< ciso
brief />
Tag Banner

All news with #ransomware tag

464 articles · page 12 of 24

Eva Chen on Cybersecurity, AI Risks and Business Resilience

🔒 In the CEO Outlook 2026 survey, Trend Micro CEO Eva Chen describes how rapid AI adoption and expanding cloud footprints are transforming the cyberthreat landscape and elevating business risk. She flags rising ransomware, supply-chain exposures and AI-enabled attacks, and urges firms to prioritize automation, XDR and cloud security. Chen also stresses the role of channel partners and talent development in building resilience against increasingly sophisticated threats.
read more →

Kyowon Confirms Customer Data Theft in Ransomware Attack

🔒 Kyowon Group confirmed a ransomware incident in January that disrupted services and resulted in the theft of customer data. The company says roughly 9.6 million accounts (about 5.5 million people) may be affected and that approximately 600 of its 800 servers were impacted. Kyowon is working with authorities and security experts to investigate, restore services, and will disclose confirmed details to customers.
read more →

DeadLock Ransomware Abuses Polygon Smart Contracts

🔒 Group-IB researchers report that the DeadLock ransomware is using Polygon smart contracts to store and rotate proxy server addresses, enabling more resilient command-and-control. Rather than rely on hard-coded servers, the malware performs read-only calls to blockchain contracts to fetch proxy URLs and uses fallback RPC endpoints to avoid transactions and fees. An HTML component communicates via the Session encrypted messaging platform, while operators also employ AnyDesk and PowerShell to escalate impact; victims' files are suffixed .dlock and ransom notes threaten data sale.
read more →

Belgian Hospital AZ Monica Shuts Down Servers Amid Outage

🔒 Belgian hospital AZ Monica disconnected all servers at 6:32 AM after a cyberattack that forced the cancellation of scheduled procedures and slowed emergency operations. The Emergency Department is operating at reduced capacity and MUG and PIT services are currently offline; seven critical patients were transferred to other hospitals. The hospital has notified authorities and is monitoring the situation while staff rely on paper records; officials have not confirmed whether ransomware was involved.
read more →

Ransomware Gangs Use Compliance Violations to Extort

⚠️ Recent analyses show ransomware groups increasingly threaten victims by reporting alleged regulatory breaches to authorities, adding a compliance layer to the familiar double-extortion model. Researchers at Akamai observed this tactic over the past two years, citing groups such as Anubis and Ransomhub. Attackers target industries with high compliance risk and use AI to rapidly identify and craft legally framed complaints under GDPR, DORA and tightened SEC rules.
read more →

Latin America Sees Sharpest Rise in Cyber Attacks - Dec 2025

📈 In December 2025 organizations experienced an average of 2,027 cyber attacks per organization per week, reflecting a 1% month-over-month and 9% year-over-year increase. Latin America recorded the steepest rise, with 3,065 attacks per week on average, a 26% year-over-year jump. Check Point attributes sharper regional and sector-level spikes primarily to accelerating ransomware operations and growing exposure tied to enterprise adoption of generative AI. The findings signal heightened risk even as overall growth appears moderate.
read more →

University of Hawaii Cancer Center Hit by Ransomware

🔒 The University of Hawaii System says a ransomware gang breached a single research project at the UH Cancer Center on August 31, 2025, and exfiltrated study data that included historical files containing Social Security numbers. Upon discovery, affected systems were disconnected, external cybersecurity experts were engaged, and the university said it negotiated with the threat actors to secure a decryption tool. UH reported arranging for the secure destruction of the illegally obtained data and said it will notify individuals once contact information is confirmed. The institution has installed endpoint protection, replaced compromised systems, reset credentials, updated firewall software, and initiated third-party security audits.
read more →

Cybersecurity Predictions 2026: Hype vs. Actionable Risks

🔍 Bitdefender is hosting a webinar to separate speculative cybersecurity headlines from evidence-based risks organizations should prioritize for 2026. The session centers on three converging trends: ransomware evolving into targeted disruption, uncontrolled internal AI adoption that erodes perimeter assumptions, and a sober assessment of claims about AI-orchestrated adaptive attacks. Attendees receive research-backed guidance to align investments and defenses with real operational risk.
read more →

Six Cyber Threats for 2026 and Recommended Defenses

🔐 Corelight outlines six cyber threats to prioritize in 2026, driven by advances in AI, automation, and more sophisticated social engineering. Key concerns include agentic and shadow AI misuse, deepfakes in phishing, AI-orchestrated ransomware, accelerated vulnerability discovery, stale scanning practices, and multicloud blind spots. Recommendations focus on improved hybrid visibility, continuous scanning, Zero Trust access, digital identity verification, and deploying NDR alongside AI-enabled incident response to reduce detection gaps.
read more →

Ransomhouse Upgrades: Dual-Encryption Attacks on VMware

🔒 Palo Alto Networks warns that the Jolly Scorpius group has significantly upgraded its Ransomhouse RaaS with a dual-key encryption trojan called Mario, combining a 32-byte primary key and an eight-byte secondary key that make recovery extremely difficult. Attack automation via MrAgent targets VMware ESXi hypervisors, enabling rapid cluster-wide encryption and firewall neutralization. The campaign primarily targets German companies; recommended mitigations include hardening virtual environments, immutable backups, and strict network segmentation.
read more →

Sedgwick Confirms Breach at Government Contractor Subsidiary

🔒 Sedgwick has confirmed a security incident affecting its federal contractor subsidiary, Sedgwick Government Solutions. The company says the parent firm's network was not affected and that the incident involved an isolated file transfer system. Sedgwick notified law enforcement, engaged external cybersecurity experts, and reported no evidence of access to claims management servers. The TridentLocker ransomware group claims to have exfiltrated 3.39 GB of documents and posted samples on a Tor leak site.
read more →

New Zealand Orders Review of Manage My Health Breach

🔒 The New Zealand government has launched a review after Manage My Health, a national online patient portal, detected a cyber-attack on 30 December 2025 that may have exposed personal data for roughly 100,000–120,000 users. The vendor says the incident has been contained and the application is secure, but an alleged attacker using the alias 'Kazu' claims to have stolen over 428,000 files and demanded a $60,000 ransom. Health New Zealand, the New Zealand Police and independent forensic teams are involved while the Ministry examines data protections and third-party access across the health system.
read more →

Two Plead Guilty to Running BlackCat Ransomware Operation

🔒 Two cybersecurity professionals, Ryan Goldberg and Kevin Martin, pleaded guilty to conspiring to obstruct, delay, or affect commerce through extortion for their roles in deploying the BlackCat (ALPHV) ransomware against multiple U.S. companies between April and December 2023. They admitted identifying and targeting victims while leveraging ransomware-as-a-service rather than developing the malware themselves, and reached plea agreements in December 2025 that were accepted by the Southern District of Florida. The attacks were tied to more than $9.5 million in losses, though authorities traced roughly $324,123.26 in proceeds to the defendants; both face up to 20 years in prison.
read more →

Cybercrime Inc.: When Hackers Outpace Corporate IT and Defenses

🔍 Cybercrime has evolved into a structured, global underground economy that frequently outperforms corporate IT in speed, efficiency and scale. Organized groups now run with defined roles, measurable KPIs and productized offerings such as Ransomware-as-a-Service, enabling nontechnical affiliates to launch high-impact attacks. The decisive metric is no longer if an organization will be targeted but how quickly it can recover and limit reputational and operational damage.
read more →

Cybercrime Inc.: How Organized Hackers Outpace IT Defenses

⚠️ Cybercrime has matured into a structured, global underground economy that often outstrips corporate defenders. Groups now operate with division of labor, formal processes and professional marketing, and Ransomware-as-a-Service offerings enable nontechnical actors to lease malware, support and revenue-sharing schemes. The result is scalable, fast-moving criminal supply chains that exploit human error, weaponize stolen data and exploit slow, bureaucratic response models. Organizations must move beyond pure prevention to measurable resilience, rehearsed recovery and decisive incident leadership.
read more →

US Cybersecurity Experts Plead Guilty in BlackCat Attacks

🔒 Two former employees of cybersecurity firms have pleaded guilty to conducting BlackCat (ALPHV) ransomware attacks against multiple U.S. companies in 2023, admitting to conspiracy to obstruct commerce by extortion. The defendants, Ryan Clifford Goldberg and Kevin Tyler Martin, formerly worked at Sygnia and DigitalMint respectively and face up to 20 years in prison with sentencing set for March 12, 2026. Prosecutors allege the pair, together with a third accomplice, breached networks across sectors including healthcare and manufacturing and received ransom proceeds after encrypting victims' servers.
read more →

Romanian Energy Provider Hit by Gentlemen Ransomware

🔒 Oltenia Energy Complex, Romania's largest coal-based energy producer, suffered a ransomware attack on the second day of Christmas that disrupted its IT infrastructure. Some documents were encrypted and key applications — including ERP, document management, email, and the corporate website — became temporarily unavailable. The company said operations were only partially affected and the National Energy System was not jeopardized while teams rebuild systems from backups and cooperate with authorities.
read more →

December 2025 cybersecurity roundup by Tony Anscombe

📰 ESET Chief Security Evangelist Tony Anscombe reviews the key cybersecurity stories closing out 2025, spotlighting significant incidents and trends. He highlights FinCEN's finding that U.S. organizations paid over $2.1 billion in ransomware between 2022 and 2024, and legal action by the Texas Attorney General against major TV manufacturers for alleged secret collection of viewing data. Tony also examines notable breaches and the tactics used by threat actors, offering practical perspective on risks and resilience.
read more →

Interpol Operation Sentinel Disrupts Cybercrime in Africa

🔍 Interpol’s month-long Operation Sentinel targeted cybercriminal infrastructure across 19 African countries, producing 574 arrests, the decryption of six ransomware strains, and the takedown of roughly 6,000 malicious links. The sweep also uncovered a business email compromise (BEC) scheme that nearly cost a petroleum company $7.9 million and helped recover about $3 million. National law enforcement teams in Ghana, Benin and Cameroon executed targeted takedowns, recovered terabytes of data, and seized devices and servers with assistance from private cybersecurity organizations.
read more →

Top Ransomware Trends of 2025: Activity and Impact

🔍 Ransomware activity in 2025 remained high, with 306 groups and 7,902 victims listed on data leak sites, according to Ransomware.live. While coordinated takedowns and anti-cybercrime actions were quieter than in 2024, both emergent collectives (Scattered Spider, Lapsus$, ShinyHunters) and established syndicates continued to generate incidents. The most prolific actors — Qilin, Akira and Clop — claimed the largest shares of victims, and the United States accounted for nearly half of the reported targets.
read more →