Security news aggregator

Latest coverage for Ransomware

Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.

6 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.

Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.

Showing 6 most recent headlines Filtered view
Bank Info Security 1 year, 3 months ago

ISMG Editors: Ransomware's Stealth vs. Spectacle Tactics

Also: Rapid7's Boardroom Shake-Up, China's Shift Tactical Cyber ShiftIn this week's update, ISMG editors unpacked stealth vs. spectacle in ransomware attacks, Rapid7’s boardroom shake-up led by activist investors, and China's shift from cyber espionage to infrastructure sabotage - driving key shifts in global cybersecurity strategy and resilience.

Bank Info Security 1 year, 3 months ago

Vampire Cosplay and Brand Revival: Ransomware in 2025

Newcomer VanHelsing and a Supposedly Revitalized LockBit Enter Victim-Hunting FrayWhile the vast majority of ransomware attacks lately trace to relatively long-running groups, researchers see new operators entering the fray, lately including a ransomware-as-a-service group calling itself VanHelsing, as well as a fresh version of LockBit.

Bank Info Security 1 year, 3 months ago

Advanced Fined 3 Million Pounds Over 2022 Ransomware Hack

UK ICO Says Advanced's Security Measures 'Fell Seriously Short'A British IT service company must pay a 3.07 million pound fine for a 2022 ransomware hack that exposed medical records of tens of thousands of National Health Service patients. Hackers breached the Advanced system through a user account that did not have multifactor authentication in place.

Bank Info Security 1 year, 3 months ago

HHS OCR Launches New Round of HIPAA Compliance Audits

Audits Focus on HIPAA Security Rule Provisions Related to Ransomware, HackingFederal regulators have quietly resumed compliance audits of HIPAA-regulated organizations. With the surge in ransomware and other hacks reported in recent years, the focus of the audits are on provisions of the HIPAA security rule most relevant to these attacks, said a government official.

Bank Info Security 1 year, 3 months ago

Medusa Ransomware Brings Its Own Vulnerable Driver

Hackers Use Stolen Certificates to Bypass Endpoint Detection and ResponseA Russian-speaking ransomware group has been deploying a malicious Windows PE driver that imitates a legitimate CrowdStrike Falcon driver to bypass endpoint security, warn researchers. The driver disables endpoint detection and response software by stripping process protections.