VulnHub

Real-time Cybersecurity News

Ransomware activity never dies, it multiplies

Help Net Security
Actively Exploited
RansomwareData BreachSymantec

Overview

Ransomware attacks surged to a record high in 2025, with attackers claiming 4,737 incidents, according to research by Symantec and Carbon Black. Despite significant disruptions to major criminal organizations, ransomware activity did not decline as expected; instead, it adapted and diversified its extortion tactics. This ongoing trend indicates that even when law enforcement intervenes, cybercriminals find ways to continue their operations. The rise in ransomware incidents poses serious risks to businesses and individuals alike, as these attacks can lead to data breaches and financial losses. Companies need to prioritize cybersecurity measures to defend against these evolving threats.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Action Required: Companies should enhance their cybersecurity protocols, conduct regular backups, and prepare incident response plans.
  • Timeline: Ongoing since 2022

Original Article Summary

Ransomware attacks kept climbing through 2025, even as major criminal groups collapsed and reformed. A new study conducted by the Symantec and Carbon Black Threat Hunter Team shows that disruption inside the ransomware economy slowed activity only briefly, while extortion methods expanded and diversified. Claimed ransomware attacks by actors operating data leak sites, 2022–2025 (Source: Symantec and Carbon Black) Record activity despite major takedowns Ransomware actors claimed 4,737 attacks in 2025, the highest annual total … More → The post Ransomware activity never dies, it multiplies appeared first on Help Net Security.

Impact

Not specified

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since 2022

Remediation

Companies should enhance their cybersecurity protocols, conduct regular backups, and prepare incident response plans.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Ransomware, Data Breach, Symantec.

Read Original Article

Related Coverage

Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics

Security Affairs

Italy's Foreign Minister Antonio Tajani announced that the country successfully thwarted a series of cyberattacks linked to a pro-Russian group known as Noname057(16). These attacks targeted various entities, including the Foreign Ministry offices, with one affecting operations in Washington, D.C. Additionally, the group aimed at disrupting websites and hotels associated with the upcoming Milano Cortina 2026 Winter Olympics. This incident highlights ongoing cybersecurity concerns related to geopolitical tensions, particularly as major international events approach. The Italian government’s proactive measures demonstrate the importance of safeguarding critical infrastructure and national security against external threats.

Feb 5, 2026

Romanian oil pipeline operator Conpet discloses cyberattack

BleepingComputer

Conpet, Romania's national oil pipeline operator, reported a cyberattack on Tuesday that disrupted its business operations and took down its website. The attack affected the company’s ability to manage its systems effectively, although details on the type of attack or the perpetrators have not been disclosed. This incident raises concerns about the security of critical infrastructure, particularly in the energy sector, where such attacks can have significant implications for supply chains and national security. As authorities investigate, it’s crucial for companies in similar sectors to review their cybersecurity measures to prevent similar disruptions in the future.

Feb 5, 2026

More than 10,000 IPs hijacked by SystemBC botnet

SCM feed for Latest

Researchers have discovered that the SystemBC botnet has hijacked over 10,000 IP addresses, indicating that the botnet is still being actively developed despite previous efforts to disrupt it through 'Operation Endgame.' This ongoing activity raises concerns for internet security, as the SystemBC botnet is known for facilitating various cybercriminal activities, including the distribution of malware. The persistence of this threat suggests that attackers are adapting and finding new ways to maintain their operations, which could lead to increased risks for businesses and individual users alike. Companies should remain vigilant and consider strengthening their defenses against such botnets to protect their networks and data.

Feb 5, 2026

Malicious Commands in GitHub Codespaces Enable RCE

Infosecurity Magazine

Recent security research has uncovered vulnerabilities in GitHub Codespaces that could allow attackers to execute malicious commands remotely. These flaws can be exploited through specially crafted repositories or pull requests, putting users and organizations that rely on this service at risk. If successfully exploited, attackers could gain unauthorized access to sensitive code or data, leading to potential data breaches or system compromises. This incident emphasizes the need for developers and companies using GitHub Codespaces to remain vigilant and implement necessary security measures to protect their environments. Users are urged to monitor for updates from GitHub regarding this issue.

Feb 5, 2026

Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign

SecurityWeek

Researchers have uncovered a sophisticated scam operation that uses artificial intelligence to clone more than 150 law firm websites. These cloned sites are designed to deceive potential clients into sharing personal information or making payments. The criminals are employing tactics like hiding behind Cloudflare to mask their identities and frequently changing their IP addresses to evade detection. This operation raises serious concerns for anyone seeking legal services online, as unsuspecting users could easily fall victim to these fraudulent sites. It highlights the growing use of AI in cybercrime and the need for increased vigilance from both consumers and cybersecurity professionals.

Feb 5, 2026

Smartphones Now Involved in Nearly Every Police Investigation

Infosecurity Magazine

According to data from Cellebrite, smartphones have become integral to almost every police investigation. This trend emphasizes the growing reliance on digital evidence in law enforcement, as officers increasingly turn to data from mobile devices to solve cases. The information gathered from these devices can include text messages, call logs, location data, and photos, all of which can provide critical insights into criminal activities. The findings suggest that as technology continues to evolve, police methods are also adapting, making digital forensics a key component in modern investigations. This shift raises important questions about privacy and data security, as the line between personal information and investigative needs becomes increasingly blurred.

Feb 5, 2026