Articles tagged "Ransomware"

Found 289 articles

The FortiBleed campaign has emerged as a financially driven operation linked to the INC and Lynx ransomware groups. Researchers have found that attackers behind FortiBleed are stealing credentials from FortiGate devices, which are then used for follow-up intrusions and ransomware deployment. This connection raises concerns for organizations using FortiGate products, as their credentials are being targeted for potential exploitation. The stolen credentials are actively being negotiated for ransom, indicating that companies need to be vigilant about their security practices. As this campaign develops, it poses significant risks to affected entities and highlights the need for enhanced cybersecurity measures.

Read Original

Ransomware poses a significant risk to corporate networks, particularly when sensitive files are stored on shared servers accessible via mapped network drives. Attackers can exploit a single compromised device to start encrypting files on a server, with the malicious data transfer appearing as regular network traffic. This article discusses the importance of monitoring such traffic to catch ransomware early, before it can lock down vital files. Endpoint detection tools typically focus on individual machines, but organizations need to consider broader network-level monitoring to prevent widespread damage. By addressing these vulnerabilities, companies can better protect their data and reduce the threat posed by ransomware attacks.

Read Original
Actively Exploited

The FortiBleed credential theft campaign has been tied to the operations of the INC group and Lynx ransomware, indicating that attackers are using stolen Fortinet credentials for future network attacks. This campaign has raised concerns among organizations that rely on Fortinet products, as it could lead to further intrusions into their networks. The stolen credentials can enable cybercriminals to bypass security measures, making it easier for them to deploy ransomware or steal sensitive data. Companies must be vigilant and review their security practices to mitigate the risk posed by these ongoing attacks. This incident serves as a reminder of the importance of securing credentials and monitoring for suspicious activity.

Read Original
Critical
Fake Interpol Investigation Emails Push Ransomware at Small Businesses Globally

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

Small businesses are facing a new threat from fake emails that appear to come from Interpol. These emails contain links to Proton Drive, which, when clicked, deliver ransomware to victims' systems. The ransomware encrypts files, effectively locking businesses out of their data. Additionally, the malware directs users to Tox chat, which may facilitate further malicious activity. This incident is particularly concerning as it targets smaller companies that may lack robust cybersecurity measures, making them more vulnerable to such attacks. Businesses need to be vigilant about phishing attempts and ensure they have adequate protections in place.

Read Original

The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that the BlueHammer vulnerability, identified as CVE-2026-33825, is now being exploited in ransomware attacks. This flaw allows attackers to escalate privileges within Microsoft Defender, potentially giving them SYSTEM-level access. Initially, BlueHammer was just a proof-of-concept, but it has now transitioned into a real threat actively being used by cybercriminals. Organizations using Microsoft Defender should be particularly vigilant as this vulnerability poses a significant risk to their security posture. Immediate action is required to mitigate the potential impacts of these ransomware attacks as they become more widespread.

Read Original

Recent reports have surfaced regarding the use of AI to generate recipes for illicit drugs, including cocaine, which raises serious concerns about the potential for increased drug production and trafficking. Additionally, a Russian hacking group has been implicated in a series of cyberattacks targeting various organizations, showcasing their ongoing efforts to exploit vulnerabilities for espionage and financial gain. Meanwhile, the cybersecurity group known as Scattered Spider has been linked to multiple incidents involving data breaches and ransomware attacks, further complicating the security landscape. Companies like Cisco and Amazon have also found themselves in the spotlight as new vulnerabilities have been identified in their systems, prompting urgent calls for updates and patches to safeguard user data. The combination of these threats emphasizes the need for heightened security measures across industries to protect against both physical and digital dangers.

Read Original
Actively Exploited

The Microsoft Defender vulnerability identified as CVE-2026-33825 has been actively exploited in ransomware attacks before any patches were made available. This zero-day vulnerability poses a significant risk to users of Microsoft Defender, as attackers have been able to take advantage of this flaw to deploy ransomware. The situation is urgent, as organizations using this security software may find themselves vulnerable to data breaches and financial loss. Experts strongly recommend that all users of Microsoft Defender remain vigilant and apply any available security updates as soon as they are released to mitigate potential risks. Immediate action is crucial to protect sensitive information from being compromised by malicious actors.

Read Original

The Blackfield ransomware group has targeted Nidec Corporation, a major Japanese manufacturer known for its electronic components used in automotive and computing applications. They are demanding a ransom of $2 million, indicating a serious breach that could impact the company's operations and supply chain. This incident raises concerns about the vulnerability of manufacturers in critical sectors to ransomware attacks, which can disrupt production and lead to financial losses. The situation is still developing, and it remains to be seen how Nidec will respond to this threat. Companies in similar industries should take note and ensure their cybersecurity measures are robust to prevent such attacks.

Read Original
Actively Exploited

A recent report from Report Fraud indicates that ransomware attacks significantly impacted the UK last year, with over 300 companies falling victim, more than half of which were small and medium-sized enterprises (SMEs). This surge in ransomware incidents is concerning, as these attacks often lead to significant financial losses and operational disruptions for affected businesses. The data suggests that SMEs, which may lack the resources to defend against such attacks, are particularly vulnerable. The implications are serious, as the rise in ransomware not only threatens individual companies but also poses risks to the broader economy and cybersecurity infrastructure. Experts recommend that organizations bolster their cybersecurity measures to protect against these growing threats.

Read Original

Kaspersky researchers have investigated the activities of The Gentlemen Ransomware-as-a-Service (RaaS) group, revealing their customized backdoors and evolving tactics. This group has introduced a new variant of ransomware that poses a significant threat to various organizations. The research outlines the tools and techniques used by the group, which are designed to infiltrate systems and encrypt sensitive data for ransom. Companies that rely on digital systems for operations are particularly vulnerable to these types of attacks, highlighting the need for enhanced security measures. Organizations are urged to stay informed about these developments and take proactive steps to defend against such threats.

Read Original

Jaguar Land Rover has reportedly suffered a significant cyber-attack linked to Russian hackers, with experts suggesting the involvement of Kremlin-backed groups. The attack features a new type of ransomware and was strategically timed to cause maximum disruption. Researchers noted that the hackers took steps to hide their tracks, making it difficult to trace the exact source of the attack. This incident raises concerns about the security of automotive manufacturers, as they become increasingly reliant on digital systems. The implications of such breaches could extend beyond the company, affecting supply chains and customer data security.

Read Original

Recent breaches involving third-party vendors have put educational institutions on high alert regarding the security of student data. As ransomware attacks become more common, schools and universities are increasingly recognizing the risks associated with relying on external vendors for services. These incidents have revealed vulnerabilities that can expose sensitive information, prompting institutions to strengthen their cybersecurity measures. The need for schools to assess and manage vendor risk is more crucial than ever, as attackers often target less secure third-party systems to gain access to larger networks. This situation not only threatens the privacy of students but also can lead to significant financial and reputational damage for educational organizations.

Read Original

Ransomware attacks targeting European organizations have surged in early 2026, with third-party suppliers identified as a key vulnerability. A report by Black Kite analyzed over 2,000 ransomware incidents from January 2025 to April 2026 across 31 countries, revealing that attackers are increasingly exploiting supply chains to gain access to larger organizations. This trend poses significant risks to businesses dependent on these suppliers, as a breach can lead to widespread disruption and financial loss. The convergence of rising ransomware threats, supply chain weaknesses, and evolving regulations complicates the cybersecurity landscape for European companies. Organizations are urged to strengthen their defenses, particularly around third-party vendors, to mitigate these risks.

Read Original

Mistic is a new backdoor being used by a group linked to KongTuke, aimed at maintaining long-term access to networks targeted by ransomware attacks. Security researchers from Symantec have identified Mistic in attacks primarily directed at sectors like insurance, education, IT, and professional services. This backdoor allows attackers to operate quietly over an extended period, making it a serious concern for organizations in these industries. The stealthy nature of Mistic means that it can evade detection while enabling further exploitation of compromised systems. Companies should be vigilant and enhance their security measures to prevent such intrusions.

Read Original

A new report from Black Kite reveals a significant spike in ransomware attacks across Europe, with incidents rising by more than 50% over the past year. The analysis also highlights a troubling increase in supply chain attacks, which can compromise multiple organizations through a single vulnerability. This surge in ransomware poses a serious risk to businesses, governments, and critical infrastructure, leading to potential data loss and financial damage. Companies need to be vigilant and strengthen their cybersecurity measures to protect against these escalating threats. The findings serve as a stark reminder of the ongoing challenges in cybersecurity and the need for proactive defenses.

Read Original
PreviousPage 3 of 20Next