< ciso
brief />
Tag Banner

All news with #ransomware tag

463 articles · page 2 of 24

Iran-linked MuddyWater Poses as Chaos Ransomware

🔍 Analysis by NCC Group reveals Iran-linked MuddyWater impersonated the Chaos ransomware group to mask espionage operations. The report, published June 24, details how operators used extortion notes, negotiation channels and a leak site listing to simulate a financially motivated attack. Researchers warn that state-backed actors increasingly adopt cybercriminal tradecraft, complicating detection and response.
read more →

MPs Warn UK Museums Face Cybersecurity Shortfalls

🛡️ Parliament’s Public Accounts Committee has criticised the Department for Culture, Media and Sport for a reactive approach to cybersecurity, leaving national galleries and museums exposed. The PAC highlighted incidents including a ransomware attack on the British Library and thefts from the British Museum as evidence of systemic failings. It calls on DCMS to set out concrete actions, share lessons across the sector, and address skills shortages and legacy technology.
read more →

One intrusion, two attackers: uncovering parallel threats

🔍 Microsoft DART describes a complex multi-stage intrusion where two unrelated threat actors operated simultaneously, blending ransomware tactics with stealthy reconnaissance and persistence. Investigators observed exploitation attempts against on-premises SharePoint, use of legitimate tools like Velociraptor, cloud tunneling, credential misuse, and DLL sideloading to maintain access and evade detection. Coordinated telemetry correlation and threat intelligence enabled containment and targeted remediation guidance.
read more →

Tabletop simulates modern retail ransomware mayhem

🔍 The Semperis-run "Enter the War Room" tabletop at Infosecurity Europe simulated a ransomware and reputational attack on fictional supermarket BlueCart. Red-team operators exploited supplier trust, stolen credentials, weak MFA, and poor network segmentation to access AI supply-chain systems and exfiltrate loyalty data. Attackers combined misinformation, deepfakes, fake orders, and payroll disruption to magnify harm, while defenders focused on out-of-band communications, honeypots, and refusing ransom demands to limit impact.
read more →

INTERPOL: Cybercrime Surge in Asia and South Pacific

🔍 INTERPOL warns of a dramatic rise in cybercrime across Asia and the South Pacific driven by rapid digitalization, organized criminal networks, and uneven cybersecurity maturity. Phishing is identified as the most widespread and costly threat, while ransomware, AI-driven scams, deepfakes, and banking trojans have also surged. Authorities are scaling cross-border cooperation and resilience efforts to counter these threats.
read more →

Prinz Eugen ransomware targets recent files first

🛡️ Threatdown and Malwarebytes researchers detail a new hands-on-keyboard ransomware called Prinz Eugen that prioritizes recently modified files for encryption and leaves no ransom note on compromised systems. Initial access is likely via stolen RDP credentials, with attackers manually deploying a payload named servertool.exe and sometimes using legitimate RMM tools like RemotePC for persistence. The Go-based malware encrypts files recursively without exclusions, uses ChaCha20-Poly1305 and Argon2id-derived keys, and self-deletes while overwriting keys to hinder recovery and forensics.
read more →

Gentlemen Ransomware Deploys Multiple EDR Killers

🛡️ ESET researchers report the Gentlemen RaaS actively develops and deploys multiple EDR-killing tools, led by a primary utility named GentleKiller with at least eight variants. These tools use BYOVD techniques and vulnerable drivers to obtain kernel privileges and disable security products from dozens of vendors. The framework permits easy driver swaps, is protected by commercial packers, and is supplemented by external tools like HexKiller, ThrottleBlood, and HavocKiller.
read more →

Cybercrime Escalates Across Asia-Pacific Amid Digitization

🛡️Interpol warns that cybercrime now accounts for 30% of crime in over half of Asia and South Pacific nations, driven by rapid digital adoption. The 2025/2026 Asia and South Pacific Cyberthreat Assessment, covering 18 countries, highlights online scams, infostealers, ransomware, deepfakes and BEC as primary threats. The report notes sharp rises in ransomware, DDoS and deepfake activity, and calls for improved cross-border collaboration and capacity building.
read more →

Lessons from 22,000 Breaches for Incident Preparedness

🔍 The 2026 Verizon DBIR analyzed over 22,000 confirmed breaches across 145 countries and concludes that organizations cannot patch fast enough to prevent every incident. Exploitation of vulnerabilities became the leading initial access vector as critical flaws and their remediation windows grew, while ransomware and third-party breaches surged. The report urges realistic, technical tabletop exercises that rehearse containment, communication, and coordination under time pressure.
read more →

Protecting Legacy OT Systems From Modern Threats

🔒 Manufacturing facilities often rely on long-running operational technology (OT) that was built for stability, not security. As IT and OT converge, previously isolated systems face increased exposure to internet-borne attacks, ransomware, and supply-chain disruption. Effective defenses start with asset visibility, careful deployment choices, network protections for agentless devices, and long-term vendor support to mitigate risks without disrupting production.
read more →

DragonForce hid C&C traffic in Microsoft Teams

🔒 Researchers report that DragonForce operators covertly used Microsoft Teams TURN relay servers to mask command-and-control traffic while infiltrating a major US services firm during a 2025 campaign. The attackers deployed a Go-based RAT, named Backdoor.Turn, which obtained anonymous Teams visitor tokens and established QUIC sessions to attacker-controlled servers. They also exploited an undocumented Huawei driver vulnerability and modified system settings to maintain persistence, exfiltrate data and deploy DragonForce ransomware.
read more →

International takedown of AudiA6 crypto laundering service

🔎 An international law enforcement operation dismantled the AudiA6 cryptocurrency laundering service, suspected of moving more than €336m for ransomware gangs and other cybercriminals between 2022 and 2025. The probe identified an industrial-scale laundering scheme that used thousands of stolen identities and money mules to obfuscate funds. Arrests, domain seizures and frozen crypto followed coordinated actions across Europe, the US and Georgia.
read more →

Analysis: The Gentlemen ransomware group's evolution

🔎 A new PRODAFT report traces The Gentlemen (aka Phantom Mantis) from an affiliate of multiple RaaS families to an independent, enterprise-focused extortion operation led by a Russian-speaking actor tracked as LARVA-368. Active since March 2025 and claiming 478 victims, the group uses AI, diverse tooling, multi-platform ransomware, and aggressive affiliate incentives while targeting VPNs, firewalls, VMware, and other internet-facing systems.
read more →

Extortion-Only Attacks Rise, Shift Focus to Data Theft

🔍 Insurers report a marked increase in extortion-only incidents where attackers rely on data theft rather than encryption. Resilience found that 65% of extortion claims in H2 2025 did not involve encryption, and data theft accounted for 87% of ransomware claims by year-end. The report warns that paying for data suppression is unreliable, with 30–40% of paid cases still resulting in leaks, and recommends prevention, tabletop exercises, and pre-incident legal and response retainers.
read more →

Why schools remain favourite cybercriminal targets

🔒 Recent ransomware incidents have shown that schools are year-round targets for cybercriminals. Evanston Township High School closed after an attack disrupted critical systems, while Powys County Council in Wales confirmed student and staff data were accessed at multiple schools. Districts are engaging external experts and notifying authorities, highlighting schools' limited budgets and reliance on networked systems.
read more →

May 2026 Cyber Attack Trends: Ransomware Surges

🔍 Check Point Research reports that global cyber-attack volumes slightly eased in May 2026, averaging 2,055 weekly attacks per organization, a 2% year‑over‑year increase but a 7% month‑over‑month decline. While overall volumes moderated, ransomware rose sharply—698 incidents, a 48% increase year‑over‑year—and GenAI-related data exposure risks expanded as enterprises adopted more tools without adequate governance. The report highlights shifting sector targets and regional variations.
read more →

Healthcare must shift from reactive to AI-driven security

🔍 Experts at Infosecurity Europe warned that healthcare organizations must adopt AI-powered security to detect and contain threats faster. Legacy devices, hyper-connectivity and alert fatigue are creating a high-risk environment where ransomware and other attacks can endanger patient safety. Speakers urged proactive measures including full device visibility, clinical-risk-based prioritization, AI-driven signal correlation and segmentation to reduce exposure.
read more →

AI tools surge in underground ransomware marketplaces

🔍 Analysis by Halcyon shows a rapid rise in AI-based tools sold across Telegram channels, dark web forums, and underground markets, with posts increasing from 38 in December 2025 to 1,486 by February 2026. The offerings fall into four groups: weaponized LLMs, AI-enabled identity fraud, AI-augmented malware/infrastructure, and jailbroken or stolen AI services. Ransomware operations are professionalising with tiered services, automation and freemium models, lowering the skill barrier for new actors while law enforcement takedowns and better enterprise defenses remain critical.
read more →

Pre-positioned Cyber Threats Targeting FIFA 2026

🛡️ Check Point Research and Exposure Management tracked a year-long rise in coordinated cyber threats aimed at FIFA World Cup 2026. Attackers have pre-positioned infrastructure across finance, travel and hospitality, and gambling, with active domains, fake apps, and social schemes ready to scale. The report highlights escalating fraud, domain impersonation, mobile-app impersonation, B2B spoofing risks, and potential operational impacts like ransomware and DDoS.
read more →

AI-built ransomware toolkit automates EDR evasion

🛡️ A threat actor used an AI-assisted ransomware toolkit to automate Active Directory discovery and iterate EDR evasion techniques. Researchers found Cursor and Claude Opus agents used for coding, analysis, testing, and checking public research for bypass methods, with some malware tested against Sophos, CrowdStrike, and Microsoft EDR products. Sophos determined the workflow was human-directed, while AI accelerated development, producing numerous payload modules and mapping techniques to MITRE ATT&CK.
read more →