< ciso
brief />
Tag Banner

All news with #ransomware tag

463 articles · page 3 of 24

Semperis to Stage War Room Tabletop at Infosecurity

🛡️ Semperis will host "Enter the War Room: A Tabletop Experience" at Infosecurity Europe 2026, a 90-minute red team vs blue team simulation based on real retailer ransomware incidents. The immersive exercise places participants in a fast-moving, multi-stage cyber-attack on a fictional supermarket, testing detection, decision-making, communication and executive escalation. Attendees will work with reformed hackers and defenders from government, law enforcement and industry to identify blind spots and sharpen crisis playbooks.
read more →

Silent Ransom Group Escalates Law Firm Attacks

🔒 The FBI warns that the Silent Ransom Group (SRG), also known as Luna Moth and UNC3753, has increasingly targeted US law firms since 2023 using advanced social engineering. SRG has shifted from phishing and callback tactics to impersonating IT staff via phone and in-person visits to gain remote or physical access. Once inside, actors use legitimate tools like WinSCP or renamed Rclone to exfiltrate data without encrypting systems. The FBI recommends stronger cyber hygiene, phishing-resistant MFA, visitor verification, and limiting remote access and external drive installation on sensitive endpoints.
read more →

Analysis of The Gentlemen self‑propagating ransomware

🛡️ This Microsoft Threat Intelligence blog dissects The Gentlemen, a Go-based RaaS that combines per-file ephemeral Curve25519/XChaCha20 encryption with aggressive self-propagation across networks. The post details operator models, command-line controls, speed modes, privilege elevation via scheduled tasks, and extensive defense-evasion steps including disabling Defender, deleting shadow copies, clearing logs, and terminating backup, database, virtualization, and EDR services. Practical mitigations, Defender detections, hunting queries, and IOCs are provided for defenders and incident responders.
read more →

MyPillow and Play gang dispute over alleged breach

🛏️ The Play ransomware group claims to have stolen confidential MyPillow data and threatened a public dump, while CEO Mike Lindell denies any breach and calls the allegations politically motivated. Lindell says MyPillow stores no sensitive data internally and has received no ransom demands, attributing data handling to third parties. The Play group's leak portal set a deadline for release, leaving the truth pending until the deadline passes. The article warns that third-party handling of data still exposes organisations and individuals to meaningful risk.
read more →

Majority of CISOs Would Pay Ransom, Survey Finds

🔒 A survey of 750 CISOs in the US and UK found 58% said their organization would be willing to pay a ransom to end a ransomware incident. Experts and law enforcement advise against paying, citing encouragement of attackers and no guarantee of data recovery, but real-world evidence shows many firms still pay. Industry sources report incomplete decryption and credential exposure even after payment, while robust backups remain the best mitigation.
read more →

Global takedown of criminal VPN service First VPN

🔎 Authorities across Europe and North America announced a coordinated operation that dismantled First VPN, a criminal virtual private network service used to obscure ransomware, data theft, scanning, and DDoS activity. Led by France and the Netherlands with support from many countries and agencies since December 2021, investigators executed concurrent actions in May 2026, seizing servers, domains, and infrastructure while interviewing the service administrator. Europol and the FBI say First VPN marketed anonymity to cybercriminals on Russian-language forums, offered multiple protocols and payment methods, and provided exit nodes across 27 countries used by at least 25 ransomware groups.
read more →

European takedown targets VPN linked to crime

🛡️ European investigators dismantled First VPN in a joint operation led by France and the Netherlands, assisted by Europol and Eurojust. The service, widely promoted in Russia, was used by criminals for ransomware, fraud, and data theft to conceal identities and infrastructure. While the takedown is seen as warranted, experts warn that broad restrictions on VPNs risk harming legitimate privacy and business uses and could face legal challenges.
read more →

Microsoft Disrupts Malware-Signing-as-a-Service Operation

🔒 Microsoft says it disrupted a malware-signing-as-a-service operation, codenamed OpFauxSign, that abused Artifact Signing to produce short-lived fraudulent code-signing certificates and deliver signed malware. The company seized the SignSpace site signspace[.]cloud, took hundreds of virtual machines offline, and blocked hosting for the underlying code. Operators tied to the group, called Fox Tempest, sold signing services for $5,000–$9,000 and facilitated distribution of Rhysida ransomware and loaders like Oyster. Microsoft added the actor likely used stolen U.S. and Canadian identities to pass verification and repeatedly adapted its tradecraft as defenders revoked certificates.
read more →

FBI Issues Advisory After ShinyHunters Breach of Canvas LMS

⚠️ The FBI's IC3 issued an advisory on 15 May 2026 about the ShinyHunters extortion gang breaching an online learning management system used by US educational institutions. Although the advisory avoided naming the vendor, reporting and Instructure's confirmation made clear Canvas was affected and the company reportedly paid a ransom after receiving alleged 'shred logs'. The FBI warns victims not to engage with extortionists, enable multi‑factor authentication, and remain vigilant against phishing, harassment, and swatting; students and staff should assume their data may be exposed and await official guidance.
read more →

DACH Threats 2025: Hacktivism and Ransomware Surge

🔍 Check Point found a 124% rise in hacktivism and ransomware across Germany, Austria, and Switzerland in 2025, with Germany accounting for roughly 82% of incidents. Defacement and DDoS drove the volume—66% of events—while ransomware comprised nearly 30%, led by Akira, Qilin, and Safepay. The report highlights identity weaknesses, exposed remote services, and insufficient patching as primary enablers, and recommends MFA, patch discipline, credential monitoring, and reduced public attack surface.
read more →

Ransomware 3.0: Economics and Strategic Response in Business

🔒 Ransomware 3.0 has evolved from simple encryption to coordinated, multi-stage extortion campaigns that target operations, stolen data and public pressure. Attackers now deploy triple extortion—encryption, data exfiltration and public shaming—to maximize leverage. The insurance market is narrowing coverage with sublimits and exclusions, so organisations must pair policies with robust technical defences and rehearsed incident response aligned to NIST CSF. Boards should treat insurance as residual risk transfer, not a primary recovery plan.
read more →

Ransomware Escalates: Rising Risk of Physical Threats

🔒 Ransomware campaigns are increasingly paired with explicit threats of physical harm, with a Semperis study finding 40% of incidents involved intimidation and 46% in the US. Reported tactics include threatening notes left at homes, phone calls reciting staff addresses and identity details, and extortionists recruiting local actors to carry out violence. The FBI and vendors warn of a growing pattern — described as violence-as-a-service — and advise organisations to treat employee data as critically sensitive and update incident response plans to manage physical-threat scenarios.
read more →

West Pharmaceutical hit by cyberattack; data stolen

🔒 West Pharmaceutical Services disclosed a cyberattack detected on May 4, 2026, that resulted in data exfiltration and encryption of certain systems. The company took affected infrastructure offline globally for containment, notified law enforcement, and engaged external responders including Palo Alto Networks Unit 42. Core enterprise systems supporting shipping and manufacturing have been partially restored, but full recovery and the scope of stolen data remain under investigation.
read more →

MSPs Must Rethink Security and Recovery for Resilience

🔒 Tomorrow at 2:00 PM ET, BleepingComputer will host a live webinar titled "From phishing to fallout: Why MSPs must rethink both security and recovery," with Austin O'Saben and Adam Marget of Kaseya. The session explains why prevention alone is insufficient as AI-driven phishing, ransomware, SaaS abuse and BEC evolve faster than many defenses. It will show how attackers exploit trusted infrastructure and why organizations must combine security, backups and rapid recovery. Attendees will learn practical steps to reduce downtime and disruption.
read more →

Gentlemen RaaS Leak Reveals Modern Ransomware Risk

🔍 Check Point Research details a May 2026 compromise of The Gentlemen's backend that exposed chat logs, rosters, negotiation transcripts and tooling discussions. The leak shows a compact operation of roughly nine operators centered on a single administrator (zeta88 / hastalamuerte) who built the RaaS panel with AI coding assistants and participated in attacks. Initial access is mostly via unpatched edge devices or purchased credentials, and chain-victimization was observed. Check Point has notified law enforcement.
read more →

Foxconn Confirms Cyberattack at North American Sites

🔒 Foxconn confirmed a cyberattack affected some of its North American factories and says impacted sites are resuming normal production. The company said its cybersecurity team activated response measures to maintain continuity of operations and deliveries. Nitrogen ransomware operators claimed 8 TB of data and over 11 million documents were stolen, allegedly including files from Apple, Nvidia, Intel and Google. Foxconn has faced prior ransomware incidents.
read more →

Most CISOs Would Consider Paying Ransoms to Recover

🔒 A new report from Absolute Security finds that 58% of CISOs would realistically consider paying a ransom to restore systems after a ransomware attack. US respondents were likelier to consider payment (63%) than UK peers (47%), with legal guidance, GDPR and doubts over recovery cited as reasons. Operational downtime was viewed as the most damaging impact. The report warns organizations to invest in resilience, infrastructure and governance to reduce reliance on ransom payments.
read more →

April 2026 Cyber Threats Spike: Ransomware and GenAI Risks

📈 April 2026 saw a sharp rebound in global cyber activity, with organizations averaging 2,201 weekly attacks — a 10% month‑over‑month rise and 8% year‑over‑year. Check Point Research attributes the surge to automation, expanded cloud and GenAI exposures and attackers exploiting larger digital footprints. Education, Government and Telecommunications were among the hardest hit. Ransomware incidents and GenAI data leakage risks intensified across regions.
read more →

Instructure Pays Ransom After Canvas Data Breach Fallout

🔒 Instructure said it reached an agreement with an unauthorized actor after a breach that exposed data from its Canvas learning platform, asserting the stolen data was returned and digitally destroyed. The company said the agreement covers all impacted customers and that it believes no customers will be separately extorted. It has engaged forensic vendors, revoked credentials, rotated keys, and temporarily disabled Free‑For‑Teacher accounts while it completes its review.
read more →

Q1 2026 Ransomware: Fewer Groups, Greater Risk Worldwide

🔒 Check Point Research's Q1 2026 report finds ransomware volume near historic highs while activity consolidates around a smaller set of dominant groups. The top 10 operators now claim 71% of victims, led by Qilin, The Gentlemen, and LockBit. Consolidation raises individual incident impact and shifts attacker geography and target patterns. Defenders should prioritize prevention, exposure management, and network/cloud access controls to limit exploitation.
read more →