, making robust disaster recovery and VMware migration essential for uninterrupted operations, with a significant increase in organizations affected compared to traditional disasters. Modern VMware environments require specialized migration appr...
Read More » -
Yanluowang Ransomware Broker Pleads Guilty in Landmark Case
Aleksey Volkov, a Russian national, admitted to providing initial network access for Yanluowang ransomware attacks on at least eight U.S. companies from 2021 to 2022, facilitating ransom demands ranging from $300,000 to $15 million. The FBI identified Volkov through his Apple iCloud, cryptocurren...
Read More » -
US Cybersecurity Experts Charged in BlackCat Ransomware Case
Three cybersecurity professionals, including Kevin Tyler Martin and Ryan Clifford Goldberg, have been federally indicted for orchestrating BlackCat ransomware attacks, using their industry expertise to breach networks and extort cryptocurrency payments. The accused, who previously worked as ranso...
Read More » -
October 2025 Threat Report: Barracuda SOC Insights
Akira ransomware is exploiting unpatched SonicWall VPN vulnerabilities (CVE-2024-40766), bypassing multi-factor authentication through stolen credentials and encrypting data rapidly. Attackers are increasingly using Python scripts to automate and disguise malicious activities, such as deploying p...
Read More » -
Microsoft Thwarts Ransomware Attack on Teams Users
Microsoft invalidated over 200 fraudulent digital certificates to disrupt a ransomware campaign that used fake Teams installers, blocking the Rhysida ransomware's distribution network in early October. The attack, orchestrated by the Vanilla Tempest group, involved malvertising and spoofed websit...
Read More » -
Unpatched Cisco Firewalls, Red Hat's GitLab Breached by Hackers
Cybersecurity threats are intensifying due to unpatched devices and supply chain compromises, as seen in attacks on Cisco firewalls and Red Hat, highlighting the need for timely updates and third-party risk management. Global infrastructure, including undersea cables, is increasingly vulnerable t...
Read More » -
Akira Ransomware Bypasses MFA to Breach SonicWall VPNs
Akira ransomware is bypassing multi-factor authentication on SonicWall SSL VPN devices, likely using stolen OTP seeds to generate valid tokens despite security patches. Attackers exploit the CVE-2024-40766 vulnerability to steal credentials, which they reuse even on patched systems, gaining rapid...
Read More » -
Google's AI Ransomware Defense Has Critical Limits
Google has introduced an AI-powered defense for its Drive desktop application that detects ransomware behavior in real-time and stops cloud synchronization to prevent widespread infection. This feature acts as a supplementary security layer, using an AI model trained on millions of ransomware-enc...
Read More » -
Akira Ransomware: 4 Hours from VPN Login to Total Encryption
Akira ransomware attacks can achieve full network encryption in as little as four hours after initial VPN access, leaving organizations with a very narrow window for detection and response. Attackers exploit stolen SonicWall VPN credentials and bypass multi-factor authentication to systematically...
Read More » -
Ransomware Hackers Exploit Misconfigured EDR to Disable Security
Modern ransomware groups exploit minor security oversights, such as human error and misconfigurations, to bypass multi-factor authentication and disable critical defenses like EDR systems. Attackers used a variety of tools, including common utilities and legitimate Windows drivers, to disable sec...
Read More » -
2025's Top Cyber Threats: Ransomware, Outages & AI Attacks
The 2025 digital threat landscape is dominated by sophisticated ransomware, third-party vendor disruptions, and AI-driven social engineering campaigns. AI is amplifying social engineering attacks, making them more convincing and accounting for over half of cyber claims and losses in early 2025. R...
Read More » -
Akira Ransomware Exploits SonicWall Firewalls to Breach Organizations
SonicWall firewalls are still being exploited by Akira ransomware affiliates due to unpatched vulnerabilities and misconfigurations, including CVE-2024-40766 and SSLVPN settings. Attackers gain initial access through SSLVPN, escalate privileges, and deploy ransomware after exfiltrating data and d...
Read More » -
AI Transforms Enterprise Ransomware Defense Strategies
Ransomware attacks are increasing globally, with 70% of organizations reporting incidents, but fewer are paying ransoms (down from 76% to 57%), as cybercriminals now often threaten data exposure even after payment. Paying ransoms no longer ensures data recovery, with 25% of organizations failing ...
Read More » -
Proactive Risk Management: Outsmarting Emerging Threats
Global 2000 companies lose an average of $200 million annually due to unplanned downtime from system failures and cyber incidents, which also damage customer trust and operational efficiency. Recent high-profile cyberattacks, such as those on Change Healthcare and CDK Global in 2024, caused massi...
Read More » -
Operation Sentinel: $3M Recovered, Hundreds Arrested
Operation Sentinel, a major Interpol-coordinated initiative, disrupted cybercrime across Africa, resulting in 574 arrests and the recovery of approximately $3 million in illicit proceeds. The operation successfully targeted business email compromise, ransomware, and digital extortion, interceptin...
Read More » -
Interpol Cracks 6 Ransomware Strains, Arrests Hundreds
Operation Sentinel, a major Interpol-led initiative across 19 African nations, resulted in 574 arrests, the seizure of $3 million, and the neutralization of over 6,000 malicious web links to combat sophisticated financial crimes. The operation prevented significant individual attacks, including s...
Read More » -
EDR Exploited for Stealthy Ransomware Attacks
Attackers are exploiting trusted security tools like EDR software and Windows utilities to deploy malware with stealth and persistence, shifting from mass phishing to more sophisticated methods. A specific attack involved social engineering to execute malicious commands, sideloading a rogue DLL v...
Read More » -
UK Cyber-Insurance Payouts Surge 230%
The UK's cyber insurance market experienced a 230% increase in payouts to £197 million last year, alongside a 17% rise in active policies as more businesses seek protection. Malicious software and ransomware attacks drove over half of all claims, rising from 32% to 51%, due to increasingly advanc...
Read More » -
Cisco UCCX Flaws Fixed, November 2025 Patch Tuesday Outlook
Cisco has released critical patches for UCCX vulnerabilities (CVE-2025-20358 and CVE-2025-20354) that could allow attackers to bypass authentication and gain root access, urging immediate updates. New threats include active exploitation of CVE-2025-48703 in Control Web Panel, malware using LLMs t...
Read More » -
Google: AI Will Fuel a Cybercrime Surge by 2026
AI is dramatically transforming cybersecurity by fueling a surge in automated cybercrime, including sophisticated phishing, voice cloning, and prompt injection attacks, while also enabling new defense mechanisms. The rise of AI agents and unauthorized tools complicates security management, requir...
Read More » -
Security Researchers Uncover New LockBit Ransomware Targets
The LockBit ransomware group has officially resumed operations in late summer 2025, with at least a dozen new victims confirmed across multiple continents, indicating their infrastructure and affiliate network are fully functional again. A new LockBit 5.0 variant is being used in half of the rece...
Read More » -
Microsoft GoAnywhere Bug Fuels Medusa Ransomware Attacks
A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere platform allows unauthenticated attackers to execute remote code, prompting urgent patching and removal of internet exposure. The flaw was exploited as a zero-day by Storm-1175, who used legitimate tools for reconnaissance and deplo...
Read More » -
Hackers Now Use RMM Tools for Phishing Attacks
Threat actors are using legitimate remote monitoring and management (RMM) software to gain unauthorized access to devices through deceptive tactics like fake browser updates and fraudulent meeting invitations. These attacks leverage trusted platforms such as ITarian, PDQ, and Atera to establish c...
Read More » -
Senator Accuses Microsoft of "Gross Cybersecurity Negligence"
Senator Ron Wyden has called for a federal investigation into Microsoft's cybersecurity practices, citing negligence that has left critical infrastructure vulnerable to attacks. Wyden specifically highlighted a ransomware attack on Ascension Health, where hackers exploited a vulnerability via a m...
Read More » -
Cybercriminals Target Drug Formulas and Patient Data
Cybercriminals target pharmaceutical companies for valuable clinical trial data, patient records, and proprietary formulas, posing significant financial and public health risks. Data breaches in the sector average $4.61 million per incident, with ransomware and third-party vulnerabilities leading...
Read More » -
Sen. Wyden Demands FTC Probe Into Ascension Ransomware Attack
Senator Ron Wyden has requested an FTC investigation into Microsoft's cybersecurity practices following a ransomware attack on Ascension that compromised 5.6 million patients' data. The breach was enabled by a contractor clicking a malicious link and attackers exploiting Microsoft's default confi...
Read More » -
SonicWall warns admins: Disable SSLVPN now to stop attacks
SonicWall has issued an urgent alert to disable SSLVPN services due to potential zero-day exploits targeting Gen 7 firewalls, with ransomware attacks bypassing multi-factor authentication. Security researchers suspect an unpatched flaw in SonicWall’s SSL VPN technology, advising immediate mitigat...
Read More » -
Infostealer Attacks Surge 800% - Protect Your Credentials Now
Identity-based attacks are surging, with 1.8 billion stolen credentials in early 2025, an 800% increase, highlighting the need for stronger defenses like multi-factor authentication (MFA). Over 20,000 new vulnerabilities were disclosed, with 12,200 not yet in the National Vulnerability Database (NV...
Read More » -
Festive Season Fraud Fears: No Major Breach Spike Expected
Recent data analysis shows no significant seasonal spike in cyberattacks targeting retailers during peak shopping periods, with incident reports remaining relatively stable across quarters. Security experts advise retailers to adopt continuous security assurance and maintain cyber resilience year...
Read More » -
AI-Generated Malware: The Real Threat vs. The Hype
Google's report identifies five AI-generated malware samples, all of which are unsophisticated and pose minimal real-world cybersecurity risk compared to professional threats. The malware, including PromptLock, lacks advanced features like persistence and evasion, functioning as proof-of-concepts...
Read More » -
Cognizant and Rubrik Partner to Deliver Business Resilience-as-a-Service
Cognizant and Rubrik have launched a Business Resilience-as-a-Service (BRaaS) solution, offering a flexible, subscription-based model to help enterprises recover from cyberattacks and ensure operational continuity. The rise of AI increases IT complexity and expands the attack surface, necessitati...
Read More » -
Patient Safety at Risk: The Hidden Cost of Hospital Hacks
Nearly all U.S. healthcare organizations experienced multiple cyberattacks in the past year, primarily involving ransomware, cloud account takeovers, and supply chain compromises, posing a direct threat to patient safety. These cyber incidents severely disrupt patient care, with 72% of providers ...
Read More » -
Cybercrime Crisis: Developing Economies Lag Behind
Developing economies face disproportionate cybercrime impacts due to underinvestment in cybersecurity, viewing it as a luxury rather than a necessity, which leads to vulnerabilities and attracts individuals to illicit activities as an economic alternative. Africa experiences a sharp rise in cyber...
Read More » -
Critical Veeam Flaws Let Hackers Execute Code on Backup Servers
Veeam has released a critical security patch for its Backup & Replication software to address a high-severity remote code execution vulnerability (CVE-2025-59470) that requires privileged account access. The update fixes two additional vulnerabilities, including one allowing remote code execution...
Read More » -
2025's Most Devastating Cyberattacks Exposed
The cyber threat landscape has shifted towards sophisticated supply chain attacks, where breaches of third-party vendors like Gainsight and Salesloft led to widespread data exposure at major corporations including Cloudflare, Verizon, and Cisco. The Clop ransomware group exploited a critical vuln...
Read More » -
Noisy Ransomware Uncovered a Long-Term Espionage Operation
A ransomware group's disruptive attack on two Russian companies inadvertently exposed a long-running, sophisticated cyber espionage operation, highlighting how a visible breach can mask a more insidious threat. The espionage group, QuietCrabs, used a stealthy multi-stage attack with unique malwar...
Read More » -
London Councils Hit by Major Cyberattacks
The Royal Borough of Kensington and Chelsea and Westminster City Council are jointly managing a severe cybersecurity breach that has disrupted essential services, including telephone systems, and are coordinating with national cybersecurity authorities. Shared IT systems among the councils likely...
Read More » -
CISA Warns of Rising Bulletproof Hosting Threat
CISA and global partners have released a guide to help combat bulletproof hosting, which enables ransomware, phishing, and other cybercrimes by ignoring legal complaints and aiding criminal anonymity. The guide recommends defensive measures like identifying malicious resources, improving traffic ...
Read More » -
When IT Fails, Operations Technology Suffers
Modern industrial operations face cybersecurity threats where IT infrastructure attacks compromise critical operational technology systems, with manufacturing and transportation sectors being primary targets. State-sponsored groups like Sandworm and TEMP.Veles pose sophisticated threats by target...
Read More » -
Dutch Police Seize 250 Servers in Bulletproof Hosting Crackdown
Dutch law enforcement dismantled a major bulletproof hosting service used exclusively by cybercriminals, seizing approximately 250 physical servers and taking thousands of virtual servers offline. The service facilitated serious criminal activities like ransomware, botnets, and phishing by ignori...
Read More » -
Ransomware Gangs Now Exploiting Critical Linux Flaw
A critical Linux kernel vulnerability (CVE-2024-1086) is now being actively exploited by ransomware gangs, allowing attackers to gain complete control over affected systems. The flaw enables local privilege escalation to root access, permitting attackers to disable security, deploy malware, and s...
Read More » -
Oceania's Tech Pros Brace for AI Risks, Rules, and Resilience
Technology leaders in Australia and New Zealand are prioritizing AI risks, sophisticated cyber threats, and regulatory demands for 2026, amid workforce shortages and rapid technological change. Generative AI and large language models are the dominant technology trend, yet only 8% of organizations...
Read More » -
Legit Tools Turned Malicious: Velociraptor and Nezha Weaponized
Legitimate open-source tools Velociraptor and Nezha are being weaponized by threat actors to maintain access, evade detection, and deploy ransomware or malware on enterprise systems. A China-linked ransomware group exploited an outdated Velociraptor version with a privilege escalation flaw to dep...
Read More » -
Healthcare Breach Hits 600k, ShinyHunters Strike, DeepSeek Bias Exposed
Healthcare and luxury brands face significant cybersecurity threats, with major breaches at Goshen Medical Center and Kering-owned fashion labels exposing sensitive data of hundreds of thousands. Critical software vulnerabilities, such as Chaotic Deputy in Chaos-Mesh, and AI-generated code biases...
Read More » -
The Unseen Threat: Why Maritime Cybersecurity is the Next Big Risk
The global shipping industry, responsible for over 80% of world trade, faces increasing cyber threats due to its reliance on digital systems, which introduce vulnerabilities that can lead to operational disruptions, safety risks, and environmental damage. Key vulnerabilities include the lack of i...
Read More » -
Cybersecurity Journey: From Data Recovery to Battling Ransomware
The shift from data recovery to cybersecurity reflects the growing threat of ransomware, which disrupts operations and demands proactive defense strategies over reactive fixes. Modern cybersecurity requires skills like ransomware mitigation and secure data recovery, emphasizing prevention and tre...
Read More » -
CISA: Hackers Actively Exploiting WatchGuard Firewall Flaw
A critical security flaw (CVE-2025-9242) in WatchGuard Firebox firewalls is being actively exploited, prompting CISA to issue an urgent patch directive to federal agencies. The vulnerability stems from an out-of-bounds write weakness in Fireware OS, affecting over 54,000 devices globally, with fe...
Read More » -
Bolster Defenses Against Scattered Spider Attacks, Experts Warn
The Scattered Spider hacking group poses a severe threat to businesses by using sophisticated methods like social engineering and ransomware, requiring immediate improvements in identity management, security processes, and third-party risk management. Their attack strategy often starts with vishi...
Read More »