What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-05-08 19:17:00 | Qilin mène avril 2025 Ransomware Spike avec 45 violations à l'aide de malware Netxloader Qilin Leads April 2025 Ransomware Spike with 45 Breaches Using NETXLOADER Malware (lien direct) |
Les acteurs de la menace ayant des liens avec la famille des ransomwares Qilin ont exploité des logiciels malveillants connus sous le nom de SmokeLoader ainsi qu'un chargeur compilé .NET auparavant sans papiers Netxloader dans le cadre d'une campagne observée en novembre 2024.
"Netxloader est un nouveau chargeur basé sur .NET qui joue un rôle essentiel dans les cyberattaques", Trend Micro Researchers Jacob Santos, Raymart Yambot, John Rainier Navato, Sarah Pearl
Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of a campaign observed in November 2024. "NETXLOADER is a new .NET-based loader that plays a critical role in cyber attacks," Trend Micro researchers Jacob Santos, Raymart Yambot, John Rainier Navato, Sarah Pearl |
Ransomware Malware Threat Prediction | ★★★ | |
|
2025-05-07 16:14:00 | Jouez à Ransomware exploité Windows CVE-2025-29824 comme zéro jour pour briser l'organisation américaine Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization (lien direct) |
Les acteurs de la menace avec des liens vers la famille des ransomwares de jeu ont exploité un défaut de sécurité récemment corrigé dans Microsoft Windows en tant que zéro-jour dans le cadre d'une attaque ciblant une organisation sans nom aux États-Unis.
L'attaque, selon l'équipe Symantec Threat Hunter, qui fait partie de Broadcom, a exploité le CVE-2025-29824, un défaut d'escalade du privilège dans le pilote du système de fichiers journaux (CLFS). Il a été corrigé par
Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE-2025-29824, a privilege escalation flaw in the Common Log File System (CLFS) driver. It was patched by |
Ransomware Vulnerability Threat | ★★★ | |
|
2025-05-06 16:55:00 | Tiers et références de machine: les pilotes silencieux derrière les pires violations de 2025 Third Parties and Machine Credentials: The Silent Drivers Behind 2025\\'s Worst Breaches (lien direct) |
Ce ne sont pas les titres des ransomwares ou les exploits de zéro-jours qui se démarquaient le plus dans le rapport des enquêtes sur les violations de données de Verizon 2025 de cette année - c'est ce qui les a alimentés. Très tranquillement, mais de manière cohérente, deux facteurs sous-jacents ont joué un rôle dans certaines des pires violations: l'exposition tierce et les abus d'identification de la machine.
Selon le DBIR 2025, l'implication des tiers dans les violations a doublé
It wasn\'t ransomware headlines or zero-day exploits that stood out most in this year\'s Verizon 2025 Data Breach Investigations Report (DBIR) - it was what fueled them. Quietly, yet consistently, two underlying factors played a role in some of the worst breaches: third-party exposure and machine credential abuse. According to the 2025 DBIR, third-party involvement in breaches doubled |
Ransomware Data Breach Vulnerability Threat | ★★★ | |
|
2025-05-03 12:36:00 | Les États-Unis facturent un pirate yéménite derrière le ransomware du Royaume noir ciblant 1 500 systèmes U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems (lien direct) |
Le département américain de la Justice (DOJ) a annoncé jeudi des accusations contre un ressortissant yéménite de 36 ans pour avoir prétendument déployé le ransomware du Royaume noir contre les cibles mondiales, y compris les entreprises, les écoles et les hôpitaux aux États-Unis.
Rami Khaled Ahmed de Sana \\ 'A, Yémen, a été accusé d'un chef de complot, d'un chef de dommage intentionnel à un ordinateur protégé et d'un
The U.S. Department of Justice (DoJ) on Thursday announced charges against a 36-year-old Yemeni national for allegedly deploying the Black Kingdom ransomware against global targets, including businesses, schools, and hospitals in the United States. Rami Khaled Ahmed of Sana\'a, Yemen, has been charged with one count of conspiracy, one count of intentional damage to a protected computer, and one |
Ransomware | ★★★ | |
|
2025-04-26 16:08:00 | Tymaker utilise Lagtoy pour vendre l'accès aux gangs de ransomware de cactus pour une double extorsion ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion (lien direct) |
Les chercheurs en cybersécurité ont détaillé les activités d'un courtier d'accès initial (IAB) baptisé de jouets qui a été observé en remettant l'accès à des gangs de ransomware à double extorsion comme le cactus.
L'IAB a été évalué avec une confiance moyenne pour être un acteur de menace à motivation financière, en parcourant des systèmes vulnérables et en déploiement d'un logiciel malveillant personnalisé appelé Lagtoy (alias Houlerun).
"Lagtoy peut être
Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS. The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN). "LAGTOY can be |
Ransomware Malware Threat | ★★★ | |
|
2025-04-09 13:34:00 | PipeMagic Trojan exploite la vulnérabilité Windows Zero-Day au déploiement des ransomwares PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (lien direct) |
Microsoft a révélé qu'un défaut de sécurité désormais réglé ayant un impact sur le système de fichiers journaux communs de Windows (CLFS) a été exploité comme un jour zéro dans les attaques de ransomwares visant un petit nombre de cibles.
"Les objectifs comprennent des organisations dans les secteurs de l'information (TI) et de l'immobilier des États-Unis, le secteur financier du Venezuela, une société de logiciels espagnol et le secteur de la vente au détail en
Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets. "The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in |
Ransomware Vulnerability Threat | ★★★ | |
|
2025-03-29 09:22:00 | Ransomware Blacklock exposé après que les chercheurs ont exploité la vulnérabilité du site de fuite BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability (lien direct) |
Dans ce qui est une instance de piratage des pirates, les chasseurs de menaces ont réussi à infiltrer l'infrastructure en ligne associée à un groupe de ransomwares appelé Blacklock, en découvrant des informations cruciales sur leur modus operandi dans le processus.
Ressecurity a déclaré avoir identifié une vulnérabilité de sécurité dans le site de fuite de données (DLS) exploité par le groupe de crime électronique qui a permis d'extraire
In what\'s an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process. Resecurity said it identified a security vulnerability in the data leak site (DLS) operated by the e-crime group that made it possible to extract |
Ransomware Vulnerability Threat | ★★★ | |
|
2025-03-27 19:40:00 | Les pirates réutilisent EdRkillshifter de RansomHub \\ dans les attaques de Medusa, Bianlian et jouent Hackers Repurpose RansomHub\\'s EDRKillShifter in Medusa, BianLian, and Play Attacks (lien direct) |
Une nouvelle analyse a révélé des liens entre les affiliés de RansomHub et d'autres groupes de ransomwares comme Medusa, Bianlian et Play.
La connexion provient de l'utilisation d'un outil personnalisé conçu pour désactiver la détection et la réponse (EDR) du logiciel sur des hôtes compromis, selon ESET. L'outil de mise à mort EDR, surnommé Edrkillshifter, a d'abord été documenté comme utilisé par les acteurs de RansomHub en
A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that\'s designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used by RansomHub actors in |
Ransomware Tool | ★★★ | |
|
2025-03-26 19:13:00 | Redcurl passe de l'espionnage à des ransomwares avec un premier déploiement QWCrypt RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment (lien direct) |
Le groupe de piratage russophone appelé Redcurl a été lié à une campagne de ransomwares pour la première fois, marquant un départ dans le métier de la menace \\.
L'activité, observée par la société de cybersécurité roumaine Bitdefender, implique le déploiement d'une souche de ransomware jamais vu auparavant baptisé QWCrypt.
Redcurl, également appelé Earth Kapre et Red Wolf, a une histoire d'orchestration
The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor\'s tradecraft. The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt. RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating |
Ransomware Threat | ★★★ | |
|
2025-03-24 16:40:00 | VScode Marketplace supprime deux extensions déploiement des ransomwares à un stade précoce VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware (lien direct) |
Les chercheurs en cybersécurité ont découvert deux extensions malveillantes sur le marché du code Visual Studio (VSCOD) qui sont conçues pour déployer des ransomwares qui ont été en cours de développement à ses utilisateurs.
Les extensions, nommées "ahban.shiba" et "ahban.cychewelloworld", ont depuis été supprimées par les agents de marché du marché.
Les deux extensions, par inversionnlabs, incorporent du code conçu pour invoquer un
Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that\'s under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace maintainers. Both the extensions, per ReversingLabs, incorporate code that\'s designed to invoke a |
Ransomware | ★★ | |
|
2025-03-21 18:28:00 | MEDUSA Ransomware utilise un conducteur malveillant pour désactiver l'anti-malware avec des certificats volés Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates (lien direct) |
Les acteurs de la menace derrière l'opération Ransomware-as-a-Service (RAAS) de Medusa ont été observés à l'aide d'un conducteur malveillant doublé de l'abysworker dans le cadre d'une attaque de conducteur vulnérable (BYOVD) conçu pour désactiver les outils anti-logiciels.
Elastic Security Labs a déclaré avoir observé une attaque de ransomware MEDUSA qui a livré l'encrypteur au moyen d'un chargeur emballé à l'aide d'un packer en tant que service (PaaS (PaaS
The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver (BYOVD) attack designed to disable anti-malware tools. Elastic Security Labs said it observed a Medusa ransomware attack that delivered the encryptor by means of a loader packed using a packer-as-a-service (PaaS |
Ransomware Tool Threat | ★★★ | |
|
2025-03-19 19:20:00 | Les chats Black Basta divulgués suggèrent que les responsables russes ont aidé le leader à l'échappement de l'Arménie Leaked Black Basta Chats Suggest Russian Officials Aided Leader\\'s Escape from Armenia (lien direct) |
La trate récemment divulguée de journaux de discussion interne parmi les membres de l'opération de ransomware Black Basta a révélé des liens possibles entre le gang e-crime et les autorités russes.
La fuite, contenant plus de 200 000 messages de septembre 2023 à septembre 2024, a été publiée par un utilisateur télégramme @Exploitwhispers le mois dernier.
Selon une analyse des messages de Cybersecurity Company
The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime gang and Russian authorities. The leak, containing over 200,000 messages from September 2023 to September 2024, was published by a Telegram user @ExploitWhispers last month. According to an analysis of the messages by cybersecurity company |
Ransomware | ★★★ | |
|
2025-03-17 16:55:00 | ⚡ Recaps hebdomadaire thn: hacks de routeurs, attaques PYPI, nouveau décrypteur de ransomware, et plus ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (lien direct) |
Des campagnes sophistiquées de l'État-nation aux logiciels malveillants furtifs qui se cachent dans des endroits inattendus, le paysage de la cybersécurité de cette semaine est un rappel que les attaquants évoluent toujours. Les groupes de menaces avancés exploitent du matériel obsolète, abusant des outils légitimes pour la fraude financière et de la recherche de nouvelles façons de contourner les défenses de sécurité. Pendant ce temps, les menaces de la chaîne d'approvisionnement sont en hausse, avec l'ouverture
From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week\'s cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new ways to bypass security defenses. Meanwhile, supply chain threats are on the rise, with open-source |
Ransomware Malware Tool Threat | ★★★ | |
|
2025-03-17 16:30:00 | SANS Institute met en garde contre les nouvelles attaques de ransomwares natifs du nuage SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (lien direct) |
Le dernier rapport Palo Alto Networks Unit 42 Cloud Mense Rapport a révélé que les données sensibles se trouvent dans 66% des seaux de stockage cloud. Ces données sont vulnérables aux attaques de ransomwares. Le SANS Institute a récemment rapporté que ces attaques peuvent être effectuées en abusant des contrôles de sécurité de stockage du fournisseur de cloud \\ et des paramètres par défaut.
«Au cours des derniers mois, j'ai assisté à deux méthodes différentes pour
The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider\'s storage security controls and default settings. “In just the past few months, I have witnessed two different methods for |
Ransomware Threat Cloud | ★★★ | |
|
2025-03-14 20:37:00 | Le développeur présumé israélien de Lockbit Rostislav Panev a été extradé aux États-Unis pour des accusations de cybercriminalité Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges (lien direct) |
Un ressortissant russe et israélien de 51 ans qui serait un développeur du Lockbit Ransomware Group a été extradé aux États-Unis, près de trois mois après avoir été officiellement inculpé en relation avec le programme de crime électronique.
Rostislav Panev a déjà été arrêté en Israël en août 2024. Il aurait travaillé comme développeur pour le gang de ransomware à partir de 2019
A 51-year-old dual Russian and Israeli national who is alleged to be a developer of the LockBit ransomware group has been extradited to the United States, nearly three months after he was formally charged in connection with the e-crime scheme. Rostislav Panev was previously arrested in Israel in August 2024. He is said to have been working as a developer for the ransomware gang from 2019 |
Ransomware | ★★★ | |
|
2025-03-14 16:55:00 | Demo en direct des ransomwares: voir comment les pirates violaient les réseaux et exigent une rançon Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom (lien direct) |
Les cyber-menaces évoluent quotidiennement. Dans ce webinaire en direct, découvrez exactement comment les attaques de ransomware se déroulent de la violation initiale au moment où les pirates exigent le paiement.
Rejoignez Joseph Carson, scientifique en chef de la Sécurité de Delinea \\ et CISO consultatif, qui apporte 25 ans d'expertise en matière de sécurité des entreprises. Grâce à une démonstration en direct, il décomposera chaque étape technique d'une attaque de ransomware, vous montrant comment
Cyber threats evolve daily. In this live webinar, learn exactly how ransomware attacks unfold-from the initial breach to the moment hackers demand payment. Join Joseph Carson, Delinea\'s Chief Security Scientist and Advisory CISO, who brings 25 years of enterprise security expertise. Through a live demonstration, he will break down every technical step of a ransomware attack, showing you how |
Ransomware Technical | ★★★ | |
|
2025-03-10 15:16:00 | ⚡ Recaps hebdomadaire thn: nouvelles attaques, anciens astuces, plus grand impact ⚡ THN Weekly Recap: New Attacks, Old Tricks, Bigger Impact (lien direct) |
Les cyber-menaces aujourd'hui n'évoluent pas - ils mutent rapidement, testant la résilience de tout, des systèmes financiers mondiaux aux infrastructures critiques. Alors que la cybersécurité est confrontée à de nouveaux champs de bataille allant de l'espionnage et des ransomwares à l'État-nation à des chatbots d'IA manipulés - le paysage devient de plus en plus complexe, ce qui rend les questions vitales: quelle est la sécurité de nos environnements cloud? Peut notre
Cyber threats today don\'t just evolve-they mutate rapidly, testing the resilience of everything from global financial systems to critical infrastructure. As cybersecurity confronts new battlegrounds-ranging from nation-state espionage and ransomware to manipulated AI chatbots-the landscape becomes increasingly complex, prompting vital questions: How secure are our cloud environments? Can our |
Ransomware Cloud | ★★★ | |
|
2025-03-07 19:45:00 | Fin7, Fin8 et d'autres utilisent le chargeur Ragnar pour des opérations d'accès persistant et de ransomware FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations (lien direct) |
Les chasseurs de menaces ont fait la lumière sur une "boîte à outils de logiciels malveillants sophistiquée et évolutive" appelée Ragnar Loader qui est utilisée par divers groupes de cybercriminalité et de ransomware comme Ragnar Locker (aka Montrous Mantis), Fin7, Fin8, et Ruthless Mantis (ex-Revil).
"Le chargeur Ragnar joue un rôle clé dans le maintien de l'accès aux systèmes compromis, aidant les attaquants à rester dans des réseaux pour des opérations à long terme"
Threat hunters have shed light on a "sophisticated and evolving malware toolkit" called Ragnar Loader that\'s used by various cybercrime and ransomware groups like Ragnar Locker (aka Monstrous Mantis), FIN7, FIN8, and Ruthless Mantis (ex-REvil). "Ragnar Loader plays a key role in keeping access to compromised systems, helping attackers stay in networks for long-term operations," Swiss |
Ransomware Malware Threat | ★★★ | |
|
2025-03-06 17:45:00 | EncrypThub déploie des ransomwares et du voleur via des applications trojanisées, des services PPI et un phishing EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing (lien direct) |
L'acteur de menace financièrement motivé connu sous le nom de Encrypthub a été observé orchestrant des campagnes de phishing sophistiquées pour déployer des voleurs d'informations et des ransomwares, tout en travaillant sur un nouveau produit appelé Encryptrat.
"Encrypthub a été observé ciblant les utilisateurs d'applications populaires, en distribuant des versions trojanisées", a déclaré Uptost24 Krakenlabs dans un nouveau rapport partagé avec le
The financially motivated threat actor known as EncryptHub has been observed orchestrating sophisticated phishing campaigns to deploy information stealers and ransomware, while also working on a new product called EncryptRAT. "EncryptHub has been observed targeting users of popular applications, by distributing trojanized versions," Outpost24 KrakenLabs said in a new report shared with The |
Ransomware Threat | ★★★ | |
|
2025-03-06 17:31:00 | MEDUSA Ransomware frappe plus de 40 victimes en 2025, exige une rançon de 100 000 $ à 15 millions de dollars Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom (lien direct) |
Les acteurs de la menace derrière le Ransomware de Medusa ont réclamé près de 400 victimes depuis sa première émergence en janvier 2023, les attaques motivées financièrement témoignant d'une augmentation de 42% entre 2023 et 2024.
Au cours des deux premiers mois de 2025 seulement, le groupe a réclamé plus de 40 attaques, selon les données de l'équipe Hunter de Symantec Threat Hunter dans un rapport partagé avec le Hacker News. Le
The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks witnessing a 42% increase between 2023 and 2024. In the first two months of 2025 alone, the group has claimed over 40 attacks, according to data from the Symantec Threat Hunter Team said in a report shared with The Hacker News. The |
Ransomware Threat | ★★★ | |
|
2025-03-04 21:51:00 | Les chercheurs relient les tactiques du ransomware du cactus aux anciens affiliés de Black Basta Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates (lien direct) |
Les acteurs de menace déploient les familles de ransomware Black Basta et Cactus se sont avérées compter sur le même module de backconnect (BC) pour maintenir un contrôle persistant sur les hôtes infectés, un signe que les affiliés précédemment associés à Black Basta ont peut-être transmis à un cactus.
"Une fois infiltré, il accorde aux attaquants un large éventail de capacités de télécommande, leur permettant d'exécuter
Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect (BC) module for maintaining persistent control over infected hosts, a sign that affiliates previously associated with Black Basta may have transitioned to CACTUS. "Once infiltrated, it grants attackers a wide range of remote control capabilities, allowing them to execute |
Ransomware Threat | ★★★ | |
|
2025-03-03 19:26:00 | Les pirates exploitent la vulnérabilité du pilote du gestionnaire de partition de paragon dans les attaques de ransomwares Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (lien direct) |
Les acteurs de la menace ont exploité une vulnérabilité de sécurité dans le pilote BionTdrv.sys de Partition Manager \\ dans les attaques de ransomwares pour augmenter les privilèges et exécuter du code arbitraire.
La faille zéro-jour (CVE-2025-0289) fait partie d'un ensemble de cinq vulnérabilités découvertes par Microsoft, selon le CERT COORDINATION CENTER (CERT / CC).
"Il s'agit notamment de la cartographie arbitraire de la mémoire du noyau et
Threat actors have been exploiting a security vulnerability in Paragon Partition Manager\'s BioNTdrv.sys driver in ransomware attacks to escalate privileges and execute arbitrary code. The zero-day flaw (CVE-2025-0289) is part of a set of five vulnerabilities that was discovered by Microsoft, according to the CERT Coordination Center (CERT/CC). "These include arbitrary kernel memory mapping and |
Ransomware Vulnerability Threat | ★★★ | |
|
2025-03-03 16:30:00 | Les nouveaux groupes de ransomwares se tremblent 2025 The New Ransomware Groups Shaking Up 2025 (lien direct) |
En 2024, les attaques mondiales de ransomwares ont atteint 5 414, une augmentation de 11% par rapport à 2023.
Après un démarrage lent, les attaques ont augmenté au Q2 et ont bondi au quatrième trimestre, avec 1 827 incidents (33% du total de l'année). Les actions d'application de la loi contre les grands groupes comme Lockbit ont provoqué une fragmentation, ce qui a entraîné une plus grande concurrence et une augmentation des petits gangs. Le nombre de groupes de ransomwares actifs a bondi de 40%, de 68 en 2023 à 95
In 2024, global ransomware attacks hit 5,414, an 11% increase from 2023. After a slow start, attacks spiked in Q2 and surged in Q4, with 1,827 incidents (33% of the year\'s total). Law enforcement actions against major groups like LockBit caused fragmentation, leading to more competition and a rise in smaller gangs. The number of active ransomware groups jumped 40%, from 68 in 2023 to 95 |
Ransomware Legislation | ★★★ | |
|
2025-02-26 19:24:00 | Les journaux de chat Black Basta divulgués révèlent des gains de rançon de 107 millions de dollars et des luttes de puissance interne Leaked Black Basta Chat Logs Reveal $107M Ransom Earnings and Internal Power Struggles (lien direct) |
Plus d'un an de journaux de discussion internes d'un gang de ransomware connu sous le nom de Black Basta ont été publiés en ligne dans une fuite qui offre une visibilité sans précédent dans leurs tactiques et leurs conflits internes entre ses membres.
Les conversations en langue russe sur la plate-forme de messagerie matricielle entre le 18 septembre 2023 et le 28 septembre 2024 ont été initialement divulguées le 11 février 2025 par un
More than a year\'s worth of internal chat logs from a ransomware gang known as Black Basta have been published online in a leak that provides unprecedented visibility into their tactics and internal conflicts among its members. The Russian-language chats on the Matrix messaging platform between September 18, 2023, and September 28, 2024, were initially leaked on February 11, 2025, by an |
Ransomware | ★★★ | |
|
2025-02-24 16:47:00 | Devenir à des ransomwares prêts: pourquoi la validation continue est votre meilleure défense Becoming Ransomware Ready: Why Continuous Validation Is Your Best Defense (lien direct) |
Les ransomwares ne frappent pas tout de suite - il inonde lentement vos défenses par étapes. Comme un navire subsumé avec de l'eau, l'attaque commence tranquillement, sous la surface, avec de subtils signes d'avertissement qui sont faciles à manquer. Au moment où le cryptage commence, il est trop tard pour arrêter l'inondation.
Chaque étape d'une attaque de ransomware offre une petite fenêtre pour détecter et arrêter la menace avant qu'elle soit trop tard. Le problème est
Ransomware doesn\'t hit all at once-it slowly floods your defenses in stages. Like a ship subsumed with water, the attack starts quietly, below the surface, with subtle warning signs that are easy to miss. By the time encryption starts, it\'s too late to stop the flood. Each stage of a ransomware attack offers a small window to detect and stop the threat before it\'s too late. The problem is |
Ransomware Threat | ★★★ | |
|
2025-02-20 16:51:00 | Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware (lien direct) | A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases.
The campaign, codenamed Green Nailao by Orange Cyberdefense CERT, involved the exploitation of a new-patched security flaw
A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases. The campaign, codenamed Green Nailao by Orange Cyberdefense CERT, involved the exploitation of a new-patched security flaw |
Ransomware Threat Medical | ★★★ | |
|
2025-02-14 15:47:00 | RansomHub Becomes 2024\\'s Top Ransomware Group, Hitting 600+ Organizations Globally (lien direct) | The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network\'s domain controller as part of their post-compromise strategy.
"RansomHub has targeted over 600 organizations globally, spanning sectors
The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network\'s domain controller as part of their post-compromise strategy. "RansomHub has targeted over 600 organizations globally, spanning sectors |
Ransomware Threat | ★★★ | |
|
2025-02-13 17:28:00 | RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (lien direct) | An RA World ransomware attack in November 2024 targeting an unnamed Asian software and services company involved the use of a malicious tool exclusively used by China-based cyber espionage groups, raising the possibility that the threat actor may be moonlighting as a ransomware player in an individual capacity.
"During the attack in late 2024, the attacker deployed a distinct toolset that had
An RA World ransomware attack in November 2024 targeting an unnamed Asian software and services company involved the use of a malicious tool exclusively used by China-based cyber espionage groups, raising the possibility that the threat actor may be moonlighting as a ransomware player in an individual capacity. "During the attack in late 2024, the attacker deployed a distinct toolset that had |
Ransomware Tool Threat | ★★★ | |
|
2025-02-11 12:33:00 | 8Base Ransomware Data Leak Sites Seized in International Law Enforcement Operation (lien direct) | Source: The Nation
A coordinated law enforcement operation has taken down the dark web data leak and negotiation sites associated with the 8Base ransomware gang.
Visitors to the data leak site are now greeted with a seizure banner that says: "This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor
Source: The Nation A coordinated law enforcement operation has taken down the dark web data leak and negotiation sites associated with the 8Base ransomware gang. Visitors to the data leak site are now greeted with a seizure banner that says: "This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor |
Ransomware Legislation | ★★★ | |
|
2025-02-07 10:49:00 | Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware (lien direct) | Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp\'s Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack.
The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a
Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp\'s Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack. The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a |
Ransomware Vulnerability Threat | ★★★ | |
|
2025-02-06 19:33:00 | Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023 (lien direct) | Ransomware attacks netted cybercrime groups a total of $813.5 million in 2024, a decline from $1.25 billion in 2023.
The total amount extorted during the first half of 2024 stood at $459.8 million, blockchain intelligence firm Chainalysis said, adding payment activity slumped after July 2024 by about 3.94%.
"The number of ransomware events increased into H2, but on-chain payments declined,
Ransomware attacks netted cybercrime groups a total of $813.5 million in 2024, a decline from $1.25 billion in 2023. The total amount extorted during the first half of 2024 stood at $459.8 million, blockchain intelligence firm Chainalysis said, adding payment activity slumped after July 2024 by about 3.94%. "The number of ransomware events increased into H2, but on-chain payments declined, |
Ransomware | ★★ | |
|
2025-02-06 16:30:00 | Top 3 Ransomware Threats Active in 2025 (lien direct) | You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: "Pay $2 million in Bitcoin within 48 hours or lose everything."
And the worst part is that even after paying, there\'s no guarantee you\'ll get your data back. Many victims hand over the money, only to receive nothing in return, or worse, get
You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: "Pay $2 million in Bitcoin within 48 hours or lose everything." And the worst part is that even after paying, there\'s no guarantee you\'ll get your data back. Many victims hand over the money, only to receive nothing in return, or worse, get |
Ransomware | ★★★ | |
|
2025-01-29 16:00:00 | How Interlock Ransomware Infects Healthcare Organizations (lien direct) | Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total.
This breach shows just how deeply ransomware
Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total. This breach shows just how deeply ransomware |
Ransomware Vulnerability Medical | ★★★ | |
|
2025-01-28 16:31:00 | Ransomware Targets ESXi Systems via Stealthy SSH Tunnels for C2 Operations (lien direct) | Cybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and stay under the radar.
"ESXi appliances, which are unmonitored, are increasingly exploited as a persistence mechanism and gateway to access corporate networks widely," Sygnia
Cybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and stay under the radar. "ESXi appliances, which are unmonitored, are increasingly exploited as a persistence mechanism and gateway to access corporate networks widely," Sygnia |
Ransomware | ★★★ | |
|
2025-01-23 19:30:00 | Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads (lien direct) | An analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads.
The findings come from SentinelOne, which analyzed artifacts uploaded to the VirusTotal malware scanning platform by the same submitter towards the end of December 2024.
"These two payload samples are
An analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads. The findings come from SentinelOne, which analyzed artifacts uploaded to the VirusTotal malware scanning platform by the same submitter towards the end of December 2024. "These two payload samples are |
Ransomware Malware | ★★★ | |
|
2025-01-23 11:05:00 | TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware (lien direct) | Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for cryptojacking and on-premise ransomware attacks.
"This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity," the tech giant\'s cloud division said in its 11th
Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for cryptojacking and on-premise ransomware attacks. "This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity," the tech giant\'s cloud division said in its 11th |
Ransomware Threat Cloud | ★★ | |
|
2025-01-16 12:15:00 | Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws (lien direct) | Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network.
According to GuidePoint Security, initial access is said to have been facilitated by means of a JavaScript malware downloaded named
Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network. According to GuidePoint Security, initial access is said to have been facilitated by means of a JavaScript malware downloaded named |
Ransomware Malware Threat | ★★★ | |
|
2025-01-13 17:00:00 | Ransomware on ESXi: The mechanization of virtualized attacks (lien direct) | In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly to the internet (according to Shodan), the operational and business impact of these attacks is profound.
Most of the Ransomware strands that are attacking ESXi servers nowadays, are variants of the
In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly to the internet (according to Shodan), the operational and business impact of these attacks is profound. Most of the Ransomware strands that are attacking ESXi servers nowadays, are variants of the |
Ransomware | ★★★ | |
|
2025-01-10 17:28:00 | AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics (lien direct) | Cybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date.
"The group uses double extortion tactics, combining data theft with encryption to pressure victims into paying ransoms," Check Point Research said in a new report shared with The Hacker News. "
Cybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date. "The group uses double extortion tactics, combining data theft with encryption to pressure victims into paying ransoms," Check Point Research said in a new report shared with The Hacker News. " |
Ransomware | ★★ | |
|
2025-01-09 16:14:00 | Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions (lien direct) | Ransomware isn\'t slowing down-it\'s getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, steal data, and avoid detection.The result? A 10.3% surge in encrypted attacks over the past year and some of the most shocking ransom payouts in history, including a $75 million ransom in 2024.
Are you prepared to fight back?
Join
Ransomware isn\'t slowing down-it\'s getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, steal data, and avoid detection.The result? A 10.3% surge in encrypted attacks over the past year and some of the most shocking ransom payouts in history, including a $75 million ransom in 2024. Are you prepared to fight back? Join |
Ransomware Malware | ★★★ | |
|
2024-12-21 14:52:00 | LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages (lien direct) | A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024.
Rostislav Panev, 51, was arrested in Israel earlier this August and is currently awaiting extradition, the U.S. Department of Justice (DoJ) said in a
A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel earlier this August and is currently awaiting extradition, the U.S. Department of Justice (DoJ) said in a |
Ransomware | ★★★ | |
|
2024-12-09 23:14:00 | Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering (lien direct) | The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024.
"Users within the target environment will be email bombed by the threat actor, which is often achieved by signing up the user\'s email to numerous mailing lists simultaneously," Rapid7
The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024. "Users within the target environment will be email bombed by the threat actor, which is often achieved by signing up the user\'s email to numerous mailing lists simultaneously," Rapid7 |
Ransomware Threat | ★★ | |
|
2024-11-30 12:44:00 | Wanted Russian Cybercriminal Linked to Hive and LockBit Ransomware Has Been Arrested (lien direct) | A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country.
According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt files and seek ransom in return for a decryption key.
"At present,
A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country. According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt files and seek ransom in return for a decryption key. "At present, |
Ransomware Legislation | ★★ | |
|
2024-11-27 12:50:00 | INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled (lien direct) | An INTERPOL-led operation has led to the arrest of 1,006 suspects across 19 African countries and the takedown of 134,089 malicious infrastructures and networks as part of a coordinated effort to disrupt cybercrime in the continent.
Dubbed Serengeti, the law enforcement exercise took place between September 2 and October 31, 2024, and targeted criminals behind ransomware, business email
An INTERPOL-led operation has led to the arrest of 1,006 suspects across 19 African countries and the takedown of 134,089 malicious infrastructures and networks as part of a coordinated effort to disrupt cybercrime in the continent. Dubbed Serengeti, the law enforcement exercise took place between September 2 and October 31, 2024, and targeted criminals behind ransomware, business email |
Ransomware Legislation | ★★★ | |
|
2024-11-19 15:10:00 | New \\'Helldown\\' Ransomware Variant Expands Attacks to VMware and Linux Systems (lien direct) | Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus.
"Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The Hacker News. "Given the recent development of ransomware targeting ESX, it appears that the group
Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus. "Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The Hacker News. "Given the recent development of ransomware targeting ESX, it appears that the group |
Ransomware Threat | ★★ | |
|
2024-11-18 17:06:00 | THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 - Nov 17) (lien direct) | What do hijacked websites, fake job offers, and sneaky ransomware have in common? They\'re proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people.
This week makes one thing clear: no system, no person, no organization is truly off-limits. Attackers are getting smarter, faster, and more creative-using everything from human trust to hidden flaws in
What do hijacked websites, fake job offers, and sneaky ransomware have in common? They\'re proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people. This week makes one thing clear: no system, no person, no organization is truly off-limits. Attackers are getting smarter, faster, and more creative-using everything from human trust to hidden flaws in |
Ransomware Tool Threat | ★★ | |
|
2024-11-14 17:40:00 | 5 BCDR Oversights That Leave You Exposed to Ransomware (lien direct) | Ransomware isn\'t just a buzzword; it\'s one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware attacks are not only increasing in frequency but also in sophistication, with new ransomware groups constantly emerging. Their attack methods are evolving rapidly, becoming more dangerous and damaging than ever. Almost all respondents (99.8%) in a recent
Ransomware isn\'t just a buzzword; it\'s one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware attacks are not only increasing in frequency but also in sophistication, with new ransomware groups constantly emerging. Their attack methods are evolving rapidly, becoming more dangerous and damaging than ever. Almost all respondents (99.8%) in a recent |
Ransomware | ★★ | |
|
2024-11-13 19:08:00 | Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims (lien direct) | Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware.
The decryptor is the result of a comprehensive analysis of ShrinkLocker\'s inner workings, allowing the researchers to discover a "specific window of opportunity for data recovery immediately after the removal of protectors from BitLocker-encrypted
Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware. The decryptor is the result of a comprehensive analysis of ShrinkLocker\'s inner workings, allowing the researchers to discover a "specific window of opportunity for data recovery immediately after the removal of protectors from BitLocker-encrypted |
Ransomware | ★★★ | |
|
2024-11-12 11:30:00 | New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (lien direct) | Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer.
"Ymir ransomware introduces a unique combination of technical features and tactics that enhance its effectiveness," Russian cybersecurity vendor Kaspersky said.
"Threat actors leveraged an unconventional blend
Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer. "Ymir ransomware introduces a unique combination of technical features and tactics that enhance its effectiveness," Russian cybersecurity vendor Kaspersky said. "Threat actors leveraged an unconventional blend |
Ransomware Malware Technical | ★★★ | |
|
2024-11-06 15:43:00 | Interpol perturbe plus de 22 000 serveurs malveillants dans la répression mondiale de la cybercriminalité INTERPOL Disrupts Over 22,000 Malicious Servers in Global Crackdown on Cybercrime (lien direct) |
Interpol a déclaré mardi qu'elle avait enlevé plus de 22 000 serveurs malveillants liés à diverses cybermenaces dans le cadre d'une opération mondiale.
Surnommé Opération Synergie II, l'effort coordonné s'est déroulé du 1er avril au 31 août 2024, ciblant l'infrastructure de phishware, de ransomware et d'information.
"Sur les 30 000 adresses IP suspectes identifiées, 76% ont été supprimés et 59
INTERPOL on Tuesday said it took down more than 22,000 malicious servers linked to various cyber threats as part of a global operation. Dubbed Operation Synergia II, the coordinated effort ran from April 1 to August 31, 2024, targeting phishing, ransomware, and information stealer infrastructure. "Of the approximately 30,000 suspicious IP addresses identified, 76 per cent were taken down and 59 |
Ransomware | ★★★★ |
To see everything:
Our RSS (filtrered)
