A recent report from Google reveals a significant shift in the ransomware landscape, indicating that attackers are increasingly focusing on data extortion rather than traditional ransom demands. This change complicates the understanding of the full scope of cybercrime and its impact on businesses and individuals. Researchers found that this evolution allows cybercriminals to extract sensitive information from victims and threaten to release it publicly if their demands are not met. This trend raises serious concerns for organizations, as it puts their data security at risk and can lead to severe reputational damage. Companies need to be more vigilant about securing their data and preparing for potential breaches, as the consequences of data extortion can be devastating.
Articles tagged "Ransomware"
Found 131 articles
BleepingComputer
England Hockey is currently investigating a potential data breach after the AiLock ransomware group included them in a list of victims on their data leak site. The governing body for field hockey in England has not disclosed specific details regarding the type of data that may have been compromised or how the breach occurred. This incident raises concerns about the security of sensitive information and the increasing targeting of sports organizations by cybercriminals. As investigations continue, England Hockey is likely assessing the extent of the breach and implementing measures to protect its data and ensure the safety of its community. This situation serves as a reminder for organizations of all sizes to remain vigilant against ransomware threats.
BleepingComputer
A new strain of malware called Slopoly has been linked to an Interlock ransomware attack, allowing attackers to infiltrate a compromised server and remain undetected for over a week. This malware is believed to be generated using AI tools, showcasing the evolving capabilities of cybercriminals. During this time, sensitive data was stolen, raising concerns for organizations that may be targeted. The incident highlights the need for enhanced security measures to detect and respond to such sophisticated attacks. Companies must remain vigilant and update their defenses to protect against similar threats in the future.
Angelo Martino, a former negotiator for DigitalMint, is accused of running ransomware attacks while simultaneously negotiating on behalf of his employer. The U.S. government claims he extorted around $75 million through these actions, effectively playing both sides of the fence. This case raises serious concerns about insider threats within organizations that deal with cryptocurrency, as it highlights the potential for employees to exploit their positions for personal gain. The implications are significant, as it calls into question the security measures companies have in place to protect against such dual-role employees. The incident also emphasizes the ongoing challenges in combating ransomware, particularly when insiders are involved.
Infosecurity Magazine
In 2025, France's National Cybersecurity Agency reported a decrease in ransomware attacks, although small and medium-sized businesses (SMBs) continued to be the primary targets. This trend suggests that while some progress may have been made in combating ransomware, these smaller organizations remain vulnerable and appealing to cybercriminals due to potentially weaker defenses. The agency's findings indicate that the need for enhanced cybersecurity measures among SMBs is still crucial. As these businesses play a vital role in the economy, ensuring their protection against ransomware is essential for overall national security. Companies must prioritize cybersecurity training and invest in robust defenses to mitigate risks.
Cognizant’s TriZetto Provider Solutions recently experienced a significant data breach, affecting the sensitive health information of over 3.4 million patients. The breach has raised concerns about the security of patient data within the healthcare sector, as TriZetto Provider Solutions is a key provider of healthcare IT solutions. At this point, no ransomware group has claimed responsibility for the incident, leaving the details of the attack somewhat unclear. The exposure of such a large volume of personal health information could have serious ramifications for those affected, including potential identity theft and privacy violations. As the investigation continues, organizations handling sensitive data are reminded to bolster their security measures to protect against similar attacks.
SCM feed for Latest
Conpet, Romania's national oil pipeline operator, has confirmed that its data was compromised due to a Qilin ransomware attack that targeted its IT infrastructure last week. This incident raises concerns about the security of critical infrastructure, as ransomware attacks can disrupt essential services and lead to significant operational challenges. While specific details about the type of data compromised haven't been disclosed, the breach highlights the ongoing risks that organizations in crucial sectors face from sophisticated cybercriminals. The attack underscores the need for robust security measures in protecting vital systems against ransomware threats. Stakeholders in the energy sector should take note and review their security protocols to prevent similar incidents.
SCM feed for Latest
Atlas Air, a major U.S. cargo airline, has publicly rejected claims made by the Everest ransomware group that it successfully breached the airline's systems and stole 1.2 terabytes of sensitive technical information, including data related to Boeing aircraft. The airline insists that its operations remain secure and that there has been no compromise of its data. The allegations by Everest raise concerns about the vulnerability of critical infrastructure in the aviation sector, particularly as ransomware attacks have become more frequent and sophisticated. If the claims were true, it could have serious implications for aviation safety and security. However, with Atlas Air's denial, the situation remains unclear, and further investigation may be necessary to determine the validity of the ransomware group's claims.
SCM feed for Latest
A recent report has pointed out the growing threat of supply chain attacks, which are increasingly becoming a common method for cybercriminals. These attacks have led to serious issues like data breaches, credential theft, and ransomware incidents, creating a self-reinforcing cycle that complicates cybersecurity efforts. Organizations that rely on third-party vendors or software are particularly vulnerable, as attackers exploit these connections to infiltrate systems. This situation emphasizes the need for companies to strengthen their supply chain security measures and ensure that their partners are also adhering to strong cybersecurity practices. As these attacks become more prevalent, the risk to sensitive data and operational integrity continues to rise, making it essential for businesses to be proactive in their defense strategies.
SCM feed for Latest
In 2024, cyberattacks involving data extortion surged to 6,800 incidents, marking a significant 63% increase from the previous year. This rise has been largely driven by the intensified activities of ransomware groups such as Qilin, Sp1d3r Hunters, and Clop. These groups are known for stealing sensitive data and then threatening to release it unless a ransom is paid. This trend poses serious risks to organizations across various sectors as they face increasing pressure to protect their data and respond to extortion demands. Companies must enhance their cybersecurity measures to mitigate these risks and safeguard their sensitive information from being exploited by cybercriminals.
SCM feed for Latest
ApolloMD, a major healthcare firm based in Georgia with operations across the U.S., disclosed a significant data breach affecting over 626,000 patients. The incident, which occurred in May, was attributed to the Qilin ransomware group. Compromised information includes sensitive data, which raises serious concerns about patient privacy and potential identity theft. As healthcare organizations increasingly face cyber threats, this breach serves as a troubling reminder of the vulnerabilities within the sector. Patients and providers alike need to be vigilant about safeguarding personal information and responding to potential fallout from such attacks.
Conpet S.A., Romania's national oil pipeline operator, has confirmed that it fell victim to a data breach involving the Qilin ransomware gang last week. The attackers managed to steal sensitive company data, although specific details about the compromised information have not been disclosed. This incident raises concerns about the security of critical infrastructure, particularly in the energy sector. As ransomware attacks continue to target essential services, it highlights the need for stronger cybersecurity measures to protect against such threats. Companies in similar sectors should take this as a warning to review their security protocols and ensure they can respond effectively to potential breaches.
SCM feed for Latest
A new strain of ransomware known as Reynolds has emerged, utilizing a method called bring your own vulnerable driver (BYOVD) to gain higher privileges on compromised systems. This technique allows attackers to disable endpoint detection and response tools, making it easier for them to operate undetected. The integration of BYOVD into this ransomware indicates a sophisticated approach to cyberattacks, as it targets existing vulnerabilities within drivers that are already part of the system. Organizations need to be vigilant about the security of their drivers and ensure that they are updated to mitigate this threat. The rise of Reynolds ransomware underscores the evolving tactics that cybercriminals are employing to bypass security measures.
Recent reports indicate that ransomware groups are shifting back to encryption-based attacks after seeing diminishing returns from data exfiltration methods. This change is largely attributed to the Clop ransomware gang, which had previously popularized attacks that focused solely on stealing data rather than encrypting it. As the effectiveness of these data-only methods declines, attackers are likely to resort to more traditional tactics that involve holding data hostage until a ransom is paid. This shift could affect a wide range of organizations, particularly those that may not have robust backup systems or incident response plans in place. The overall implications suggest that businesses need to enhance their security measures to guard against these evolving ransomware tactics.
SCM feed for Latest
A new phishing campaign linked to the Phorpiex malware is targeting users globally, delivering ransomware through emails with malicious attachments. These emails often use deceptive double extensions, such as Document.doc.lnk, to trick recipients into opening them. Once activated, the malware can spread across networks, potentially locking files and demanding ransom payments from affected organizations. This ongoing threat, active throughout 2024 and 2025, poses significant risks to businesses and individuals alike, as it can lead to the loss of sensitive data and financial resources. Users need to remain vigilant about email attachments and ensure robust security measures are in place to defend against such attacks.