All news with #double extortion tag

🔒 The BMW Group has been named on the darknet by the Everest ransomware group, which claims to have stolen critical BMW audit documents, according to screenshots reported by Cybernews. The gang placed two countdown timers on its onion site—one running to Sept. 14 and a second giving BMW 48 hours to make contact. BMW has not commented and the extortionists have not confirmed whether customer or personal data were taken; Cybernews researcher Aras Nazarovas advises waiting for a published sample to assess the scope.

🔒 Finnish prosecutors have charged 28-year-old US citizen Daniel Lee Newhard, an Estonia resident, with aiding and abetting the extortion tied to the notorious 2018 Vastaamo psychotherapy breach. Authorities say IP logs connected extortion infrastructure to an Estonian internet connection and to the suspect’s home address; Newhard denies the allegations. This development follows earlier convictions and ongoing appeals related to the broader Vastaamo scandal.

🔒 Zscaler's annual ThreatLabz Ransomware Report (April 2024–April 2025) warns of a marked rise in extortion-focused attacks: incidents increased 146% year-over-year while exfiltrated data grew 92%. The vendor attributes this to a strategic shift from pure encryption to data theft and public shaming, with criminals using stolen files as leverage. Researchers also report that generative AI is increasingly incorporated into attackers' playbooks to enable more targeted and efficient campaigns. The U.S. accounted for half of all recorded attacks, Germany saw a nearly 75% rise and is the EU's most affected country, and the most-targeted sectors were manufacturing, technology and healthcare.

🔒 A newly identified ransomware group called Yurei is conducting double-extortion attacks, encrypting files and exfiltrating sensitive data before demanding payment. First observed by Check Point Research on September 5, Yurei has targeted organizations in Sri Lanka, India and Nigeria and may have ties to Morocco. Built largely from open-source Prince-Ransomware code, the malware encrypts each file using per-file ChaCha20 keys protected with ECIES, appending a .Yurei extension, and attempts to provide a ransom page and .onion contact. Although the early variant omits some operational features (for example it fails to set a ransom wallpaper and does not remove Windows shadow copies), the group still threatens publication of stolen data to pressure victims.

🛡️ Yurei ransomware emerged on September 5, quickly claiming victims in Sri Lanka, India and Nigeria within its first week. The payload is largely copied from the open-source Prince-Ransomware project, illustrating how easily attackers can deploy commodity code. Although technical flaws allow partial recovery, Yurei focuses on data theft and public exposure to coerce payments. Early indicators point to links with Morocco, signaling a geographically shifting threat landscape.

⚠️ Warlock is a ransomware operation that emerged in 2025 and uses double extortion — encrypting systems and threatening to publish stolen data to coerce payment. The group has targeted government agencies and critical service providers across Europe, and on August 12 a cyber incident disrupted UK telecom Colt Technology Services, with an alleged auction of one million stolen documents. Security analysts link recent intrusions to exploitation of the SharePoint vulnerability CVE-2025-53770, which Microsoft says is actively exploited; Microsoft has published analysis and urges immediate patching. Recommended mitigations include enforcing multi‑factor authentication, keeping security tools and software patched, maintaining secure off‑site backups, reducing attack surface, encrypting sensitive data, and educating staff on phishing and social engineering.