Ransomware's Fragmentation Reaches a Breaking Point While LockBit Returns
Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date
May Database Leak Shows Ransomware Group Taking New ChancesAffiliates of beleaguered ransomware-as-a-service operation LockBit have turned toward Chinese targets, finds an analysis of a May leak of the group's admin panel. LockBit affiliates targeted 156 organizations during that time, the majority of them located in China.
'Lite Panel' Offering Easy Access to Anyone for Just $777 Confirmed by ResearcherRansomware groups continue to find innovative new ways to shake down organizations large and small in their pursuit of ransom payoffs. For the LockBit group, one tweak was to debut a "lite" version of its ransomware portal that appears to have amassed dozens of very inexperienced business partners.
Exposed data from LockBit's affiliate panel includes Bitcoin addresses, private chats with victim organizations, and user information such as credentials.
Exposes Details of Victims, 'Aggressive' Negotiations, Cryptocurrency AddressesOne year to the day after an international law enforcement operation unmasked and indicted the leader of the notorious LockBit ransomware group, a hacker has sent the group another love letter.
Cut off one head, two more grow back in its place RansomHub, the ransomware collective that emerged earlier this year, quickly gained momentum, outpacing its criminal colleagues and hitting its victims especially hard. The group named and shamed hundreds of organizations on its leak site, while demanding exorbitant payments across various industries.…
Also: Interpol Says 'Pig Butchering' Shames Victims, A Data Leak Scandal in MexicoThis week, U.S. asks Israel to extradite an alleged LockBit coder, don't say "pig butchering," and an Apache Struts flaw. A hunt for alleged data thieves in Mexico, Europe probes TikTok and Netfilix fined 4.75 million. A ransomware attack against Texas medical centers and a credit union breach.
And also: What looks like proof that stolen data was never deleted even after ransom was paid Building on the success of what's known around here as LockBit Leak Week in February, the authorities say they've arrested a further four individuals with ties to the now-scuppered LockBit ransomware empire.…
Aleksandr Ryzhenkov alleged to have extorted around $100M from victims, built 60 LockBit attacks The latest installment of the National Crime Agency's (NCA) series of ransomware revelations from February's LockBit Leak Week emerges today as the agency identifies a man it not only believes is a member of the long-running Evil Corp crime group but also a LockBit affiliate.…
International Police Operation Revives Seized LockBit Dark Web Leak SitePolice behind an international law enforcement operation targeting LockBit resurrected the leak site they seized earlier this year from the ransomware-as-a-service group and posted a countdown clock suggesting they will reveal the identity of LockBitSupp, the group's leader.
The NCA, FBI, and Europol have revived a seized LockBit ransomware data leak site to hint at new information being revealed by law enforcement this Tuesday. [...]
Cyber threat intelligence provider Cyble found that DragonForce was using a ransomware binary based on LockBit Black’s builder
Also: Congress Weighs in on Change Healthcare Saga; Hot Topics at ISMG’s AI SummitIn the latest weekly update, ISMG editors discussed the rise of criminal groups using leaked LockBit ransomware for global cyberattacks, Congress's recent hearing on the cyberattack targeting Change Healthcare and takeaways from ISMG’s Cybersecurity Implications of AI Summit
Experts See Surge in Attacks, Including in Russia, Using Leaked LockBit CodeWhat do a German healthcare network, a Russian security company and an American bridal clothing retailer have in common? All seem to have been compromised in recent months by attackers who wielded LockBit crypto-locking malware - but who weren't tied to the actual LockBit operation.
A Trend Micro report shows a clear drop in the number of actual infections associated with the LockBit ransomware following Operation Cronos
LockBit ransomware gang claims 668GB of data it dumped online was stolen from South Africa's pension agency.
Countdown expires March 2 unless government officials pay the ransom LockBit claims it's back in action just days after an international law enforcement effort seized the ransomware gang's servers and websites, and retrieved more than 1,000 decryption keys to assist victims.…
After Operation Cronos, LockBit Leader LockBitSupp's Vows to Continue HackingRussian-speaking ransomware operation LockBit reestablished a dark web leak site Saturday afternoon, posting a lengthy screed apparently authored by its leader, who vowed not to retreat from the criminal underground world. The FBI had no comment.
The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law enforcement exercise seized control of its servers
The FBI's takedown of the LockBit ransomware group last week came as LockBit was preparing to release sensitive data stolen from government computer systems in Fulton County, Ga. But LockBit is now regrouping, and the gang says it will publish the stolen Fulton County data on March 2 unless paid a ransom. LockBit claims the cache includes documents tied to the county's ongoing criminal prosecution of former President Trump, but court watchers say teaser documents published by the crime gang suggest a total leak of the Fulton County data could put lives at risk and jeopardize a number of other criminal trials.