Topic: ransomware attacks
-
Ransomware Attacks Surge as Extortion Tactics Evolve
Ransomware data leaks surged dramatically in late 2025, with victim organizations posted to extortion sites increasing by 50% from the prior quarter, even as the overall number of active ransomware gangs decreased. The threat evolved with attackers now systematically stealing and leaking data to ...
Read More » -
Ransomware Never Dies, It Multiplies
Ransomware attacks reached a record high in 2025, with over 6,100 total extortion incidents, as criminal groups rapidly adapted despite law enforcement takedowns of major operations. The threat landscape saw a significant reshuffle among prominent ransomware gangs, with groups like Akira and Qili...
Read More » -
Hypervisors: The Hidden Ransomware Risk in Virtualization
Hypervisors are a critical but often overlooked ransomware target, as a single compromise can jeopardize hundreds of virtual machines, with traditional security tools lacking visibility into this layer. Hypervisor-based ransomware attacks surged dramatically in late 2025, driven by groups like Ak...
Read More » -
Why Ransomware Attacks Spike on Weekends
Threat actors deliberately target organizations on weekends and holidays when security staffing is minimal, exploiting slower detection to infiltrate systems more deeply. Business transitions like mergers and acquisitions create vulnerabilities, with 60% of incidents occurring after such shifts d...
Read More » -
Seamless VMware Migration for Uninterrupted Business
Ransomware has become a common threat for businesses, making robust disaster recovery and VMware migration essential for uninterrupted operations, with a significant increase in organizations affected compared to traditional disasters. Modern VMware environments require specialized migration appr...
Read More » -
Yanluowang Ransomware Broker Pleads Guilty in Landmark Case
Aleksey Volkov, a Russian national, admitted to providing initial network access for Yanluowang ransomware attacks on at least eight U.S. companies from 2021 to 2022, facilitating ransom demands ranging from $300,000 to $15 million. The FBI identified Volkov through his Apple iCloud, cryptocurren...
Read More » -
US Cybersecurity Experts Charged in BlackCat Ransomware Case
Three cybersecurity professionals, including Kevin Tyler Martin and Ryan Clifford Goldberg, have been federally indicted for orchestrating BlackCat ransomware attacks, using their industry expertise to breach networks and extort cryptocurrency payments. The accused, who previously worked as ranso...
Read More » -
October 2025 Threat Report: Barracuda SOC Insights
Akira ransomware is exploiting unpatched SonicWall VPN vulnerabilities (CVE-2024-40766), bypassing multi-factor authentication through stolen credentials and encrypting data rapidly. Attackers are increasingly using Python scripts to automate and disguise malicious activities, such as deploying p...
Read More » -
Microsoft Thwarts Ransomware Attack on Teams Users
Microsoft invalidated over 200 fraudulent digital certificates to disrupt a ransomware campaign that used fake Teams installers, blocking the Rhysida ransomware's distribution network in early October. The attack, orchestrated by the Vanilla Tempest group, involved malvertising and spoofed websit...
Read More » -
Unpatched Cisco Firewalls, Red Hat's GitLab Breached by Hackers
Cybersecurity threats are intensifying due to unpatched devices and supply chain compromises, as seen in attacks on Cisco firewalls and Red Hat, highlighting the need for timely updates and third-party risk management. Global infrastructure, including undersea cables, is increasingly vulnerable t...
Read More » -
Akira Ransomware Bypasses MFA to Breach SonicWall VPNs
Akira ransomware is bypassing multi-factor authentication on SonicWall SSL VPN devices, likely using stolen OTP seeds to generate valid tokens despite security patches. Attackers exploit the CVE-2024-40766 vulnerability to steal credentials, which they reuse even on patched systems, gaining rapid...
Read More » -
Google's AI Ransomware Defense Has Critical Limits
Google has introduced an AI-powered defense for its Drive desktop application that detects ransomware behavior in real-time and stops cloud synchronization to prevent widespread infection. This feature acts as a supplementary security layer, using an AI model trained on millions of ransomware-enc...
Read More » -
Akira Ransomware: 4 Hours from VPN Login to Total Encryption
Akira ransomware attacks can achieve full network encryption in as little as four hours after initial VPN access, leaving organizations with a very narrow window for detection and response. Attackers exploit stolen SonicWall VPN credentials and bypass multi-factor authentication to systematically...
Read More » -
Ransomware Hackers Exploit Misconfigured EDR to Disable Security
Modern ransomware groups exploit minor security oversights, such as human error and misconfigurations, to bypass multi-factor authentication and disable critical defenses like EDR systems. Attackers used a variety of tools, including common utilities and legitimate Windows drivers, to disable sec...
Read More » -
2025's Top Cyber Threats: Ransomware, Outages & AI Attacks
The 2025 digital threat landscape is dominated by sophisticated ransomware, third-party vendor disruptions, and AI-driven social engineering campaigns. AI is amplifying social engineering attacks, making them more convincing and accounting for over half of cyber claims and losses in early 2025. R...
Read More » -
Akira Ransomware Exploits SonicWall Firewalls to Breach Organizations
SonicWall firewalls are still being exploited by Akira ransomware affiliates due to unpatched vulnerabilities and misconfigurations, including CVE-2024-40766 and SSLVPN settings. Attackers gain initial access through SSLVPN, escalate privileges, and deploy ransomware after exfiltrating data and d...
Read More » -
AI Transforms Enterprise Ransomware Defense Strategies
Ransomware attacks are increasing globally, with 70% of organizations reporting incidents, but fewer are paying ransoms (down from 76% to 57%), as cybercriminals now often threaten data exposure even after payment. Paying ransoms no longer ensures data recovery, with 25% of organizations failing ...
Read More » -
Proactive Risk Management: Outsmarting Emerging Threats
Global 2000 companies lose an average of $200 million annually due to unplanned downtime from system failures and cyber incidents, which also damage customer trust and operational efficiency. Recent high-profile cyberattacks, such as those on Change Healthcare and CDK Global in 2024, caused massi...
Read More » -
Termite Ransomware Tied to ClickFix CastleRAT Attacks
The Velvet Tempest cybercrime group uses a social engineering technique called ClickFix, tricking users into executing a malicious command that initiates an infection chain leveraging legitimate Windows tools to deploy malware like CastleRAT and DonutLoader. Initial access is achieved through mal...
Read More » -
10% of UK Firms at Risk of Collapse from Cyberattack
One in ten UK businesses would likely collapse after a major cyberattack, despite heightened boardroom awareness following high-profile breaches. Research reveals critical vulnerabilities, including widespread password reuse by staff and a lack of basic cybersecurity training for employees. A new...
Read More » -
Operation Sentinel: $3M Recovered, Hundreds Arrested
Operation Sentinel, a major Interpol-coordinated initiative, disrupted cybercrime across Africa, resulting in 574 arrests and the recovery of approximately $3 million in illicit proceeds. The operation successfully targeted business email compromise, ransomware, and digital extortion, interceptin...
Read More » -
Interpol Cracks 6 Ransomware Strains, Arrests Hundreds
Operation Sentinel, a major Interpol-led initiative across 19 African nations, resulted in 574 arrests, the seizure of $3 million, and the neutralization of over 6,000 malicious web links to combat sophisticated financial crimes. The operation prevented significant individual attacks, including s...
Read More » -
EDR Exploited for Stealthy Ransomware Attacks
Attackers are exploiting trusted security tools like EDR software and Windows utilities to deploy malware with stealth and persistence, shifting from mass phishing to more sophisticated methods. A specific attack involved social engineering to execute malicious commands, sideloading a rogue DLL v...
Read More » -
UK Cyber-Insurance Payouts Surge 230%
The UK's cyber insurance market experienced a 230% increase in payouts to £197 million last year, alongside a 17% rise in active policies as more businesses seek protection. Malicious software and ransomware attacks drove over half of all claims, rising from 32% to 51%, due to increasingly advanc...
Read More » -
Cisco UCCX Flaws Fixed, November 2025 Patch Tuesday Outlook
Cisco has released critical patches for UCCX vulnerabilities (CVE-2025-20358 and CVE-2025-20354) that could allow attackers to bypass authentication and gain root access, urging immediate updates. New threats include active exploitation of CVE-2025-48703 in Control Web Panel, malware using LLMs t...
Read More » -
Google: AI Will Fuel a Cybercrime Surge by 2026
AI is dramatically transforming cybersecurity by fueling a surge in automated cybercrime, including sophisticated phishing, voice cloning, and prompt injection attacks, while also enabling new defense mechanisms. The rise of AI agents and unauthorized tools complicates security management, requir...
Read More » -
Security Researchers Uncover New LockBit Ransomware Targets
The LockBit ransomware group has officially resumed operations in late summer 2025, with at least a dozen new victims confirmed across multiple continents, indicating their infrastructure and affiliate network are fully functional again. A new LockBit 5.0 variant is being used in half of the rece...
Read More » -
Microsoft GoAnywhere Bug Fuels Medusa Ransomware Attacks
A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere platform allows unauthenticated attackers to execute remote code, prompting urgent patching and removal of internet exposure. The flaw was exploited as a zero-day by Storm-1175, who used legitimate tools for reconnaissance and deplo...
Read More » -
Hackers Now Use RMM Tools for Phishing Attacks
Threat actors are using legitimate remote monitoring and management (RMM) software to gain unauthorized access to devices through deceptive tactics like fake browser updates and fraudulent meeting invitations. These attacks leverage trusted platforms such as ITarian, PDQ, and Atera to establish c...
Read More » -
Senator Accuses Microsoft of "Gross Cybersecurity Negligence"
Senator Ron Wyden has called for a federal investigation into Microsoft's cybersecurity practices, citing negligence that has left critical infrastructure vulnerable to attacks. Wyden specifically highlighted a ransomware attack on Ascension Health, where hackers exploited a vulnerability via a m...
Read More » -
Cybercriminals Target Drug Formulas and Patient Data
Cybercriminals target pharmaceutical companies for valuable clinical trial data, patient records, and proprietary formulas, posing significant financial and public health risks. Data breaches in the sector average $4.61 million per incident, with ransomware and third-party vulnerabilities leading...
Read More » -
Sen. Wyden Demands FTC Probe Into Ascension Ransomware Attack
Senator Ron Wyden has requested an FTC investigation into Microsoft's cybersecurity practices following a ransomware attack on Ascension that compromised 5.6 million patients' data. The breach was enabled by a contractor clicking a malicious link and attackers exploiting Microsoft's default confi...
Read More » -
SonicWall warns admins: Disable SSLVPN now to stop attacks
SonicWall has issued an urgent alert to disable SSLVPN services due to potential zero-day exploits targeting Gen 7 firewalls, with ransomware attacks bypassing multi-factor authentication. Security researchers suspect an unpatched flaw in SonicWall’s SSL VPN technology, advising immediate mitigat...
Read More » -
Infostealer Attacks Surge 800% - Protect Your Credentials Now
Identity-based attacks are surging, with 1.8 billion stolen credentials in early 2025, an 800% increase, highlighting the need for stronger defenses like multi-factor authentication (MFA). Over 20,000 new vulnerabilities were disclosed, with 12,200 not yet in the National Vulnerability Database (NV...
Read More » -
Ransomware Gangs Shift to Data Theft as Backups Improve
Business email compromise (BEC) and funds transfer fraud now dominate cyber insurance claims, accounting for 58% of incidents, with social engineering tactics involved in 71% of fraud cases. Ransomware claims, while a smaller share, show surging financial demands with average initial ransoms exce...
Read More » -
Top 6 Cyber Threats to Watch in 2026
The cybersecurity landscape is defined by a dangerous synergy between AI and human ingenuity, creating adaptive, automated threats that require a proactive, intelligence-driven security posture beyond traditional defenses. Key emerging threats include autonomous agentic AI exploits, weaponized de...
Read More » -
Festive Season Fraud Fears: No Major Breach Spike Expected
Recent data analysis shows no significant seasonal spike in cyberattacks targeting retailers during peak shopping periods, with incident reports remaining relatively stable across quarters. Security experts advise retailers to adopt continuous security assurance and maintain cyber resilience year...
Read More » -
AI-Generated Malware: The Real Threat vs. The Hype
Google's report identifies five AI-generated malware samples, all of which are unsophisticated and pose minimal real-world cybersecurity risk compared to professional threats. The malware, including PromptLock, lacks advanced features like persistence and evasion, functioning as proof-of-concepts...
Read More » -
Cognizant and Rubrik Partner to Deliver Business Resilience-as-a-Service
Cognizant and Rubrik have launched a Business Resilience-as-a-Service (BRaaS) solution, offering a flexible, subscription-based model to help enterprises recover from cyberattacks and ensure operational continuity. The rise of AI increases IT complexity and expands the attack surface, necessitati...
Read More » -
Patient Safety at Risk: The Hidden Cost of Hospital Hacks
Nearly all U.S. healthcare organizations experienced multiple cyberattacks in the past year, primarily involving ransomware, cloud account takeovers, and supply chain compromises, posing a direct threat to patient safety. These cyber incidents severely disrupt patient care, with 72% of providers ...
Read More » -
Cybercrime Crisis: Developing Economies Lag Behind
Developing economies face disproportionate cybercrime impacts due to underinvestment in cybersecurity, viewing it as a luxury rather than a necessity, which leads to vulnerabilities and attracts individuals to illicit activities as an economic alternative. Africa experiences a sharp rise in cyber...
Read More » -
Europol Cracks Down on The Com's Ransomware Networks
Europol's Project Compass has disrupted a decentralized cybercrime network called The Com, resulting in 30 arrests and the identification of 179 individuals across 28 nations. The Com, composed largely of young people, recruits on social platforms and has escalated from sextortion to sophisticate...
Read More » -
1Password's New Anti-Phishing Tool Protects Your Weakest Link
AI-powered phishing scams are creating sophisticated, convincing fake websites at scale, posing a significant threat to both individuals and corporations as a common entry point for attacks. 1Password's new phishing protection feature counters this by issuing a warning when users manually paste c...
Read More » -
NHS Demands Urgent Cybersecurity Upgrades in Open Letter
The UK's NHS is adopting a more structured, mandatory strategy to strengthen cybersecurity across healthcare, moving beyond previous voluntary measures to directly engage technology suppliers. This initiative is a collaborative partnership focused on identifying supply chain risks and agreeing on...
Read More » -
Olympic Cybersecurity: A Prime Target for Attackers
The immense scale and rapid deployment of temporary digital infrastructure for the Olympics creates a uniquely vulnerable target for cyberattacks, driven by financial gain, espionage, and public disruption. Financially motivated threats include ransomware targeting critical systems and widespread...
Read More » -
20% of Data Breaches Require Two Weeks to Recover
A major data breach can cripple business operations for up to two weeks and cost millions of dollars, highlighting the critical need for robust cyber-resilience strategies that prioritize rapid recovery. Despite increasing threats, organizational preparedness is declining, with fewer companies re...
Read More » -
Critical Veeam Flaws Let Hackers Execute Code on Backup Servers
Veeam has released a critical security patch for its Backup & Replication software to address a high-severity remote code execution vulnerability (CVE-2025-59470) that requires privileged account access. The update fixes two additional vulnerabilities, including one allowing remote code execution...
Read More » -
2025's Most Devastating Cyberattacks Exposed
The cyber threat landscape has shifted towards sophisticated supply chain attacks, where breaches of third-party vendors like Gainsight and Salesloft led to widespread data exposure at major corporations including Cloudflare, Verizon, and Cisco. The Clop ransomware group exploited a critical vuln...
Read More » -
Noisy Ransomware Uncovered a Long-Term Espionage Operation
A ransomware group's disruptive attack on two Russian companies inadvertently exposed a long-running, sophisticated cyber espionage operation, highlighting how a visible breach can mask a more insidious threat. The espionage group, QuietCrabs, used a stealthy multi-stage attack with unique malwar...
Read More » -
London Councils Hit by Major Cyberattacks
The Royal Borough of Kensington and Chelsea and Westminster City Council are jointly managing a severe cybersecurity breach that has disrupted essential services, including telephone systems, and are coordinating with national cybersecurity authorities. Shared IT systems among the councils likely...
Read More »