Topic: ransomware groups
-
Ransomware Attacks Surge as Extortion Tactics Evolve
Ransomware data leaks surged dramatically in late 2025, with victim organizations posted to extortion sites increasing by 50% from the prior quarter, even as the overall number of active ransomware gangs decreased. The threat evolved with attackers now systematically stealing and leaking data to ...
Read More » -
U.S. Sanctions Russian Hosting Service for Ransomware Role
The U.S., U.K., and Australia have imposed sanctions on Russian bulletproof hosting services for enabling ransomware operations, cybercrimes, and ignoring law enforcement takedown requests. Key targets include Media Land and its affiliates, which supported ransomware groups like LockBit and facil...
Read More » -
Ransomware Attacks Surge to Record High in 2025
Ransomware attacks reached a record high in 2025, with a 30% surge in publicly named victims and a peak of 124 active criminal groups. Artificial intelligence is fueling the threat by lowering technical barriers, enabling more effective phishing and malware development for both new and establishe...
Read More » -
ShadowSyndicate Expands: New Technical Markers Reveal Growth
The ShadowSyndicate cybercrime infrastructure has expanded, with researchers linking dozens of servers through the repeated reuse of specific SSH fingerprints and access keys, revealing continued coordination. The infrastructure supports multiple attack methods, serving as command-and-control nod...
Read More » -
UK, US, Australia Sanction Russian Cyber Host Media Land
The United Kingdom, United States, and Australia have jointly sanctioned three bulletproof hosting providers and four Russian executives for enabling ransomware operators and cybercriminals by supplying critical infrastructure. These services are essential to the cybercrime underworld, allowing t...
Read More » -
Ransomware Attacks Surge 13% as Leak Sites Target More Victims
European organizations experienced a 13% surge in ransomware attacks, with the UK, Germany, Italy, France, and Spain being the most targeted, and the manufacturing sector was the most vulnerable. The majority of incidents involved both file encryption and data theft, with groups like Akira and Lo...
Read More » -
Yanluowang Ransomware Broker Pleads Guilty in Landmark Case
Aleksey Volkov, a Russian national, admitted to providing initial network access for Yanluowang ransomware attacks on at least eight U.S. companies from 2021 to 2022, facilitating ransom demands ranging from $300,000 to $15 million. The FBI identified Volkov through his Apple iCloud, cryptocurren...
Read More » -
Global Crackdown Intensifies on Cybercrime Networks
Global law enforcement is achieving unprecedented coordination, with major international operations dismantling cybercrime networks and seizing billions in illicit assets like Bitcoin. Southeast Asia and Africa are key hotspots, with operations targeting forced-labor scam compounds and large-scal...
Read More » -
Ransomware Payouts Hit Record $3.6M as Attacks Evolve
The average ransom payment surged 44% to a record $3.6 million, even as the number of ransomware incidents decreased, indicating a shift toward more targeted attacks. Despite fewer attacks, 70% of victimized organizations paid ransoms, with critical sectors like healthcare and government facing a...
Read More » -
UK & US Charge Alleged Scattered Spider Hackers
Two key members of the Scattered Spider cybercrime group, Thalha Jubair and Owen Flowers, have been arrested and charged in the U.S. and U.K. for their roles in numerous damaging cyber intrusions, including attacks on critical infrastructure and corporate networks. The suspects are accused of usi...
Read More » -
Microsoft Defender Stops Email Bombing Attacks in Office 365
Microsoft Defender for Office 365 now includes automatic detection and blocking of email bombing attacks, protecting organizational inboxes without requiring manual setup. The new 'Mail Bombing' feature, fully deployed by July 2025, diverts suspicious emails to Junk and allows monitoring via Thre...
Read More » -
Ingram Micro Ransomware Attack Impacts 42,000 People
A ransomware attack on Ingram Micro in July 2025 compromised the personal data of over 42,000 people, including sensitive identification and employment records. The breach, claimed by the SafePay ransomware gang, caused major operational disruption and involved the theft of approximately 3.5 tera...
Read More » -
Crypto Laundering Service Shut Down in Major Law Enforcement Bust
An international law enforcement operation led by Germany and Switzerland, with support from Europol and Eurojust, has dismantled the cryptocurrency laundering service Cryptomixer, seizing over 25 million euros in Bitcoin and 12 terabytes of data. The service, targeted in Operation Olympia, was a...
Read More » -
Hacker Steals 2.3TB of Data from Italian Rail Giant Almaviva
A threat actor stole 2.3 terabytes of sensitive corporate data from Almaviva, a service provider for Italy's state-owned railway operator, and published it on a dark web forum. The leaked data includes confidential documents, internal files, HR archives, and contracts, with analysis confirming it...
Read More » -
FBI Shuts Down Major Ransomware Hub: RAMP Forum
U.S. authorities seized the Russian Anonymous Marketplace (RAMP), a major dark web forum central to ransomware tool trading and discussion, dealing a significant blow to the cybercrime ecosystem. The forum, which emerged in 2021 and was linked to the Babuk ransomware group, became a primary hub f...
Read More » -
BridgePay Outage Caused by Ransomware Attack
A ransomware attack on BridgePay Network Solutions, a major U.S. payment gateway, caused a nationwide disruption to payment processing, forcing key systems offline and impacting numerous merchants and organizations. While the attack encrypted files, BridgePay's preliminary investigation indicates...
Read More » -
Kyowon Hit by Ransomware Attack, Data Stolen
The Kyowon Group, a major South Korean conglomerate, suffered a ransomware attack in January that disrupted services and led to confirmed data theft from its servers. While the full scope is under investigation, the breach potentially affects millions of customers, but the company has not yet con...
Read More » -
French Agency Pajemploi Data Breach Exposes 1.2 Million Users
A data breach at France's Pajemploi platform has compromised the personal information of 1.2 million users, primarily affecting professional caregivers and their employers using the URSSAF-managed service. Exposed data includes names, social security numbers, and banking institution details, but ...
Read More » -
Leroy Merlin Data Breach Exposes Customer Information
Leroy Merlin, a major international retailer, has confirmed a cyberattack that compromised the personal data of its customers in France. The exposed data includes sensitive information like names, contact details, dates of birth, and loyalty program data, but not financial details or passwords. W...
Read More » -
5.8M Customers Hit in 700Credit Dealership Data Breach
A data breach at 700Credit exposed sensitive personal information of approximately 5.8 million individuals, stemming from a security failure at an integration partner that was not promptly reported. The vulnerability was a poorly designed API that allowed unauthorized access and exfiltration of d...
Read More »