CYBERATTACKS & PRESS
Latest ransomware incidents and security newsCognizant TriZetto breach exposes health data of 3.4 million patients
TriZetto Provider Solutions, a healthcare IT company that develops software and services used by health insurers and healthcare providers, has suffered a data breach that exposed the sensitive informa...
In Other News: FBI Hacked, US Security Pro Killed in Iran War, Hijacked Cameras Used in Khamenei Strike
<p>Other noteworthy stories that might have slipped under the radar: Avira antivirus vulnerabilities, Transport for London data breach affects 10 million, Gaming cheat exposes North Korean hacker.</p>...
Phobos ransomware leader facing 20 years in prison after pleading guilty to hacking charges
Ptitsyn and several others began using the Phobos ransomware in November 2020, attacking more than 1,000 organizations around the world. He was arrested in South Korea and extradited in November 2024.
Russian Ransomware Operator Pleads Guilty in US
<p>Evgenii Ptitsyn was extradited to the United States from South Korea in November 2024.</p> <p>The post <a href="https://www.securityweek.com/russian-ransomware-operator-pleads-guilty-in-us/">Russia...
Phobos ransomware admin pleads guilty to wire fraud conspiracy
A Russian national pleaded guilty to a wire fraud conspiracy charge related to his role in administering the Phobos ransomware operation, which breached hundreds of victims worldwide. [...]
Hacker mass-mails HungerRush extortion emails to restaurant patrons
Customers of restaurants using the HungerRush point-of-sale (POS) platform say they received emails from a threat actor attempting to extort the company, warning that restaurant and customer data coul...
New LexisNexis Data Breach Confirmed After Hackers Leak Files
<p>The hackers claim to have stolen 2GB of files, including 400,000 personal information records. </p> <p>The post <a href="https://www.securityweek.com/new-lexisnexis-data-breach-confirmed-after-hack...
Mississippi medical center reopens clinics hit by ransomware attack
The University of Mississippi Medical Center (UMMC) says it has resumed normal operations, nine days after a ransomware attack blocked access to electronic medical records and took down many of its IT...
Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltr...
Law enforcement disrupts tomb ransomware infrastructure
International law enforcement operation seizes servers and domains used by tomb ransomware group.
hurricanegroup leaks 100GB of data from Acme Corp
The hurricanegroup ransomware group has published 2000GB of stolen data from Acme Corp after ransom negotiations failed.
Life Mirrors Art: Ransomware Hits Hospitals on TV & IRL
HBO's "The Pitt" is showing audiences what a real Mississippi healthcare system is going through this week, thanks to a ransomware attack.
The Case for Why Better Breach Transparency Matters
It's become a standard practice for organizations to disclose the bare minimum about a data breach, or worse — not disclose the incident at all.
ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories
Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update. Behind the scenes, the tac...
Expert Recommends: Prepare for PQC Right Now
Introduction: Steal It Today, Break It in a Decade Digital evolution is unstoppable, and though the pace may vary, things tend to fall into place sooner rather than later. That, of course, applies to ...
RAMP Forum Seizure Fractures Ransomware Ecosystem
Researchers suggest defenders monitor how these malicious groups re-form and leverage the useful threat intel to guide their next moves.
Lazarus Group Picks a New Poison: Medusa Ransomware
The North Korean threat group also leveraged Comebacker backdoor, Blindingcan RAT, and info stealer Infohook in its recent attacks.
Major healthcare company Samsung Electronics hit by ransomware attack
Samsung Electronics confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
600+ FortiGate Devices Hacked by AI-Armed Amateur
A Russian-speaking hacker used generative AI to compromise the FortiGate firewalls, targeting credentials and backups for possible follow-on ransomware attacks.
Law enforcement disrupts hornetlock ransomware infrastructure
International law enforcement operation seizes servers and domains used by hornetlock ransomware group.
manufacturing sector targeted in new ra_world campaign
Multiple manufacturing organizations across Japan report being targeted by ra_world ransomware in coordinated attacks.
Law enforcement disrupts cicada3301 ransomware infrastructure
International law enforcement operation seizes servers and domains used by cicada3301 ransomware group.
hunters_v2 exploits zero-day vulnerability in PaperCut MF
Security researchers confirm hunters_v2 is actively exploiting a critical vulnerability in Progress WS_FTP to deploy ransomware.
Latin America's Cyber Maturity Lags Threat Landscape
The slower pace of upgrades has the unintended impact of creating a haven for attackers, especially for initial access brokers and ransomware gangs.
Law enforcement disrupts wastedlocker ransomware infrastructure
International law enforcement operation seizes servers and domains used by wastedlocker ransomware group.
hammer ransomware group claims attack on Samsung Electronics in Canada
The hammer ransomware gang has claimed responsibility for an attack on Samsung Electronics, a major technology organization in Canada. The group threatens to publish stolen data.
healthcare sector targeted in new daransom campaign
Multiple healthcare organizations across Australia report being targeted by daransom ransomware in coordinated attacks.
typhon ransomware group claims attack on Acme Corp in Netherlands
The typhon ransomware gang has claimed responsibility for an attack on Acme Corp, a major telecommunications organization in Netherlands. The group threatens to publish stolen data.
arcusmedia ransomware group claims attack on Southwest Airlines in Brazil
The arcusmedia ransomware gang has claimed responsibility for an attack on Southwest Airlines, a major retail organization in Brazil. The group threatens to publish stolen data.
Major retail company Southwest Airlines hit by ransomware attack
Southwest Airlines confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Please Don’t Feed the Scattered Lapsus ShinyHunters
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swattin...
technology sector targeted in new thanatos campaign
Multiple technology organizations across Germany report being targeted by thanatos ransomware in coordinated attacks.
thanatos exploits zero-day vulnerability in Cisco ASA
Security researchers confirm thanatos is actively exploiting a critical vulnerability in SonicWall SMA to deploy ransomware.
kappa exploits zero-day vulnerability in Cisco ASA
Security researchers confirm kappa is actively exploiting a critical vulnerability in Cisco ASA to deploy ransomware.
castorbreach exploits zero-day vulnerability in Atlassian Confluence
Security researchers confirm castorbreach is actively exploiting a critical vulnerability in Progress WS_FTP to deploy ransomware.
siren ransomware: New variant uses safe mode encryption to evade detection
Researchers at BleepingComputer have identified a new siren variant that employs living-off-the-land binaries to bypass security controls.
telecommunications sector targeted in new tsunami campaign
Multiple telecommunications organizations across Netherlands report being targeted by tsunami ransomware in coordinated attacks.
transportation sector targeted in new daransom campaign
Multiple transportation organizations across Canada report being targeted by daransom ransomware in coordinated attacks.
Ransomware attacks surge 60% in Q1 2024
New report shows ransomware attacks increased 60% compared to the previous quarter. thorstrike remains the most active group.
Nestle SA pays $10M ransom to titanium
Nestle SA reportedly paid $1.5 million to titanium ransomware operators. The attack affected operations for 9 days.
Major technology company Samsung Electronics hit by ransomware attack
Samsung Electronics confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
cicada3301 ransomware: New variant uses API unhooking to evade detection
Researchers at Dark Reading have identified a new cicada3301 variant that employs double encryption to bypass security controls.
lichdark exploits zero-day vulnerability in Cisco ASA
Security researchers confirm lichdark is actively exploiting a critical vulnerability in MOVEit Transfer to deploy ransomware.
Major telecommunications company BMW AG hit by ransomware attack
BMW AG confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Major healthcare company Metro Systems hit by ransomware attack
Metro Systems confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
monti ransomware: New variant uses double encryption to evade detection
Researchers at BleepingComputer have identified a new monti variant that employs DLL sideloading to bypass security controls.
unsafe ransomware group claims attack on Nestle SA in Canada
The unsafe ransomware gang has claimed responsibility for an attack on Nestle SA, a major retail organization in Canada. The group threatens to publish stolen data.
Ransomware attacks surge 15% in Q2 2024
New report shows ransomware attacks increased 45% compared to the previous quarter. cicada3301 remains the most active group.
Ransomware attacks surge 60% in Q2 2026
New report shows ransomware attacks increased 45% compared to the previous quarter. electra remains the most active group.
retail sector targeted in new castorbreach campaign
Multiple retail organizations across United Kingdom report being targeted by castorbreach ransomware in coordinated attacks.
fog_v2 leaks 1000GB of data from Toyota Motor
The fog_v2 ransomware group has published 500GB of stolen data from Toyota Motor after ransom negotiations failed.
Metro Systems pays $3.5M ransom to paradoxgroup
Metro Systems reportedly paid $10 million to paradoxgroup ransomware operators. The attack affected operations for 7 days.
sexi ransomware group claims attack on European Logistics in Brazil
The sexi ransomware gang has claimed responsibility for an attack on European Logistics, a major financial organization in Brazil. The group threatens to publish stolen data.
transportation sector targeted in new sect campaign
Multiple transportation organizations across Germany report being targeted by sect ransomware in coordinated attacks.
Law enforcement disrupts sexi ransomware infrastructure
International law enforcement operation seizes servers and domains used by sexi ransomware group.
Major telecommunications company British Steel hit by ransomware attack
British Steel confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
scriptleak ransomware: New variant uses fileless execution to evade detection
Researchers at Dark Reading have identified a new scriptleak variant that employs process hollowing to bypass security controls.
Deutsche Bank AG pays $1.5M ransom to siren
Deutsche Bank AG reportedly paid $15 million to siren ransomware operators. The attack affected operations for 21 days.
Major education company American Water hit by ransomware attack
American Water confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
everest ransomware group claims attack on Roche Holding in Germany
The everest ransomware gang has claimed responsibility for an attack on Roche Holding, a major financial organization in Germany. The group threatens to publish stolen data.
ransomhouse leaks 1000GB of data from Deutsche Bank AG
The ransomhouse ransomware group has published 500GB of stolen data from Deutsche Bank AG after ransom negotiations failed.
government sector targeted in new electra campaign
Multiple government organizations across Canada report being targeted by electra ransomware in coordinated attacks.
Law enforcement disrupts hornetlock ransomware infrastructure
International law enforcement operation seizes servers and domains used by hornetlock ransomware group.
hunters_v2 leaks 200GB of data from European Logistics
The hunters_v2 ransomware group has published 200GB of stolen data from European Logistics after ransom negotiations failed.
CISA warns of active exploitation by inc_lynx ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the inc_lynx ransomware group.
Nordic Telecom pays $10M ransom to donut_leaks
Nordic Telecom reportedly paid $10 million to donut_leaks ransomware operators. The attack affected operations for 11 days.
Major education company BMW AG hit by ransomware attack
BMW AG confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Law enforcement disrupts daransom ransomware infrastructure
International law enforcement operation seizes servers and domains used by daransom ransomware group.
Major financial company Central Hospital Network hit by ransomware attack
Central Hospital Network confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Ransomware attacks surge 15% in Q4 2025
New report shows ransomware attacks increased 45% compared to the previous quarter. scriptleak remains the most active group.
Law enforcement disrupts 8base ransomware infrastructure
International law enforcement operation seizes servers and domains used by 8base ransomware group.
Law enforcement disrupts scriptleak ransomware infrastructure
International law enforcement operation seizes servers and domains used by scriptleak ransomware group.
CISA warns of active exploitation by hunters_v2 ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the hunters_v2 ransomware group.
Siemens AG pays $5M ransom to rhysida_apt
Siemens AG reportedly paid $2 million to rhysida_apt ransomware operators. The attack affected operations for 8 days.
Law enforcement disrupts titanium ransomware infrastructure
International law enforcement operation seizes servers and domains used by titanium ransomware group.
ra_world leaks 1000GB of data from Nordic Telecom
The ra_world ransomware group has published 500GB of stolen data from Nordic Telecom after ransom negotiations failed.
Major energy company Atlantic Financial Group hit by ransomware attack
Atlantic Financial Group confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Major education company Samsung Electronics hit by ransomware attack
Samsung Electronics confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Law enforcement disrupts jupiterlock ransomware infrastructure
International law enforcement operation seizes servers and domains used by jupiterlock ransomware group.
government sector targeted in new hammer campaign
Multiple government organizations across Germany report being targeted by hammer ransomware in coordinated attacks.
CISA warns of active exploitation by everest ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the everest ransomware group.
CISA warns of active exploitation by siren ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the siren ransomware group.
Ransomware attacks surge 60% in Q4 2025
New report shows ransomware attacks increased 25% compared to the previous quarter. hex remains the most active group.
rhysida_apt exploits zero-day vulnerability in Fortinet FortiGate
Security researchers confirm rhysida_apt is actively exploiting a critical vulnerability in Ivanti Connect Secure to deploy ransomware.
blackhunt leaks 200GB of data from BMW AG
The blackhunt ransomware group has published 500GB of stolen data from BMW AG after ransom negotiations failed.
rhysida_apt exploits zero-day vulnerability in Cisco ASA
Security researchers confirm rhysida_apt is actively exploiting a critical vulnerability in Cisco ASA to deploy ransomware.
Law enforcement disrupts electra ransomware infrastructure
International law enforcement operation seizes servers and domains used by electra ransomware group.
CISA warns of active exploitation by jupiterlock ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the jupiterlock ransomware group.
typhon ransomware group claims attack on National Health Services in Brazil
The typhon ransomware gang has claimed responsibility for an attack on National Health Services, a major retail organization in Brazil. The group threatens to publish stolen data.
retail sector targeted in new typhon campaign
Multiple retail organizations across Australia report being targeted by typhon ransomware in coordinated attacks.
Global Industries pays $3.5M ransom to tsunami
Global Industries reportedly paid $15 million to tsunami ransomware operators. The attack affected operations for 6 days.
sexi leaks 2000GB of data from BMW AG
The sexi ransomware group has published 1000GB of stolen data from BMW AG after ransom negotiations failed.
inc_lynx leaks 500GB of data from Siemens AG
The inc_lynx ransomware group has published 500GB of stolen data from Siemens AG after ransom negotiations failed.
arcusmedia exploits zero-day vulnerability in Citrix NetScaler
Security researchers confirm arcusmedia is actively exploiting a critical vulnerability in SonicWall SMA to deploy ransomware.
Ransomware attacks surge 60% in Q4 2026
New report shows ransomware attacks increased 35% compared to the previous quarter. vanir remains the most active group.
Deutsche Bank AG pays $2M ransom to rhysida_v2
Deutsche Bank AG reportedly paid $10 million to rhysida_v2 ransomware operators. The attack affected operations for 10 days.
Roche Holding pays $15M ransom to daransom
Roche Holding reportedly paid $3.5 million to daransom ransomware operators. The attack affected operations for 10 days.
financial sector targeted in new scriptleak campaign
Multiple financial organizations across Japan report being targeted by scriptleak ransomware in coordinated attacks.
Ransomware attacks surge 25% in Q1 2026
New report shows ransomware attacks increased 25% compared to the previous quarter. storm0501 remains the most active group.
CISA warns of active exploitation by trinity ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the trinity ransomware group.
8base leaks 100GB of data from Continental Energy
The 8base ransomware group has published 500GB of stolen data from Continental Energy after ransom negotiations failed.
Central Hospital Network pays $8M ransom to metaencryptor
Central Hospital Network reportedly paid $10 million to metaencryptor ransomware operators. The attack affected operations for 3 days.
Major transportation company Global Industries hit by ransomware attack
Global Industries confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
jupiterlock ransomware: New variant uses double encryption to evade detection
Researchers at The Hacker News have identified a new jupiterlock variant that employs fileless execution to bypass security controls.
8base exploits zero-day vulnerability in Microsoft Exchange
Security researchers confirm 8base is actively exploiting a critical vulnerability in Citrix NetScaler to deploy ransomware.
Samsung Electronics pays $5M ransom to storm0501
Samsung Electronics reportedly paid $2 million to storm0501 ransomware operators. The attack affected operations for 28 days.
Major technology company Atlantic Financial Group hit by ransomware attack
Atlantic Financial Group confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
hex ransomware: New variant uses API unhooking to evade detection
Researchers at BBC News have identified a new hex variant that employs double encryption to bypass security controls.
Major manufacturing company European Logistics hit by ransomware attack
European Logistics confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Major financial company National Health Services hit by ransomware attack
National Health Services confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
CISA warns of active exploitation by sect ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the sect ransomware group.
technology sector targeted in new rhysida_v2 campaign
Multiple technology organizations across Japan report being targeted by rhysida_v2 ransomware in coordinated attacks.
Ransomware attacks surge 60% in Q3 2026
New report shows ransomware attacks increased 15% compared to the previous quarter. rhysida_v2 remains the most active group.
scriptleak exploits zero-day vulnerability in Barracuda ESG
Security researchers confirm scriptleak is actively exploiting a critical vulnerability in MOVEit Transfer to deploy ransomware.
CISA warns of active exploitation by piranhared ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the piranhared ransomware group.
typhon ransomware: New variant uses process hollowing to evade detection
Researchers at Europol have identified a new typhon variant that employs DLL sideloading to bypass security controls.
Major manufacturing company Acme Corp hit by ransomware attack
Acme Corp confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
hex exploits zero-day vulnerability in Ivanti Connect Secure
Security researchers confirm hex is actively exploiting a critical vulnerability in PaperCut MF to deploy ransomware.
hex ransomware: New variant uses DLL sideloading to evade detection
Researchers at Reuters have identified a new hex variant that employs BYOVD attacks to bypass security controls.
Ransomware attacks surge 60% in Q1 2026
New report shows ransomware attacks increased 45% compared to the previous quarter. scriptleak remains the most active group.
Ransomware attacks surge 60% in Q1 2025
New report shows ransomware attacks increased 15% compared to the previous quarter. thanatos remains the most active group.
Major manufacturing company Global Industries hit by ransomware attack
Global Industries confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
BMW AG pays $2M ransom to everest
BMW AG reportedly paid $8 million to everest ransomware operators. The attack affected operations for 28 days.
Major telecommunications company Johnson & Johnson hit by ransomware attack
Johnson & Johnson confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
manufacturing sector targeted in new hornetlock campaign
Multiple manufacturing organizations across Australia report being targeted by hornetlock ransomware in coordinated attacks.
piranhared ransomware: New variant uses living-off-the-land binaries to evade detection
Researchers at FBI Flash have identified a new piranhared variant that employs API unhooking to bypass security controls.
Ransomware attacks surge 45% in Q4 2025
New report shows ransomware attacks increased 45% compared to the previous quarter. wastedlocker remains the most active group.
kappa exploits zero-day vulnerability in Ivanti Connect Secure
Security researchers confirm kappa is actively exploiting a critical vulnerability in Fortinet FortiGate to deploy ransomware.
Ransomware attacks surge 60% in Q2 2025
New report shows ransomware attacks increased 15% compared to the previous quarter. arcusmedia remains the most active group.
daransom ransomware group claims attack on Southwest Airlines in Canada
The daransom ransomware gang has claimed responsibility for an attack on Southwest Airlines, a major energy organization in Canada. The group threatens to publish stolen data.
CISA warns of active exploitation by rhysida_v2 ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the rhysida_v2 ransomware group.
tomb exploits zero-day vulnerability in VMware ESXi
Security researchers confirm tomb is actively exploiting a critical vulnerability in Atlassian Confluence to deploy ransomware.
storm0501 ransomware: New variant uses BYOVD attacks to evade detection
Researchers at Reuters have identified a new storm0501 variant that employs EDR evasion to bypass security controls.
Law enforcement disrupts wastedlocker ransomware infrastructure
International law enforcement operation seizes servers and domains used by wastedlocker ransomware group.
Law enforcement disrupts donut_leaks ransomware infrastructure
International law enforcement operation seizes servers and domains used by donut_leaks ransomware group.
Major government company Vodafone Group hit by ransomware attack
Vodafone Group confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Major education company Samsung Electronics hit by ransomware attack
Samsung Electronics confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
paradoxgroup ransomware group claims attack on European Logistics in Germany
The paradoxgroup ransomware gang has claimed responsibility for an attack on European Logistics, a major government organization in Germany. The group threatens to publish stolen data.
Law enforcement disrupts thorstrike ransomware infrastructure
International law enforcement operation seizes servers and domains used by thorstrike ransomware group.
Major retail company Nestle SA hit by ransomware attack
Nestle SA confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Major technology company Metro Systems hit by ransomware attack
Metro Systems confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Law enforcement disrupts xollam ransomware infrastructure
International law enforcement operation seizes servers and domains used by xollam ransomware group.
wastedlocker exploits zero-day vulnerability in Ivanti Connect Secure
Security researchers confirm wastedlocker is actively exploiting a critical vulnerability in VMware ESXi to deploy ransomware.
Major healthcare company British Steel hit by ransomware attack
British Steel confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
daransom ransomware group claims attack on Samsung Electronics in France
The daransom ransomware gang has claimed responsibility for an attack on Samsung Electronics, a major healthcare organization in France. The group threatens to publish stolen data.
Deutsche Bank AG pays $10M ransom to daransom
Deutsche Bank AG reportedly paid $5 million to daransom ransomware operators. The attack affected operations for 5 days.
Ransomware attacks surge 45% in Q3 2026
New report shows ransomware attacks increased 60% compared to the previous quarter. hex remains the most active group.
famine ransomware group claims attack on Nestle SA in France
The famine ransomware gang has claimed responsibility for an attack on Nestle SA, a major education organization in France. The group threatens to publish stolen data.
paradoxgroup leaks 100GB of data from BMW AG
The paradoxgroup ransomware group has published 50GB of stolen data from BMW AG after ransom negotiations failed.
Nestle SA pays $22M ransom to hurricanegroup
Nestle SA reportedly paid $15 million to hurricanegroup ransomware operators. The attack affected operations for 28 days.
Major financial company Central Hospital Network hit by ransomware attack
Central Hospital Network confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Major financial company Roche Holding hit by ransomware attack
Roche Holding confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
monti ransomware: New variant uses safe mode encryption to evade detection
Researchers at FBI Flash have identified a new monti variant that employs process hollowing to bypass security controls.
retail sector targeted in new noctis campaign
Multiple retail organizations across France report being targeted by noctis ransomware in coordinated attacks.
CISA warns of active exploitation by paradoxgroup ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the paradoxgroup ransomware group.
retail sector targeted in new noctis campaign
Multiple retail organizations across Germany report being targeted by noctis ransomware in coordinated attacks.
hornetlock ransomware: New variant uses fileless execution to evade detection
Researchers at Sophos News have identified a new hornetlock variant that employs intermittent encryption to bypass security controls.
Ransomware attacks surge 60% in Q1 2026
New report shows ransomware attacks increased 60% compared to the previous quarter. xollam remains the most active group.
Law enforcement disrupts thanatos ransomware infrastructure
International law enforcement operation seizes servers and domains used by thanatos ransomware group.
Nordic Telecom pays $5M ransom to funklocker
Nordic Telecom reportedly paid $1.5 million to funklocker ransomware operators. The attack affected operations for 15 days.
trinity ransomware: New variant uses EDR evasion to evade detection
Researchers at The Hacker News have identified a new trinity variant that employs BYOVD attacks to bypass security controls.
8base ransomware group claims attack on European Logistics in United Kingdom
The 8base ransomware gang has claimed responsibility for an attack on European Logistics, a major healthcare organization in United Kingdom. The group threatens to publish stolen data.
transportation sector targeted in new rhysida_apt campaign
Multiple transportation organizations across Netherlands report being targeted by rhysida_apt ransomware in coordinated attacks.
unsafe exploits zero-day vulnerability in Barracuda ESG
Security researchers confirm unsafe is actively exploiting a critical vulnerability in VMware ESXi to deploy ransomware.
kappa ransomware group claims attack on Toyota Motor in Netherlands
The kappa ransomware gang has claimed responsibility for an attack on Toyota Motor, a major government organization in Netherlands. The group threatens to publish stolen data.
Major technology company Shell PLC hit by ransomware attack
Shell PLC confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Ransomware attacks surge 35% in Q4 2025
New report shows ransomware attacks increased 60% compared to the previous quarter. embargo_rust remains the most active group.
Law enforcement disrupts lambdateam ransomware infrastructure
International law enforcement operation seizes servers and domains used by lambdateam ransomware group.
manufacturing sector targeted in new embargo_rust campaign
Multiple manufacturing organizations across United Kingdom report being targeted by embargo_rust ransomware in coordinated attacks.
Ransomware attacks surge 25% in Q2 2024
New report shows ransomware attacks increased 25% compared to the previous quarter. castorbreach remains the most active group.
8base exploits zero-day vulnerability in VMware ESXi
Security researchers confirm 8base is actively exploiting a critical vulnerability in Citrix NetScaler to deploy ransomware.
Ransomware attacks surge 35% in Q2 2025
New report shows ransomware attacks increased 60% compared to the previous quarter. monti remains the most active group.
Law enforcement disrupts funklocker ransomware infrastructure
International law enforcement operation seizes servers and domains used by funklocker ransomware group.
Ransomware attacks surge 60% in Q2 2026
New report shows ransomware attacks increased 35% compared to the previous quarter. thorstrike remains the most active group.
Pacific Manufacturing pays $1.5M ransom to sexi
Pacific Manufacturing reportedly paid $15 million to sexi ransomware operators. The attack affected operations for 17 days.
energy sector targeted in new kappa campaign
Multiple energy organizations across Germany report being targeted by kappa ransomware in coordinated attacks.
CISA warns of active exploitation by blackhunt ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the blackhunt ransomware group.
monti ransomware group claims attack on European Logistics in United States
The monti ransomware gang has claimed responsibility for an attack on European Logistics, a major government organization in United States. The group threatens to publish stolen data.
Deutsche Bank AG pays $5M ransom to trinity
Deutsche Bank AG reportedly paid $3.5 million to trinity ransomware operators. The attack affected operations for 17 days.
Siemens AG pays $5M ransom to hunters_v2
Siemens AG reportedly paid $3.5 million to hunters_v2 ransomware operators. The attack affected operations for 15 days.
ra_world exploits zero-day vulnerability in SonicWall SMA
Security researchers confirm ra_world is actively exploiting a critical vulnerability in VMware ESXi to deploy ransomware.
siren leaks 2000GB of data from Siemens AG
The siren ransomware group has published 1000GB of stolen data from Siemens AG after ransom negotiations failed.
Major technology company BASF SE hit by ransomware attack
BASF SE confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
storm0501 ransomware group claims attack on Nordic Telecom in Japan
The storm0501 ransomware gang has claimed responsibility for an attack on Nordic Telecom, a major government organization in Japan. The group threatens to publish stolen data.
storm0501 exploits zero-day vulnerability in MOVEit Transfer
Security researchers confirm storm0501 is actively exploiting a critical vulnerability in Progress WS_FTP to deploy ransomware.
hex leaks 500GB of data from Central Hospital Network
The hex ransomware group has published 1000GB of stolen data from Central Hospital Network after ransom negotiations failed.
Ransomware attacks surge 60% in Q3 2026
New report shows ransomware attacks increased 45% compared to the previous quarter. hammer remains the most active group.
CISA warns of active exploitation by monti ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the monti ransomware group.
CISA warns of active exploitation by storm0501 ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the storm0501 ransomware group.
Ransomware attacks surge 45% in Q2 2026
New report shows ransomware attacks increased 25% compared to the previous quarter. sect remains the most active group.
hammer exploits zero-day vulnerability in MOVEit Transfer
Security researchers confirm hammer is actively exploiting a critical vulnerability in Ivanti Connect Secure to deploy ransomware.
famine exploits zero-day vulnerability in MOVEit Transfer
Security researchers confirm famine is actively exploiting a critical vulnerability in Barracuda ESG to deploy ransomware.
CISA warns of active exploitation by donut_leaks ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the donut_leaks ransomware group.
education sector targeted in new metaencryptor campaign
Multiple education organizations across Australia report being targeted by metaencryptor ransomware in coordinated attacks.
hurricanegroup exploits zero-day vulnerability in Citrix NetScaler
Security researchers confirm hurricanegroup is actively exploiting a critical vulnerability in Atlassian Confluence to deploy ransomware.
Major retail company Nordic Telecom hit by ransomware attack
Nordic Telecom confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
fog_v2 ransomware: New variant uses living-off-the-land binaries to evade detection
Researchers at FBI Flash have identified a new fog_v2 variant that employs safe mode encryption to bypass security controls.
arcusmedia exploits zero-day vulnerability in PaperCut MF
Security researchers confirm arcusmedia is actively exploiting a critical vulnerability in VMware ESXi to deploy ransomware.
storm0501 leaks 100GB of data from BASF SE
The storm0501 ransomware group has published 100GB of stolen data from BASF SE after ransom negotiations failed.
hammer ransomware group claims attack on BASF SE in Netherlands
The hammer ransomware gang has claimed responsibility for an attack on BASF SE, a major telecommunications organization in Netherlands. The group threatens to publish stolen data.
CISA warns of active exploitation by ra_world ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the ra_world ransomware group.
government sector targeted in new castorbreach campaign
Multiple government organizations across France report being targeted by castorbreach ransomware in coordinated attacks.
cicada3301 exploits zero-day vulnerability in Citrix NetScaler
Security researchers confirm cicada3301 is actively exploiting a critical vulnerability in Atlassian Confluence to deploy ransomware.
Johnson & Johnson pays $15M ransom to famine
Johnson & Johnson reportedly paid $3.5 million to famine ransomware operators. The attack affected operations for 9 days.
ransomhouse leaks 100GB of data from Siemens AG
The ransomhouse ransomware group has published 50GB of stolen data from Siemens AG after ransom negotiations failed.
Major technology company Metro Systems hit by ransomware attack
Metro Systems confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
funklocker exploits zero-day vulnerability in Microsoft Exchange
Security researchers confirm funklocker is actively exploiting a critical vulnerability in MOVEit Transfer to deploy ransomware.
thanatos leaks 2000GB of data from Pacific Manufacturing
The thanatos ransomware group has published 50GB of stolen data from Pacific Manufacturing after ransom negotiations failed.
CISA warns of active exploitation by donut_leaks ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the donut_leaks ransomware group.
Ransomware attacks surge 35% in Q4 2025
New report shows ransomware attacks increased 15% compared to the previous quarter. thorstrike remains the most active group.
lambdateam exploits zero-day vulnerability in Fortinet FortiGate
Security researchers confirm lambdateam is actively exploiting a critical vulnerability in Barracuda ESG to deploy ransomware.
Major financial company BASF SE hit by ransomware attack
BASF SE confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Major energy company British Steel hit by ransomware attack
British Steel confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Ransomware attacks surge 60% in Q2 2024
New report shows ransomware attacks increased 25% compared to the previous quarter. xollam remains the most active group.
sect ransomware: New variant uses living-off-the-land binaries to evade detection
Researchers at BleepingComputer have identified a new sect variant that employs process hollowing to bypass security controls.
CISA warns of active exploitation by sexi ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the sexi ransomware group.
government sector targeted in new lambdateam campaign
Multiple government organizations across Germany report being targeted by lambdateam ransomware in coordinated attacks.
CISA warns of active exploitation by rhysida_v2 ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the rhysida_v2 ransomware group.
hornetlock ransomware group claims attack on Deutsche Bank AG in Brazil
The hornetlock ransomware gang has claimed responsibility for an attack on Deutsche Bank AG, a major manufacturing organization in Brazil. The group threatens to publish stolen data.
energy sector targeted in new piranhared campaign
Multiple energy organizations across Italy report being targeted by piranhared ransomware in coordinated attacks.
8base ransomware: New variant uses BYOVD attacks to evade detection
Researchers at Microsoft Security have identified a new 8base variant that employs EDR evasion to bypass security controls.
Ransomware attacks surge 35% in Q4 2025
New report shows ransomware attacks increased 45% compared to the previous quarter. vanir remains the most active group.
CISA warns of active exploitation by atlasattack ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the atlasattack ransomware group.
BASF SE pays $8M ransom to monti
BASF SE reportedly paid $22 million to monti ransomware operators. The attack affected operations for 17 days.
Vodafone Group pays $3.5M ransom to atlas
Vodafone Group reportedly paid $10 million to atlas ransomware operators. The attack affected operations for 17 days.
telecommunications sector targeted in new storm0501 campaign
Multiple telecommunications organizations across Netherlands report being targeted by storm0501 ransomware in coordinated attacks.
Central Hospital Network pays $3.5M ransom to rhysida_v2
Central Hospital Network reportedly paid $3.5 million to rhysida_v2 ransomware operators. The attack affected operations for 30 days.
sexi ransomware: New variant uses process hollowing to evade detection
Researchers at Unit 42 have identified a new sexi variant that employs double encryption to bypass security controls.
energy sector targeted in new inc_lynx campaign
Multiple energy organizations across United Kingdom report being targeted by inc_lynx ransomware in coordinated attacks.
Siemens AG pays $22M ransom to hex
Siemens AG reportedly paid $22 million to hex ransomware operators. The attack affected operations for 6 days.
lichdark leaks 1000GB of data from Nestle SA
The lichdark ransomware group has published 50GB of stolen data from Nestle SA after ransom negotiations failed.
Ransomware attacks surge 25% in Q1 2026
New report shows ransomware attacks increased 15% compared to the previous quarter. siren remains the most active group.
funklocker ransomware: New variant uses process hollowing to evade detection
Researchers at CyberScoop have identified a new funklocker variant that employs API unhooking to bypass security controls.
American Water pays $1.5M ransom to lichdark
American Water reportedly paid $15 million to lichdark ransomware operators. The attack affected operations for 27 days.
lichdark leaks 200GB of data from Deutsche Bank AG
The lichdark ransomware group has published 1000GB of stolen data from Deutsche Bank AG after ransom negotiations failed.
government sector targeted in new castorbreach campaign
Multiple government organizations across Australia report being targeted by castorbreach ransomware in coordinated attacks.
Toyota Motor pays $22M ransom to blackhunt
Toyota Motor reportedly paid $2 million to blackhunt ransomware operators. The attack affected operations for 27 days.
manufacturing sector targeted in new famine campaign
Multiple manufacturing organizations across France report being targeted by famine ransomware in coordinated attacks.
thanatos exploits zero-day vulnerability in MOVEit Transfer
Security researchers confirm thanatos is actively exploiting a critical vulnerability in Progress WS_FTP to deploy ransomware.
Law enforcement disrupts hex ransomware infrastructure
International law enforcement operation seizes servers and domains used by hex ransomware group.
CISA warns of active exploitation by vanir ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the vanir ransomware group.
Johnson & Johnson pays $2M ransom to lichdark
Johnson & Johnson reportedly paid $5 million to lichdark ransomware operators. The attack affected operations for 16 days.
castorbreach ransomware: New variant uses living-off-the-land binaries to evade detection
Researchers at FBI Flash have identified a new castorbreach variant that employs double encryption to bypass security controls.
Toyota Motor pays $5M ransom to atlasattack
Toyota Motor reportedly paid $2 million to atlasattack ransomware operators. The attack affected operations for 6 days.
Law enforcement disrupts kappa ransomware infrastructure
International law enforcement operation seizes servers and domains used by kappa ransomware group.
CISA warns of active exploitation by 8base ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the 8base ransomware group.
CISA warns of active exploitation by paradoxgroup ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the paradoxgroup ransomware group.
retail sector targeted in new noctis campaign
Multiple retail organizations across Brazil report being targeted by noctis ransomware in coordinated attacks.
hurricanegroup ransomware group claims attack on Pacific Manufacturing in United Kingdom
The hurricanegroup ransomware gang has claimed responsibility for an attack on Pacific Manufacturing, a major education organization in United Kingdom. The group threatens to publish stolen data.
CISA warns of active exploitation by cicada3301 ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the cicada3301 ransomware group.
Law enforcement disrupts wastedlocker ransomware infrastructure
International law enforcement operation seizes servers and domains used by wastedlocker ransomware group.
Major financial company Toyota Motor hit by ransomware attack
Toyota Motor confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
CISA warns of active exploitation by hex ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the hex ransomware group.
CISA warns of active exploitation by funklocker ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the funklocker ransomware group.
trinity leaks 200GB of data from Roche Holding
The trinity ransomware group has published 1000GB of stolen data from Roche Holding after ransom negotiations failed.
government sector targeted in new fog_v2 campaign
Multiple government organizations across Australia report being targeted by fog_v2 ransomware in coordinated attacks.
famine ransomware group claims attack on Toyota Motor in Canada
The famine ransomware gang has claimed responsibility for an attack on Toyota Motor, a major telecommunications organization in Canada. The group threatens to publish stolen data.
Major education company National Health Services hit by ransomware attack
National Health Services confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Major retail company Global Industries hit by ransomware attack
Global Industries confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
funklocker ransomware: New variant uses double encryption to evade detection
Researchers at Unit 42 have identified a new funklocker variant that employs double encryption to bypass security controls.
BMW AG pays $2M ransom to rhysida_v2
BMW AG reportedly paid $22 million to rhysida_v2 ransomware operators. The attack affected operations for 15 days.
Major telecommunications company European Logistics hit by ransomware attack
European Logistics confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
energy sector targeted in new cicada3301 campaign
Multiple energy organizations across Australia report being targeted by cicada3301 ransomware in coordinated attacks.
CISA warns of active exploitation by ra_world ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the ra_world ransomware group.
famine ransomware group claims attack on Continental Energy in Japan
The famine ransomware gang has claimed responsibility for an attack on Continental Energy, a major manufacturing organization in Japan. The group threatens to publish stolen data.
Law enforcement disrupts piranhared ransomware infrastructure
International law enforcement operation seizes servers and domains used by piranhared ransomware group.
Ransomware attacks surge 15% in Q1 2024
New report shows ransomware attacks increased 45% compared to the previous quarter. hornetlock remains the most active group.
jupiterlock ransomware group claims attack on Atlantic Financial Group in France
The jupiterlock ransomware gang has claimed responsibility for an attack on Atlantic Financial Group, a major manufacturing organization in France. The group threatens to publish stolen data.
CISA warns of active exploitation by donut_leaks ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the donut_leaks ransomware group.
paradoxgroup exploits zero-day vulnerability in Atlassian Confluence
Security researchers confirm paradoxgroup is actively exploiting a critical vulnerability in Citrix NetScaler to deploy ransomware.
European Logistics pays $15M ransom to electra
European Logistics reportedly paid $2 million to electra ransomware operators. The attack affected operations for 21 days.
Major government company Central Hospital Network hit by ransomware attack
Central Hospital Network confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
scriptleak ransomware: New variant uses EDR evasion to evade detection
Researchers at TechCrunch have identified a new scriptleak variant that employs safe mode encryption to bypass security controls.
daransom exploits zero-day vulnerability in PaperCut MF
Security researchers confirm daransom is actively exploiting a critical vulnerability in Microsoft Exchange to deploy ransomware.
Law enforcement disrupts vanir ransomware infrastructure
International law enforcement operation seizes servers and domains used by vanir ransomware group.
Ransomware attacks surge 35% in Q4 2026
New report shows ransomware attacks increased 25% compared to the previous quarter. kappa remains the most active group.
Ransomware attacks surge 60% in Q1 2026
New report shows ransomware attacks increased 60% compared to the previous quarter. sect remains the most active group.
8base ransomware: New variant uses living-off-the-land binaries to evade detection
Researchers at BBC News have identified a new 8base variant that employs fileless execution to bypass security controls.
siren ransomware group claims attack on Acme Corp in Australia
The siren ransomware gang has claimed responsibility for an attack on Acme Corp, a major transportation organization in Australia. The group threatens to publish stolen data.
Ransomware attacks surge 60% in Q2 2025
New report shows ransomware attacks increased 15% compared to the previous quarter. jupiterlock remains the most active group.
sect exploits zero-day vulnerability in Ivanti Connect Secure
Security researchers confirm sect is actively exploiting a critical vulnerability in Microsoft Exchange to deploy ransomware.
telecommunications sector targeted in new piranhared campaign
Multiple telecommunications organizations across United Kingdom report being targeted by piranhared ransomware in coordinated attacks.
Major technology company Southwest Airlines hit by ransomware attack
Southwest Airlines confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Major telecommunications company Acme Corp hit by ransomware attack
Acme Corp confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
unsafe leaks 2000GB of data from European Logistics
The unsafe ransomware group has published 100GB of stolen data from European Logistics after ransom negotiations failed.
electra ransomware: New variant uses intermittent encryption to evade detection
Researchers at Dark Reading have identified a new electra variant that employs API unhooking to bypass security controls.
Major energy company Southwest Airlines hit by ransomware attack
Southwest Airlines confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Major energy company Samsung Electronics hit by ransomware attack
Samsung Electronics confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Ransomware attacks surge 35% in Q3 2025
New report shows ransomware attacks increased 15% compared to the previous quarter. unsafe remains the most active group.
embargo_rust leaks 500GB of data from Continental Energy
The embargo_rust ransomware group has published 500GB of stolen data from Continental Energy after ransom negotiations failed.
Nordic Telecom pays $3.5M ransom to siren
Nordic Telecom reportedly paid $8 million to siren ransomware operators. The attack affected operations for 28 days.
CISA warns of active exploitation by rhysida_v2 ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the rhysida_v2 ransomware group.
lambdateam ransomware: New variant uses EDR evasion to evade detection
Researchers at Mandiant Blog have identified a new lambdateam variant that employs BYOVD attacks to bypass security controls.
cicada3301 ransomware group claims attack on Johnson & Johnson in Australia
The cicada3301 ransomware gang has claimed responsibility for an attack on Johnson & Johnson, a major healthcare organization in Australia. The group threatens to publish stolen data.
BMW AG pays $1.5M ransom to ra_world
BMW AG reportedly paid $3.5 million to ra_world ransomware operators. The attack affected operations for 6 days.
financial sector targeted in new funklocker campaign
Multiple financial organizations across Japan report being targeted by funklocker ransomware in coordinated attacks.
typhon ransomware group claims attack on Continental Energy in United Kingdom
The typhon ransomware gang has claimed responsibility for an attack on Continental Energy, a major telecommunications organization in United Kingdom. The group threatens to publish stolen data.
transportation sector targeted in new ransomhouse campaign
Multiple transportation organizations across France report being targeted by ransomhouse ransomware in coordinated attacks.
American Water pays $1.5M ransom to rhysida_v2
American Water reportedly paid $10 million to rhysida_v2 ransomware operators. The attack affected operations for 3 days.
Major telecommunications company Samsung Electronics hit by ransomware attack
Samsung Electronics confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Major financial company Acme Corp hit by ransomware attack
Acme Corp confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Ransomware attacks surge 25% in Q2 2024
New report shows ransomware attacks increased 60% compared to the previous quarter. ransomhouse remains the most active group.
CISA warns of active exploitation by storm0501 ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the storm0501 ransomware group.
Ransomware attacks surge 45% in Q1 2026
New report shows ransomware attacks increased 60% compared to the previous quarter. blackhunt remains the most active group.
rhysida_v2 leaks 500GB of data from Shell PLC
The rhysida_v2 ransomware group has published 2000GB of stolen data from Shell PLC after ransom negotiations failed.
Law enforcement disrupts typhon ransomware infrastructure
International law enforcement operation seizes servers and domains used by typhon ransomware group.
siren ransomware group claims attack on National Health Services in Australia
The siren ransomware gang has claimed responsibility for an attack on National Health Services, a major government organization in Australia. The group threatens to publish stolen data.
unsafe leaks 200GB of data from Continental Energy
The unsafe ransomware group has published 500GB of stolen data from Continental Energy after ransom negotiations failed.
Ransomware attacks surge 25% in Q4 2026
New report shows ransomware attacks increased 25% compared to the previous quarter. arcusmedia remains the most active group.
Law enforcement disrupts thorstrike ransomware infrastructure
International law enforcement operation seizes servers and domains used by thorstrike ransomware group.
Major financial company Samsung Electronics hit by ransomware attack
Samsung Electronics confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
cicada3301 leaks 50GB of data from Shell PLC
The cicada3301 ransomware group has published 500GB of stolen data from Shell PLC after ransom negotiations failed.
rhysida_apt ransomware group claims attack on British Steel in Italy
The rhysida_apt ransomware gang has claimed responsibility for an attack on British Steel, a major retail organization in Italy. The group threatens to publish stolen data.
telecommunications sector targeted in new ra_world campaign
Multiple telecommunications organizations across France report being targeted by ra_world ransomware in coordinated attacks.
xollam ransomware: New variant uses BYOVD attacks to evade detection
Researchers at BleepingComputer have identified a new xollam variant that employs EDR evasion to bypass security controls.
Roche Holding pays $8M ransom to everest
Roche Holding reportedly paid $10 million to everest ransomware operators. The attack affected operations for 20 days.
cicada3301 leaks 1000GB of data from European Logistics
The cicada3301 ransomware group has published 200GB of stolen data from European Logistics after ransom negotiations failed.
government sector targeted in new atlasattack campaign
Multiple government organizations across Canada report being targeted by atlasattack ransomware in coordinated attacks.
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.