ransomware
60 articles tagged "ransomware"
Telus Digital Suffers Massive Data Breach by ShinyHunters Group
Telus Digital, a major business process outsourcing provider, has been hit by a sophisticated cyberattack from the ShinyHunters extortion group, with reports suggesting up to one petabyte of data may have been stolen. The attack demonstrates a new breed of strategic data theft operations that use legitimate access to avoid detection.
Chicago Cybersecurity Employee Accused of $75M Ransomware Scheme
Federal prosecutors allege Angelo Martino, a former DigitalMint employee, orchestrated ransomware attacks while simultaneously negotiating ransom payments for the victims. The scheme allegedly extracted over $75 million from businesses across multiple industries through coordinated cyberattacks.
AI-Generated Malware Powers New Ransomware Campaign by Hive0163
Cybersecurity researchers have discovered that the ransomware group Hive0163 is using AI-generated malware called Slopoly to maintain persistent access during attacks. The discovery highlights how threat actors are leveraging artificial intelligence to rapidly develop new malware frameworks.
Telus Probes Cyberattack on Digital Unit by ShinyHunters
Telus Corp. is investigating a cybersecurity breach at its recently reacquired Telus Digital division, where hackers claiming to be ShinyHunters allegedly accessed systems and stole data. The telecom giant says all systems remain operational with no customer service disruptions reported.
DigitalMint Negotiator Charged in $75M Ransomware Scheme
A Florida man working as a ransomware negotiator allegedly conducted attacks on his own clients while employed at DigitalMint. Angelo John Martino III faces federal charges for extorting $75.25 million across multiple ransomware campaigns in 2023.
England Hockey Probes Ransomware Attack by AiLock Gang
England Hockey is investigating a potential data breach after the AiLock ransomware group claimed to have stolen 129GB of data from the organization. The governing body for field hockey in England is working with external specialists and law enforcement as the threat actors demand ransom payment.
Unit 42 Reports 90% of Cyberattacks Exploit Identity Weaknesses
Palo Alto Networks' Unit 42 responded to over 750 major cyber incidents in 2025, revealing that identity vulnerabilities played a material role in nearly 90% of investigations. The report highlights four major trends shaping 2026's threat landscape, including AI acceleration of attacks and supply chain exploitation.
Identity Compromise Behind 80% of Cyber Incidents, Report Shows
Field Effect's 2026 Cyber Threat Outlook reveals that more than 80% of cybersecurity incidents investigated in 2025 stemmed from cloud identity compromise, marking a significant shift in attack strategies. The report shows threat actors are increasingly bypassing traditional exploits by abusing trusted identities and collaboration platforms to gain corporate access.
Identity Compromise Behind 80% of Cyber Incidents in 2025
Field Effect's 2026 Cyber Threat Outlook reveals that more than 80% of cybersecurity incidents investigated in 2025 stemmed from cloud identity compromise, marking a significant shift in attack methods. The report shows attackers are increasingly bypassing traditional exploits by abusing trusted identities and collaboration platforms like Microsoft Teams.
Ransomware Attack Compromises Personal Data at Ngong Ping 360
Ngong Ping 360 has confirmed a ransomware attack that led to the theft of personal information affecting employees, annual pass holders, and suppliers. The company has notified authorities and expressed deep regret over the incident.
Massive Cyberattack Exposes 25 Million Client Records at Conduent
A recent cyberattack on Conduent Inc. has compromised the records of 25 million clients, raising concerns over identity theft and financial fraud. Investigations are ongoing.
Qilin Ransomware Gang Continues to Dominate the Cyber Landscape
The Qilin ransomware group remains a leading threat in cyberattacks, continuing its trend of targeting critical sectors and maintaining a significant share of ransomware incidents.
Analyzing VEN0m Ransomware: Detection, Engineering, and Recovery Insights
A recent analysis of VEN0m ransomware reveals its bypass techniques, detection challenges, and the simplicity of key recovery. This report provides a comprehensive overview of attack methodologies and defensive strategies.
Ransomware Attack Hits University of Mississippi Medical Center
The University of Mississippi Medical Center faces a ransomware attack that has led to service cancellations and concerns regarding patient data integrity. Key officials are addressing the situation amid ongoing recovery efforts.
Massive Conduent Data Breach Affects Millions; Ransomware Group Claims Theft
The Conduent data breach, one of the largest in U.S. history, affects over 25 million individuals. The Safepay ransomware group claims responsibility for stealing 8 TB of sensitive data.
Cheyenne and Arapaho Tribes Rebound from Ransomware Attack
Following a ransomware attack, the Cheyenne and Arapaho Tribes are well into their recovery, emphasizing resilience amid rising cyber threats against tribal governments. Their commitment to cybersecurity is underscored by non-negotiation with attackers.
Mississippi Medical Center Closes Clinics After Ransomware Attack
The University of Mississippi Medical Center was forced to close all clinics statewide due to a ransomware attack. Patients face delays in critical treatments as investigations continue.
New Britain Ransomware Attack Disrupts City Operations
The city of New Britain, Connecticut, faces significant disruption due to a ransomware attack, prompting a shift to manual systems. Emergency services remain intact as authorities investigate the extent of the incident.
ApolloMD Ransomware Attack Exposes 626,540 Patient Records
A ransomware incident at ApolloMD has led to the exposure of over 626,000 patient records, highlighting ongoing cybersecurity threats in healthcare. The attack's implications raise concerns about data protection practices.
CyberVolk's Ransomware Launch Exposed by Cryptographic Errors
CyberVolk's new ransomware, VolkLocker, faces complications due to significant cryptographic flaws, allowing potential victims to decrypt their data without payment. The group, linked to pro-Russian activism, encounters scrutiny as researchers unveil the issues.
Two Years After Ransomware Attack, Scottish Council Faces Recovery Challenges
Comhairle nan Eilean Siar grapples with the aftermath of a ransomware attack as key systems remain offline. The attack's impact shows the need for improved cybersecurity measures.
Advanced Ransomware 'The Gentlemen' Hits 48 Victims in Just 3 Months
The rise of 'The Gentlemen' ransomware demonstrates a new wave of cyber threats, employing sophisticated techniques and a dual-extortion strategy. This report examines its key features and alarming pace of victimization.
Colonial Pipeline Ransomware Attack: A CyOTE Analysis
The Colonial Pipeline cyber-attack on May 7, 2021, unveiled significant vulnerabilities within operational technology environments. Through the CyOTE framework, this case study examines the techniques used in the Darkside ransomware attack.
CISA Reports $42M Ransom Extracted by Akira Ransomware Gang
The Akira ransomware operation has targeted organizations globally, extracting an estimated $42 million since March 2023, prompting warnings from CISA and other federal agencies.
#StopRansomware Initiative Targets Akira Threat Actors
A joint Cybersecurity Advisory highlights the Akira ransomware threat, its impact on various sectors, and protective strategies for organizations.
#StopRansomware Initiative Highlights Akira Ransomware Threats
The Akira ransomware poses a serious threat to various sectors globally. Updated advisories provide critical information and actions for organizations to mitigate these risks.
FBI Declares Akira Ransomware Among Top Threats to US Businesses
The FBI identifies Akira as a critical ransomware threat, targeting small to medium-sized enterprises across various sectors. The group employs double-extortion tactics, emphasizing urgent cybersecurity measures.
CISA Issues Update on Akira Ransomware Threats and Tactics
CISA released an updated advisory on the Akira ransomware, detailing its evolving threats and tactics. Collaborating agencies urge organizations to bolster defenses.
Inside the Evolving Tactics of the Kraken Ransomware Group
The Kraken ransomware group has emerged as a formidable threat in the cybercrime landscape, utilizing advanced tactics and forming new alliances. Their double extortion strategy and ties to the HelloKitty group demonstrate their growing impact.
Washington Post Reveals Data Breach Affecting 10,000 Individuals
The Washington Post has acknowledged a data breach linked to Oracle, compromising information of nearly 10,000 individuals. The breach is part of a larger campaign by the Clop ransomware group.
Synnovis Confirms Data Breach Following 2024 Ransomware Incident
Synnovis has revealed a data breach resulting from a June 2024 ransomware attack, affecting patient data across multiple NHS hospitals in London. The firm's thorough investigation spanned over a year.
Canada's Critical Infrastructure Under Growing Cyber Threat as Attacks Intensify
Canadian cybersecurity officials warn of escalating cyber threats against critical infrastructure including energy, water, transportation, and healthcare systems. Attackers are using advanced techniques like AI and ransomware-as-a-service to target supply chains, industrial control systems, and operational technology, prompting recommendations for enhanced security measures and employee training.
Ransomware Group Targets Colorado Hospital, Demands $700K Ransom
A ransomware group has claimed responsibility for a cyber attack on Family Health West in Colorado, demanding $700,000 to avoid leaking stolen data. The hospital reported the incident and is working to address the situation.
Understanding the Qilin Ransomware's Tactics and Threat Landscape
The Qilin ransomware has emerged as a major threat, deploying unique methods like leveraging Windows applications to compromise sensitive data. Victims span multiple sectors, particularly manufacturing and professional services, raising alarms in cybersecurity.
Jaguar Land Rover's Ransomware Attack Costs Over A$3.7 Billion
Jaguar Land Rover's recent ransomware attack has been deemed the most costly cyber incident in UK history, resulting in losses estimated to exceed A$3.7 billion. The attack halted production for weeks, forcing significant operational challenges for the automaker and its suppliers.
LockBit 5.0 Ransomware Group Resurfaces with New Attacks
LockBit ransomware has made a powerful return with its new version 5.0, targeting organizations across multiple continents. Analysts report a rapid comeback in operations and infrastructure.
Over 200 Fraudulent Certificates Revoked Amid Rhysida Malware Attack
In October 2025, Microsoft revoked over 200 fraudulent certificates exploited in an attack by the Vanilla Tempest group. This operation specifically targeted Microsoft Teams, demonstrating significant cybersecurity risks across multiple sectors.
Microsoft Tackles Ransomware Threats Against Teams Users
Microsoft has thwarted a series of ransomware attacks aimed at Teams users by revoking over 200 malicious certificates. The threat group Vanilla Tempest was behind these attacks, utilizing deceptive tactics to compromise systems.
Capita Faces £14 Million Fine as ICO Responds to Ransomware Breach
Capita has been fined £14 million by the ICO due to a significant data breach stemming from a ransomware attack in 2023, affecting six million individuals.
August 2025 Cybersecurity Breaches: Over 17 Million Records Exposed
In August 2025, 30 major cyber incidents exposed over 17.3 million records across various sectors, including healthcare and finance. Key breaches include those at Bouygues Telecom and Salesforce.
DaVita Faces Massive Data Breach Affecting 2.7 Million Patients
DaVita has reported a major ransomware attack compromising personal information of 2.7 million individuals. The incident highlights ongoing cybersecurity challenges in healthcare.
Colonial Pipeline Cyberattack Exposed Critical Infrastructure Vulnerabilities, Sparked National Security Rethink
The May 2021 Colonial Pipeline cyberattack that caused widespread gas shortages across the U.S. East Coast marked a turning point in cybersecurity, demonstrating how ransomware can transform into a national crisis by targeting critical infrastructure. The incident exposed vulnerabilities in interconnected systems and highlighted the rise of Ransomware-as-a-Service operations, prompting experts to call for proactive security measures, zero-trust principles, and cultural changes beyond traditional compliance approaches.
BlackSuit Ransomware Takedown: Cryptocurrency Assets Seized
A multinational operation successfully recovered over $1 million in cryptocurrency linked to the BlackSuit ransomware gang. This coordinated effort involved authorities from multiple countries, highlighting the global fight against cybercrime.
Saint Paul Faces Data Breach as Ransomware Gang Publishes 43GB of Files
After refusing to pay a ransom demand, Saint Paul has been hit hard by a ransomware attack, leading to the release of 43GB of sensitive data. This incident highlights the ongoing challenges of cybersecurity for municipalities.
DaVita Data Breach 2025: Impacts, Lawsuits & Protection Tips
DaVita experienced a significant ransomware attack in March 2025, compromising over a million records. Patients and employees need to be aware of potential risks and protective measures.
Ransomware Cases Surge in Q2 2025, Social Engineering on the Rise
Coveware by Veeam's latest ransomware report reveals a sharp increase in attacks driven by social engineering and data theft, marking a major shift in tactics. Key sectors, including healthcare and professional services, bear the brunt.
Interlock Ransomware Gang Behind Saint Paul Cyberattack
Saint Paul, Minnesota, faced significant operational disruptions due to a cyberattack linked to the Interlock ransomware gang. While emergency services remain intact, the city is working to restore normalcy amid data theft claims by the attackers.
Interlock Cyberattack Hits St. Paul; Employees Scramble to Secure Data
The ransomware group Interlock claimed responsibility for a cyberattack on St. Paul, Minnesota, forcing city employees to reset passwords and scrub data amid ongoing recovery efforts.
St. Paul Cyberattack: Hackers Expose Parks and Rec Data Online
Hackers leak 43 gigabytes of Parks and Recreation data after St. Paul refuses ransom demands. City officials highlight ongoing security measures and risks.
St. Paul Government Targeted by Interlock Ransomware Gang
A significant ransomware attack has disrupted St. Paul's city operations. Mayor Melvin Carter confirms ongoing recovery efforts while the city navigates challenges.
US Authorities Shut Down BlackSuit Ransomware Linked to 450 Attacks
Federal agencies have dismantled the BlackSuit ransomware operation, linked to over 450 attacks and $370 million in ransom. The international effort illustrates the growing collaboration in cybersecurity.
Royal and BlackSuit Ransomware Gangs Extort $370 Million from 450+ U.S. Companies
The Royal and BlackSuit ransomware gangs have extorted over $370 million from more than 450 U.S. companies across critical sectors since 2022, using double-extortion tactics. Law enforcement seized BlackSuit's dark web domains in Operation Checkmate, but experts warn the group may rebrand again as Chaos ransomware, highlighting the adaptive nature of modern cybercriminal enterprises.
Ingram Micro Faces Threat of 3.5TB Data Leak by SafePay Ransomware
The SafePay ransomware group has put 3.5TB of Ingram Micro data at risk, with implications for the tech giant. Ingram Micro is working to restore operations while the threat looms.
New Gunra Ransomware Threatens Windows Systems with Double Extortion
The emergence of Gunra ransomware reveals a new wave of cyber threats targeting Windows users through sophisticated double-extortion techniques. Experts are raising alarms over its rapid spread and impact on various sectors.
GLOBAL GROUP's Ransomware Escalates Threats Across Key Platforms
GLOBAL GROUP's ransomware-as-a-service, leveraging Golang, targets multiple operating systems, showcasing both sophistication and critical operational missteps.
Joint Advisory Highlights Threat of Interlock Ransomware
The Cybersecurity and Infrastructure Security Agency, alongside key federal partners, issued an advisory focusing on the urgent threat posed by Interlock ransomware. The advisory lays out protection measures for businesses and critical infrastructure.
Durant City Council Discusses Cybersecurity Attack and Sports Festival
Durant City Council addressed a recent ransomware attack and celebrated the success of the Durant Sports Festival during last week's meeting, highlighting community resilience and growth.
AI-Driven Ransomware: GLOBAL GROUP Leverages RaaS Strategy
GLOBAL GROUP, a new ransomware-as-a-service operation, has introduced AI-powered negotiation features, rapidly claiming victims across various sectors since its 2025 launch.
Albemarle County, Virginia, Unveils Ransomware Attack Perpetrator
Albemarle County officials have revealed that INC Ransom was behind a ransomware cyberattack that compromised the internet in government offices and potentially exposed personal data.
Basketball Star Arrested for Alleged Role in Ransomware Scheme
Daniil Kasatkin, a Russian basketball player, faces serious charges in a ransomware operation affecting over 900 companies. His defense claims mistaken identity.