Angelo Martino, a former ransomware negotiator at DigitalMint, has been sentenced to 70 months in prison for his role in a scheme that extorted over $75 million from five U.S. companies. Martino misused his insider access to share confidential information with ransomware groups, aiding in their extortion efforts. This case highlights the risks associated with insider threats, particularly in the cybersecurity field, where trust is paramount. The actions of Martino not only harmed the victims financially but also potentially jeopardized their reputations and operations. The sentencing serves as a reminder of the serious consequences for those who exploit their positions for personal gain.
Articles tagged "Ransomware"
Found 289 articles
A new ransomware strain called GodDamn has emerged, targeting systems by disabling security software using a signed driver known as PoisonX. Discovered by Symantec's Threat Hunter Team, GodDamn is considered an advanced version of the Beast ransomware family, and it first appeared on May 21, 2026. The ransomware's ability to circumvent security measures poses a significant risk to organizations, as it can lead to data breaches and financial losses. The analysis of an attack in early June indicates that the group behind it is actively exploiting this vulnerability, making it imperative for companies to assess their defenses. Users and companies need to be aware of this threat and take immediate steps to bolster their security protocols.
A new ransomware strain called GodDamn has been identified by cybersecurity researchers, specifically the Threat Hunter Team at Symantec. This ransomware uses a malicious kernel driver named PoisonX to disable endpoint security measures, allowing it to operate without detection. GodDamn was first observed in the wild on May 21, 2026, and is believed to be a rebranding of an earlier ransomware known as Beast. The use of PoisonX is particularly concerning as it directly undermines the defenses that companies rely on to protect their systems. Organizations need to be vigilant and update their security protocols to defend against this new threat.
Mount Royal University has confirmed that it suffered a ransomware attack, which allowed hackers to access its internal network. During the breach, the attackers deleted two drives that contained sensitive information, including data related to employees, students, and the university itself. This incident raises significant concerns about the security of educational institutions, which often store large amounts of personal data. Affected individuals may face risks such as identity theft if their information is misused. The university's response to this breach will likely be closely watched, as it highlights ongoing vulnerabilities in the education sector regarding cybersecurity.
A small county in Ohio has reportedly paid $1 million to a cyber extortion group to prevent the public release of sensitive data that was stolen during a cyber attack. This incident highlights the ongoing challenges that local governments face in securing their data against increasingly sophisticated cybercriminals. The decision to pay the ransom raises concerns about the implications for public trust and the potential encouragement of further attacks. It also reflects a troubling trend where municipalities may feel pressured to comply with extortion demands to protect sensitive information related to their operations and residents. As ransomware attacks continue to escalate, it’s crucial for local governments to strengthen their cybersecurity measures to prevent such incidents in the future.
SCM feed for Latest
The Cybersecurity and Infrastructure Security Agency (CISA) is set to finalize a new rule under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) by September. This rule requires organizations in critical infrastructure sectors to report significant cyber incidents within 72 hours and any ransomware payments within 24 hours. This regulation aims to improve the federal government's ability to respond to cyber threats and enhance overall cybersecurity across essential services. Entities affected by this rule include those in sectors such as energy, water, transportation, and healthcare, where timely reporting can be crucial for national security and public safety. As cyber incidents continue to rise, this move underscores the need for accountability and prompt action in the face of cyberattacks.
A new form of ransomware attack, dubbed JadePuffer, has been identified as the first to fully utilize a large language model (LLM) in its execution. Attackers exploited a vulnerability in Langflow to gain unauthorized access to a production database server, successfully stealing sensitive data while also encrypting other connected systems. This incident raises concerns about the evolving tactics of cybercriminals, particularly as they adopt sophisticated AI technologies to enhance their methods. Organizations using Langflow or similar systems should be particularly vigilant and take necessary precautions to protect their data and infrastructure. The implications of this attack could be far-reaching, as it demonstrates a new level of threat that combines advanced AI capabilities with traditional ransomware techniques.
A U.S. government agency has reportedly paid $1 million to the data extortion group Kairos after the attackers gained unauthorized access to its network. The breach was facilitated through a brute-force credential attack, where hackers systematically guess passwords to gain entry. This incident raises significant concerns about the security measures in place at government entities and the growing threat posed by ransomware groups. The payment underscores the financial impact of such attacks and highlights the need for stronger cybersecurity protocols to protect sensitive government data. As ransomware attacks become more common, agencies must prioritize their defenses to prevent similar incidents in the future.
This week, several cybersecurity issues emerged, highlighting vulnerabilities in everyday technology. Home devices are being exploited as routing tools for proxy botnets, allowing attackers to route malicious traffic through unsuspecting networks. Additionally, researchers discovered that clean code can inadvertently introduce vulnerabilities through flawed dependencies. AI systems are also being misled by incorrect instructions, raising concerns about their reliability. These incidents emphasize a common theme: many systems and processes that people trust are not as secure as they should be, potentially putting users at risk. As the lines blur between convenience and security, users and developers alike must be more vigilant about the technologies they rely on.
Security Affairs
A U.S. government agency has reportedly paid $1 million to the data extortion group Kairos, according to a case study by Ransom-ISAC. This incident marks a significant shift in the tactics employed by cybercriminals, as Kairos focuses on stealing data and extorting victims instead of traditional ransomware attacks. The case study reconstructed the negotiation process using a leaked transcript and blockchain analysis to trace the ransom payment. This situation raises concerns about the security of government data and the lengths to which agencies may go to recover sensitive information. The payment also highlights the growing threat of data extortion, which can have serious implications for public trust and national security.
A U.S. government entity has reportedly paid around $1 million to a group named Kairos to prevent the release of stolen data. This situation arose from a data theft incident where sensitive files were taken, and negotiations revealed the payment through leaked chat logs and blockchain tracking. Interestingly, it appears that Kairos may not operate like traditional ransomware groups, as there is no evidence of them locking files or demanding ransom in the typical sense. This incident raises concerns about how government entities handle data breaches and the potential for attackers to exploit these situations for financial gain. The event reflects the growing challenge of data protection in the public sector and the lengths to which organizations may go to safeguard sensitive information.
Recent research has shown that attackers are using advanced AI tools, specifically Agentic AI via Langflow, to conduct sophisticated ransomware attacks. This method allows them to automate complex intrusions by combining known exploitation techniques with real-time reasoning. The implications of this development are significant; it suggests that cybercriminals can now execute multi-stage attacks with greater efficiency and less human oversight. Organizations need to be aware of these evolving tactics and bolster their defenses against such automated threats to protect sensitive data and infrastructure. As AI technology becomes more accessible, the risk of automated attacks may increase, making it crucial for companies to stay vigilant.
The Hacker News
This week's security updates reveal a series of vulnerabilities across various systems, including browsers, AI tools, and email services. Researchers discovered that many of these weaknesses stem from small permission gaps and inadequate security checks, which attackers can exploit. Notably, the article mentions the BlueHammer ransomware, which targets businesses by leveraging these types of vulnerabilities. This situation underscores the need for organizations to regularly assess their security measures and patch any identified weaknesses to prevent potential breaches. Overall, the findings serve as a reminder that even seemingly secure systems can harbor significant risks if not properly maintained.
Researchers have identified that credentials stolen from FortiGate firewalls are being misused in ransomware attacks linked to the INC and Lynx groups. This breach, known as the FortiBleed campaign, has compromised hundreds of thousands of firewall credentials, allowing attackers to launch targeted ransomware operations. This situation poses a significant risk, as organizations relying on FortiGate firewalls may find themselves vulnerable to further exploitation. Companies should take immediate action to secure their devices and monitor for unusual activity. The findings underscore the importance of maintaining strong security practices and regularly updating credentials to mitigate these risks.
Infosecurity Magazine
Bitdefender researchers have identified a new ransomware campaign where attackers are impersonating Interpol to deceive victims into downloading malicious software. These phishing emails are designed to appear legitimate, tricking recipients into believing they are receiving official communication from a global law enforcement agency. This campaign has targeted businesses worldwide, making it a significant threat as it could lead to severe financial losses and operational disruptions. Organizations should be vigilant about unusual emails and verify the sender's identity before clicking on links or downloading attachments. The use of such tactics highlights the evolving methods cybercriminals are using to exploit trust and execute their attacks.