All news with #ransomware gang tag

🔍 German authorities have identified the operator of the notorious GandCrab ransomware as Danii Shchukin, who used the aliases UNKN and Unknown and is believed to have led the GandCrab/Revi group. Europol has added Shchukin and an associate, Anatoly Kravchuk, to its most-wanted list amid allegations of organized and commercial extortion dating to 2019. German police say Shchukin is accused in 130 cases, with €1.9 million paid in 25 incidents and total economic damage estimated at €35.4 million; both suspects are believed to be in Russia but could be operating in other countries.

🔒 In the latest episode of Brass Tacks: Talking Cybersecurity, Joe Robertson interviews Jürgen Stock, former INTERPOL secretary general, about how cybercrime has matured into a scalable, low‑risk, high‑profit industry. They outline an underground economy of specialized services—malware creation, access brokerage, extortion, laundering—often sold with support and guarantees. Stock warns that individuals, businesses, and critical infrastructure are all at risk, and that disciplined cyber hygiene, preparedness, and public–private cooperation remain the most effective defenses.

🔍 German Federal Police (BKA) have identified two Russian nationals as the leaders of GandCrab and REvil between 2019 and 2021. The suspects — 31‑year‑old Daniil Maksimovich Shchukin (alias UNKN/UNKNOWN) and 43‑year‑old Anatoly Sergeevitsch Kravchuk — are linked to at least 130 extortion cases in Germany. At least 25 victims paid roughly $2.2 million, with total damages estimated above $40 million; authorities believe both are now in Russia and have released identifying images to solicit tips.

🔎 German Federal Police (BKA) say they have identified two Russian nationals as alleged leaders of the GandCrab and REvil ransomware operations active from 2019 to 2021. Authorities attribute at least 130 extortion cases in Germany to the pair, with 25 victims paying roughly $2.2 million and estimated total damages exceeding $40 million. Images, including tattoo photos, have been released and the suspects are listed on the EU Most Wanted portal as authorities seek public tips.

🚨 Hambardzum Minasyan has been extradited to the United States and charged over his alleged role as a principal developer of RedLine, a prolific infostealing malware. Prosecutors say he set up virtual servers, domains and a cryptocurrency account to distribute and monetize the malware and provided customer support to affiliates. The arrest follows the international Operation Magnus seizure of RedLine infrastructure, which yielded a database that aided investigators. Authorities urge organizations and individuals to strengthen cybersecurity and review the Operation Magnus resources to check for exposed credentials.

🔎 Investigators have launched a worldwide manhunt for two suspects believed to be central figures in ransomware campaigns that hit 130 companies and institutions in Germany between 2019 and 2021. Authorities at the Cybercrime Center of the Karlsruhe Public Prosecutor's Office and the State Criminal Police Office of Baden-Württemberg say the men include an alleged group leader and the suspected programmer of the malware. Victims paid about €1.8 million in 25 cases, with estimated overall damage of around €35 million.

🚨 The UK has imposed sanctions on the China-based cryptocurrency marketplace Xinbi, accusing it of enabling large-scale scam operations across Southeast Asia and facilitating crypto laundering. Authorities say Xinbi, which reportedly handled over $19.7 billion of inflows, sold victim data and traded satellite internet equipment used to contact targets. The action targets Xinbi and related firms and individuals linked to the Prince Group and #8 Park, and includes plans to freeze London properties.

🔒Bearlyfy, a pro-Ukrainian group also tracked as Labubu, has been linked to more than 70 attacks on Russian companies and began deploying a proprietary Windows ransomware called GenieLocker in March 2026. The group combines extortion and sabotage, often gaining initial access via vulnerable external services and deploying remote tools like MeshAgent. According to vendor F6, about one in five victims pay ransoms, and demand amounts have grown substantially.

🔍 The North America threat landscape hardened in 2025, with incidents becoming more concentrated, repeated and driven by persistent adversaries. Publicly recorded incidents were dominated by the United States, which accounted for roughly 93% of cases. The report highlights three dynamics shaping risk, including a stable, competitive extortion economy, recurring attack patterns, and predictable windows of opportunity. Organizations should expect pressure over surprise into 2026 and adjust defenses accordingly.

🔒 A Russian national, 26-year-old Aleksey Olegovich Volkov (aliases "chubaka.kor" and "nets"), was sentenced to 81 months in U.S. federal prison after pleading guilty to acting as an initial access broker for the Yanluowang ransomware operation. Between July 2021 and November 2022 he sold corporate network access to at least eight U.S. companies, enabling affiliates to deploy ransomware and demand payments. The FBI recovered chat logs, stolen data, victim credentials, and evidence of ransom negotiations after seizing a server tied to the gang, and traced Volkov through Apple iCloud, cryptocurrency exchange records, and social media. He was arrested in Italy in January 2024, extradited to the U.S., and ordered to pay over $9.16 million in restitution and forfeit equipment used in the crimes.

🔒 Aleksei Volkov, a Russian initial access broker tied to dozens of ransomware incidents that produced more than $9m in documented victim losses, has been sentenced to 81 months in a US federal prison. He pleaded guilty to offenses including trafficking in access information, access device fraud and aggravated identity theft. Volkov was linked to Yanluowang and other cybercrime groups, and has agreed to pay at least $9.2m in restitution.

🔒 The U.S. Department of Justice has charged Angelo Martino, a former DigitalMint ransomware negotiator, with one count of conspiracy to interfere with interstate commerce by extortion after he surrendered on March 10. Unsealed court documents allege Martino shared confidential negotiation details with BlackCat operators and, between April 2023 and April 2025, participated in attacks alongside former colleagues Kevin Tyler Martin and Ryan Goldberg. Prosecutors say the group acted as BlackCat affiliates, paying administrators a 20% cut and extorting at least five U.S. organizations, including a Tampa medical device manufacturer that paid $1.27 million. DigitalMint said it terminated the employees and has cooperated with law enforcement.

🐛 A dormant self‑propagating JavaScript worm that hadn't been active since 2024 was accidentally reawakened by a Wikipedia security engineer, briefly vandalising pages with giant woodpecker images. In a separate case, a contractor entrusted with US Marshals' seized cryptocurrency is accused of stealing about $46 million and allegedly boasted on a recorded Telegram call. Host Graham Cluley and guest Tricia Howard discuss these incidents alongside wider cybercrime takedowns and industry security lessons.

🔒 A Ghanaian national, Derrick Van Yeboah, has pleaded guilty to conspiracy in a global fraud ring blamed for over $100 million in victim losses. Prosecutors say Van Yeboah impersonated romantic partners and corporate leaders to induce victims and orchestrated laundering of stolen funds, accounting for roughly 10% of the operation's take. He faces up to 20 years in prison and agreed to $10.1m in restitution and forfeiture; his plea follows extradition and indictment last year.

🔐 A Russian national, Evgenii Ptitsyn, pleaded guilty to a wire fraud conspiracy for administering the Phobos ransomware operation that victimized hundreds worldwide. Extradited from South Korea in November 2024, prosecutors say the RaaS campaign — linked to the Crysis family — collected over $39 million from more than 1,000 victims and accounted for roughly 11% of ID Ransomware submissions in mid‑2024. Affiliates paid about $300 per deployment for decryption keys; Ptitsyn faces up to 20 years and is scheduled for sentencing on July 15. International law enforcement actions, including Operation Aether, have disrupted parts of the gang and warned over 400 companies.

🔒 Chainalysis reports that total ransomware cryptocurrency payments fell 8% year-on-year to $820m in 2025, even as the number of victims surged 50% to make 2025 the most active year on record. Payment rates dropped from 63% in 2024 to 29% in 2025, while the median ransom rose 368% to $59,556. The firm attributes these shifts to improved incident response, global disruption of infrastructure and laundering networks, cryptographic flaws in strains like VolkLocker, and fragmentation of ransomware-as-a-service into numerous smaller groups.

🧭 Europol's Project Compass has targeted The Com, a transnational online collective linked to extortion, ransomware and violent abuse. Over the past 12 months the operation resulted in 30 arrests and the full or partial identification of 179 alleged members, while several victims were identified and safeguarded. The initiative spans EU states, Norway, Switzerland and all Five Eyes partners and focuses on disrupting recruitment and account-takeover tactics such as phishing, vishing and SIM swapping, as well as the group's links to extremist and Russian cyber-criminal networks.

🔒 A Moscow resident has been accused of attempting to extort the notorious ransomware group Conti by impersonating an officer of Russia's Federal Security Service (FSB). Russian reports say Ruslan Satuchin contacted a Conti member in September 2022, demanding payment in exchange for influencing law-enforcement actions. Satuchin denies the allegations and is in pre-trial detention amid concerns about witness intimidation; if convicted he faces up to ten years and a fine of one million rubles. The case follows the 2022 leak that dismantled much of Conti and scattered its operators to other ransomware families.

🔒 Wynn Resorts confirmed an employee data breach after being listed on the ShinyHunters extortion group's leak site and said it activated incident response procedures. The company engaged external cybersecurity experts to investigate and reported that an unauthorized third party acquired certain employee data. Attackers claimed the stolen data had been deleted; Wynn said it has seen no evidence of publication or misuse to date and that guest operations remain unaffected. The company is offering complimentary credit monitoring and identity protection services to employees.

🛡️ Operation Red Card 2.0, led by INTERPOL and law enforcement from 16 African nations between December 8, 2025 and January 30, 2026, targeted infrastructure and actors behind high-yield investment scams, mobile money fraud, and fraudulent loan apps. Authorities arrested 651 suspects, recovered over $4.3 million, confiscated 2,341 devices and disrupted 1,442 malicious IPs, domains and servers. The operation linked scams to more than $45 million in losses and identified 1,247 victims, underscoring the value of multinational cooperation against transnational cybercrime.