Security news aggregator

Latest coverage for Ransomware

Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.

6 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.

Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.

Showing 6 most recent headlines Filtered view
Bank Info Security 1 year, 5 months ago

APT Groups Using Ransomware 'Smokescreen' for Espionage

Russian, Iranian and Chinese APTs Among Most Active Ransomware CollaboratorsSecurity researchers are increasingly finding it challenging to attribute cyberattacks due to surging cooperation between nation-state hackers and ransomware groups, especially for espionage purposes. They say it reflects the blurring of the lines between state-directed and criminal activities.

Bank Info Security 1 year, 5 months ago

Mental Health Provider Settles Fortra Hack Lawsuit for $7M

Breach of GoAnywhere File Transfer App at Brightline Affected 1 Million PatientsVirtual mental health provider Brightline has agreed to pay $7 million to settle a proposed class action lawsuit involving a data breach affecting about 1 million individuals stemming from the 2023 hack by ransomware gang Clop on software vendor Fortra's GoAnywhere managed file transfer application.

US, UK and Australia Target Zservers for Supporting LockBit, Other Cybercrime GroupsA Russian bulletproof hosting service used by cybercriminals including the LockBit ransomware group has been sanctioned by Australian, British and American agencies. Zservers has been advertised in criminal forums as an aid to avoid law enforcement investigations and takedowns.

Russia, China, Iran and North Korea Tapping Cybercrime Services, Google SaysThe cybercrime-as-a-service economy continues to power ransomware and other criminal enterprises, as well as serve as "an accelerant for state-sponsored hacking," collectively posing an increasing risk to Western national security, cybersecurity researchers warn.

Detained Russians Accused of Phobos Ransomware Attacks Against 1,000 OrganizationsThai police have arrested four suspected members of the 8Base ransomware-wielding gang, which authorities say has extorted $16 million in ransom payments through attacks against mostly smaller players. The four men were taken into custody in a coordinated, international law enforcement operation.

Bank Info Security 1 year, 5 months ago

Georgia Hospital, Nursing Home Notifying 120,000 of Hack

Ransomware Group Embargo Claims to Have Published 1.15TB of Hospital's Stolen DataA rural Georgia hospital and its nursing home are among several other regional healthcare entities notifying tens of thousands of patients that their information was compromised in recent hacks. Ransomware gang Embargo claims to have published 1.15 terabytes of stolen data in one of those incidents.