< ciso
brief />
Tag Banner

All news with #ransomware tag

463 articles · page 8 of 24

The Dirty Dozen: Active Ransomware Groups Today 2026

🔒Ransomware-as-a-service (RaaS) has driven a rise in financially motivated attacks, combining double and triple extortion, data theft, and growing use of AI. Law enforcement disruptions have fragmented the marketplace and helped spawn new players such as Akira, BlackCat, and RansomHub. Attackers exploit unpatched VPNs, open RDP, phishing, and zero-day flaws to hit healthcare, manufacturing, education, telecom and critical infrastructure.
read more →

Ransomware Shift: From Loud Disruption to Stealth Tactics

🔒 Ransomware operators are shifting from noisy, disruptive attacks to covert, long-term intrusions focused on data theft and extortion. Picus Security's Red-Teaming report—based on simulations and analysis of 1.1 million malware files and 15.5 million MITRE-mapped actions—finds most common techniques aim to remain undetected. Adversaries increasingly chain vulnerabilities, route C2 through trusted services like OpenAI and AWS, and favor persistence over immediate encryption, though some vendors dispute a reduction in overall activity.
read more →

Termite Ransomware Breaches Tied to ClickFix, CastleRAT

🔒 Researchers at MalBeacon observed the threat actor Velvet Tempest using a ClickFix malvertising chain to trick victims into pasting obfuscated commands into the Windows Run dialog. Operators leveraged nested cmd.exe chains and legitimate utilities (including finger.exe and csc.exe) to stage loaders, compile .NET components, and deploy Python-based persistence under C:\ProgramData. The intrusion staged DonutLoader and retrieved the CastleRAT backdoor, though Termite ransomware was not deployed during the observed exercise.
read more →

Ransomware Threats Increasingly Target Education Sector

🎓 Ransomware groups have shifted from encrypting files to extortion via stolen data, putting schools and universities at higher risk. Incidents in 2025–2026 include an attack on Sapienza University of Rome in February 2026, a vocational center in Treviso and Blacon High School, causing outages and operational disruption. Affordable, set-and-forget security that blocks phishing links and automatically scans USB devices can materially reduce exposure.
read more →

Preparation and Hardening for Destructive Cyberattacks

🛡️ This article outlines practical, scalable recommendations to prepare and harden environments against destructive malware, wipers, and modified ransomware. It emphasizes resilience through verified, immutable backups, out-of-band incident communication, and prioritized recovery plans. The post recommends strengthening external-facing assets with multi-factor authentication and continuous attack-surface discovery, protecting Domain Controllers and virtualization infrastructure, and applying network and cloud segmentation alongside tuned detections. It also highlights available detections in Google SecOps and Mandiant rule packs.
read more →

Mississippi Medical Center Reopens Clinics After Ransomware

🏥 The University of Mississippi Medical Center (UMMC) says it has resumed normal operations nine days after a ransomware attack that disrupted electronic medical records and multiple IT systems. Phone lines were restored and clinics reopened with extended hours to reschedule missed appointments. UMMC is investigating the intrusion with FBI and CISA, and confirmed attackers had communicated with staff; no group has claimed responsibility.
read more →

Brute-Force Login Reveals Ransomware Infrastructure Network

🔎 The Huntress Tactical Response Team describes how a seemingly routine RDP brute-force alert exposed a larger ransomware-as-a-service ecosystem. Investigators found one successful login used from multiple geographically distributed IPs, domain enumeration activity, and unusual manual searches for credential files rather than typical credential dumping tools. Further pivots on TLS certificates and domains tied the activity to a privacy-focused VPN service and related infrastructure, and the report provides specific IOCs for defenders.
read more →

Study Finds Hackers Disrupt Operations at Many Firms

🔒 A representative survey by the Centre for European Economic Research (ZEW) found that a notable share of German companies experienced cyberattacks in 2025. In the information economy about one in seven firms and in industry about one in eight reported damage. Larger firms (100+ employees) were more frequently affected. The most common consequence was operational downtime, alongside financial losses, ransom demands, and data exfiltration.
read more →

University of Hawaii Cancer Center Data Breach Hits 1.2M

🔒 The University of Hawaii Cancer Center confirmed a ransomware breach that exposed data for nearly 1.2 million individuals after attackers accessed systems supporting its Epidemiology Division. Compromised files include names, Social Security numbers, driver's license numbers, and historical research health records collected in the 1990s and 2000s. UH says clinical operations, patient care, and student records were not affected and that it paid the actors for a decryption tool and to secure destruction of the stolen information.
read more →

Google Warns Iran Will Launch Global Cyber-Attacks

⚠ John Hultquist, chief analyst of Google’s Threat Intelligence Group, warned that Iran will "absolutely" respond to recent US and Israeli air strikes with cyber-attacks targeting a broad array of organisations across the Middle East and beyond. He said the focus will shift from well-defended states like Israel to nations with less mature security, expanding the global attack surface. Hultquist highlighted the blurred lines between state actors, criminal groups and hacktivist fronts, noting the likely use of ransomware and proxy operations by the IRGC to obfuscate attribution. The UK’s NCSC has advised organisations with Middle East ties to urgently review and strengthen their cybersecurity posture.
read more →

Hybrid Middle East Conflict Sparks Global Cyber Surge

🌐 A sharp escalation in the Middle East has entered a hybrid phase combining military strikes with large-scale cyber operations following joint Israeli–US strikes on Iran on 28 February 2026. CloudSek reported a sweeping cyber campaign that reduced Iran's internet to roughly 4% of normal capacity, disrupting government services, media and parts of energy and aviation. Security firm Halcyon warns of rising DDoS, hacktivist and ransomware activity and urges organisations to increase monitoring, enforce multi-factor authentication and maintain offline backups against supply-chain and regional spillover risks.
read more →

Ransomware revenues fall despite surge in victims globally

🔒 Chainalysis reports that total ransomware cryptocurrency payments fell 8% year-on-year to $820m in 2025, even as the number of victims surged 50% to make 2025 the most active year on record. Payment rates dropped from 63% in 2024 to 29% in 2025, while the median ransom rose 368% to $59,556. The firm attributes these shifts to improved incident response, global disruption of infrastructure and laundering networks, cryptographic flaws in strains like VolkLocker, and fragmentation of ransomware-as-a-service into numerous smaller groups.
read more →

Ransom Payments Fall as Incidents Rise, Chainalysis Finds

🔍 Chainalysis reports ransomware actors collected $820 million in 2025, a 28% decline from 2024 despite a roughly 50% rise in reported attacks year-over-year. Analysts attribute the drop to broader adherence to guidance discouraging ransom payments and to legal risks associated with payouts. At the same time, the average ransom payment jumped 368% to nearly $60,000, suggesting individual victims who do pay are settling for much larger sums to prevent data resale or exposure.
read more →

Ransomware Shift: Stealthy, Long-Term Access Tactics

🔒 Picus Security's annual red-teaming report finds ransomware operators shifting from noisy encryption to stealthy, long-term access, favoring persistence, defense evasion and data exfiltration. The firm reports a 38% drop in encryption as attackers prioritize double-extortion and silent leaks, often routing C2 traffic through trusted services like OpenAI and AWS. Experts urge stronger identity controls, monitoring of third-party integrations, and detections tuned to persistence and exfiltration.
read more →

Ransomware Payment Rate Falls to Record Low in 2025

🔒 Chainalysis reports that the proportion of ransomware victims who paid extortionists fell to a record low of 28% in 2025, even as claimed attacks rose sharply. The blockchain intelligence firm says total on-chain ransomware receipts currently total $820 million and may approach or exceed $900 million as more events are attributed. While total payment counts remained relatively stable, the median ransom surged 368% to $59,556, and analysts flagged growing fragmentation and several high-impact breaches.
read more →

Ransomware Payments Fall to Record Low as Attacks Rise

🔒 Chainalysis reports the ransomware victim payment rate fell to 28% in 2025, an all-time low, even as claimed attacks rose about 50% year-over-year. On-chain ransomware receipts totaled $820 million so far and may approach $900 million, while the median ransom jumped to $59,556, up 368% from 2024. Analysts point to improved incident response, regulatory scrutiny, law enforcement actions, and market fragmentation. The report also notes 85 active extortion groups and that initial access brokers earned roughly $14 million in 2025.
read more →

Smashing Security Podcast 456: DDoS, Ransomware Fails

🛡️ In episode 456 of Smashing Security, Graham Cluley and guest Paul Ducklin examine allegations that an internet archiving service operator weaponised its own CAPTCHA to DDoS a Finnish blogger, tampered with archive content to smear them, and issued bizarre threats about AI-generated pornography. The hosts also cover a ransomware crew that accidentally corrupted victims' decryption keys, rendering extortion efforts ineffective. The episode closes with a calm Pick of the Week and a furious rant about web forms.
read more →

Steaelite RAT Unifies Data Theft and Ransomware Tools

⚠️ Steaelite is a browser-based remote access trojan marketed on underground forums that consolidates remote access, credential harvesting, data exfiltration, and a planned ransomware module into a single management pane. Researchers at BlackFog say the toolkit includes live screen streaming, webcam and microphone access, password recovery, Defender-disable capabilities, and persistence options, and it’s been available since last November. The seller offers access as malware-as-a-service (about $200/month), and defenders are urged to prioritize stopping data exfiltration over relying solely on perimeter defenses.
read more →

Marquis Sues SonicWall Over Cloud Backup Breach Lawsuit

🔒 Marquis Software Solutions has filed suit against SonicWall, alleging gross negligence and misrepresentation after a ransomware attack on August 14, 2025 that followed a compromise of a SonicWall firewall. Investigators say the attacker accessed configuration backups stored in SonicWall’s MySonicWall cloud—an exposure Marquis attributes to an API code change in February 2025—and used configuration data and AES-256-encrypted credentials to bypass MFA. The stolen files included extensive personal and financial information; Marquis says the incident disrupted operations for 74 U.S. banks and forced the firm to defend more than 36 consumer class actions while seeking monetary damages, indemnification and equitable relief.
read more →

Types of Ransomware Attacks and Detection Methods Overview

🔒 This article profiles major ransomware varieties — including crypto, double extortion, encryptionless, locker, scareware and Ransomware-as-a-Service — and explains how they operate. It outlines common detection approaches such as behavioral, signature, heuristic, and deception techniques. The piece also situates ransomware within the broader malware landscape and describes how Huntress’ 24/7 human-led monitoring and containment reduce risk.
read more →