< ciso
brief />
Tag Banner

All news with #ransomware tag

463 articles · page 19 of 24

London police arrest teenagers after nursery data doxing

🔒 Two 17-year-old suspects were arrested in Bishop's Stortford on suspicion of blackmail and computer misuse after an investigation into the doxing of children following a ransomware attack on a chain of London nurseries. The incident aligns with a September 25 breach affecting Kido nurseries, where a group known as Radiant Group claimed to have stolen sensitive data and photos of over 1,000 children. Attackers posted some images and addresses on a dark web leak site and later removed the files on October 2 after failing to extort the company and making threatening calls to parents. Nursery software provider Famly said its infrastructure was not breached, while UK authorities described the case as deeply distressing and said investigations continue.
read more →

Chaos Ransomware Evolves: Faster, Smarter, More Destructive

⚠️ Chaos-C++ is a resurfaced C++ ransomware strain identified in 2025 that combines fast AES encryption, deliberate deletion of very large files, and a clipboard-hijacking capability to steal cryptocurrency payments. It employs a stealthy downloader that masquerades as a system optimizer, uses Windows CryptoAPI where available and a weaker XOR fallback otherwise, and appends a .chaos extension to affected files. Victims also see destructive post-infection commands that remove shadow copies and hinder recovery, and ForsGuard detections are available for protection.
read more →

Qilin Ransomware Disrupts Mecklenburg County Schools

🔒 A Russian-linked ransomware group, Qilin, has claimed responsibility for a September 2, 2025 attack that disrupted Mecklenburg County Public Schools and said it exfiltrated 305 GB of data, including financial records, grant documents, budgets and children’s medical files. The attack forced teachers offline for about a week while internet systems were restored. Superintendent Scott Worner said the district does not currently intend to pay the ransom and is still assessing the scope, urging other districts to review cyber-insurance and preparedness.
read more →

From Ransom to Revenue Loss and Recovery Costs for Business

🔒 Ransomware now inflicts costs far beyond ransom payments, driving operational downtime, reputational damage, and regulatory exposure that directly erode the bottom line. The 2025 Unit 42 report shows median initial extortion demands rose to $1.25M and commonly equate to about 2% of perceived annual revenue. While roughly 48% of victims paid in 2024, Unit 42 negotiation reduced median paid demands to about 0.6% of PAR, yet attackers’ disruptive tactics increasingly amplify recovery costs. Strengthening backups, segmentation, and an incremental zero trust posture are key to limiting impact and shortening recovery timelines.
read more →

Discord Confirms Customer Data Breach via Third-Party

🔒 Discord has disclosed a data breach after a third-party customer support provider was compromised, allowing a ransomware actor to access limited customer information. Potentially exposed data includes names, Discord usernames, contact details, last four digits of payment cards, IP addresses, messages with support agents and a small number of government ID images submitted for age appeals. Discord says no passwords, full card numbers or CVVs were accessed and is contacting affected users and authorities.
read more →

Microsoft: Critical GoAnywhere Flaw Used in Ransomware

⚠️ Microsoft warns that a critical deserialization vulnerability, CVE-2025-10035, in Fortra's GoAnywhere MFT License Servlet Admin Console is being actively exploited in ransomware campaigns. The flaw (CVSS 10.0) enables attackers to bypass signature verification and deserialize attacker-controlled objects, potentially resulting in command injection and remote code execution on internet-exposed instances. Customers are urged to apply Fortra's patch, harden perimeter controls and run endpoint defenses in block mode to detect and stop post-breach activity.
read more →

XWorm Backdoor Returns with Ransomware and 35+ Plugins

🛡️ New variants of the XWorm backdoor (6.0, 6.4, 6.5) are being distributed via phishing campaigns after the original author, XCoder, abandoned the project. Multiple operators have adopted these builds, which now support more than 35 plugins enabling data theft, remote control, and a ransomware module that encrypts user files and drops HTML ransom notes. Trellix observed diverse droppers and recommends layered defenses including EDR, email/web protections, and network monitoring.
read more →

Ransomware and Phishing Threats Escalate for German SMEs

🔒 German SMEs face a sharp rise in ransomware and data-exfiltration incidents, with leak-site publications more than quadrupling from 2021 to 2024. Authorities report that 80% of analyzed ransomware incidents targeted small and medium-sized enterprises, often using double extortion. Attackers favor targeted phishing—executives receive on average 57 such attempts yearly—and many firms lack adequate defenses amid staffing shortages and overly complex security stacks.
read more →

Ransomware Halts Asahi Production, Japan Faces Shortage

🍺 A ransomware attack has forced Asahi Group Holdings to suspend production at nearly all of its 30 domestic breweries after ordering, delivery and call‑centre systems were disabled. The disruption has prompted the postponement of 12 new product launches and suspension of multiple beverage lines, with retailers warning that popular Asahi Super Dry could run out in days. Asahi reports no evidence so far of personal data leakage while investigations and recovery continue.
read more →

Asahi Confirms Ransomware Attack Disrupting Japan Operations

🔒 Asahi Group Holdings has confirmed a ransomware attack caused IT disruptions that forced shutdowns at its Japanese factories and prompted a switch to manual order and shipment processing. The company says investigations found evidence suggesting potential unauthorized data transfer from compromised devices. Asahi has established an Emergency Response Headquarters and is working with external cybersecurity experts; no cybercriminal group has publicly claimed responsibility.
read more →

Oracle Links Clop Extortion to July EBS Vulnerabilities

🔒 Oracle said some customers received extortion emails tied to its E-Business Suite and linked the campaign to vulnerabilities patched in the July 2025 Critical Patch Update. While Oracle did not attribute the activity to a specific ransomware group, its investigation found potential use of previously identified EBS flaws, including three that were remotely exploitable. Security firms reported executives began receiving ransom demands on or before September 29, 2025. Oracle urged customers to apply the latest patches and contact support if they need assistance.
read more →

Ransomware Incident at Dealer Software Vendor Exposes Data

🔒 A ransomware attack on Motility Software Solutions on August 19, 2025, encrypted portions of its systems and may have exposed personal information for approximately 766,000 customers. The DMS vendor supports about 7,000 dealerships and stores data including names, emails, phone numbers, dates of birth, Social Security numbers, and driver’s license numbers. Motility restored systems from backups, implemented additional security measures, and is offering one year of identity monitoring through LifeLock to affected individuals.
read more →

Google Drive for Desktop Adds AI Ransomware Detection

🔒 Google has begun rolling out an AI-powered ransomware detection feature for Google Drive for desktop. The feature automatically pauses syncing of affected files on Windows and macOS when it detects signs of ransomware, protecting cloud copies though it does not prevent local file encryption. Administrators may disable detection or file restoration via the Admin console, and alerts require Drive version 114 or later.
read more →

EU Agency: Cyber Threat Landscape in Europe Worsens

⚠️ ENISA reports the EU cyber threat landscape has worsened, identifying ransomware as the single most damaging threat due to widespread encryption and costly recoveries. By frequency, DDoS incidents dominate (77% of reported cases), though they typically cause shorter-lived outages. The agency's analysis of 4,875 incidents from July 2024 to June 2025 also highlights concentrated attacks on public administration and a rapid rise in AI-assisted social engineering.
read more →

Data Leak at Kido Kindergartens Exposes Children's Data

🚨 A ransomware group calling itself Randiant claims to have attacked UK childcare operator Kido, publishing names, photos, addresses and family contact details for ten children from one of Kido's London nurseries and threatening to release further data unless a ransom is paid. The attackers' leak page alleges data on more than 8,000 children was exfiltrated. Kido has not yet issued a public statement; London police say an investigation is ongoing. Kido also operates sites in the United States, India and China.
read more →

Manufacturing Cyber Risk Escalates: Executive Priorities

⚠️Manufacturing organizations now face an average of 1,585 cyberattacks per week, a 30% year‑over‑year rise, and ransomware remains the predominant threat. Incidents can incur losses that reach hundreds of millions and in some cases force insolvency. Deep supplier connectivity amplifies exposure because a single compromised vendor can cascade disruption across industries. The report urges executives to prioritize resilience, segmentation, and third‑party risk management.
read more →

Asahi Halts Japan Operations After Cyberattack Disruption

⚠️ Asahi Group Holdings, Japan’s largest brewer, has suspended multiple domestic operations after a cyberattack disrupted ordering and shipping processes. Call center and customer service desks are currently unavailable to the public, and the company says the incident is confined to Japan-based systems. Investigations are ongoing; there is no confirmed leakage of personal or customer data, no public claim by ransomware gangs, and no recovery timeline has been announced.
read more →

UK backs Jaguar Land Rover with £1.5 billion loan guarantee

🔒 The UK Government has granted Jaguar Land Rover a £1.5 billion loan guarantee via UK Export Finance's Export Development Guarantee (EDG) to help the automaker recover after a severe cyberattack halted production and forced system shutdowns. The guarantee backs a commercial bank loan rather than direct state lending, reducing lender risk so JLR can secure larger, better-priced financing and immediate liquidity to pay suppliers. Repaid over five years, the measure is intended to stabilise the supply chain and protect thousands of jobs while JLR works with the NCSC, law enforcement and cybersecurity specialists during a phased return to manufacturing.
read more →

September 2025 security roundup — key incidents and guidance

🔐 Tony Anscombe reviews the top cybersecurity stories for September 2025 and highlights their implications for defenders. Incidents include disruptions at major European airports after a ransomware attack on Collins Aerospace, a prolonged outage at Jaguar Land Rover following an IT breach, and a large npm supply‑chain compromise that drew a CISA alert. He also notes impersonation campaigns targeting macOS users with LastPass‑themed information‑stealers.
read more →

LockBit 5.0 Released: Faster ESXi Encryption, Evasion

🔒 LockBit 5.0 introduces faster ESXi drive encryption and enhanced evasion techniques, according to Trend Micro. The release includes Windows, Linux and VMware ESXi variants featuring heavy obfuscation, ETW patching, DLL reflection and hypervisor-targeted encryption designed to amplify impact. Researcher Jon DiMaggio describes the update as largely incremental fine-tuning and self-branding aimed at restoring affiliate trust after Operation Cronos.
read more →