GentleKiller Framework Disables Victims' Security Software
ESET details GentleKiller, the EDR-killer framework the Gentlemen ransomware gang gives affiliates
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
ESET details GentleKiller, the EDR-killer framework the Gentlemen ransomware gang gives affiliates
New ransomware of choice, same critical targets North Korea’s Lazarus Group appears to have added another tool to its kit. It has begun using Medusa ransomware in extortion attacks targeting at least one US healthcare organization and an unnamed victim in the Middle East, according to Symantec and Carbon Black threat hunters.…
Trend Micro Researchers Uncover New Ransomware StrainA newly identified ransomware group is targeting victims across the Asia Pacific region using custom-built evasion capabilities that could pose a "significant threat" to organizations, warn researchers at security firm Trend Micro. The Gentlemen deploys customized methods tailored to each target.
Trend Micro highlighted a sophisticated post-compromise attack chain to deploy the Warlock ransomware in unpatched SharePoint on-prem environments
Avast researchers shared a step-by-step guide to decrypt files for victims of FunkSec ransomware
Trend Micro has observed the Bert ransomware group in operation since April 2025, with confirmed victims in sectors including healthcare, technology and event services
The threat of wiping files and servers clean gives Anubis affiliates yet another way to leverage ransomware victims who may be hesitant to pay to get their data back, Trend Micro said.
Trend Micro identified a novel “wipe mode” included in Anubis ransomware to prevent file recovery, increasing pressure on victims to give in to demands
Symantec found that Medusa has listed almost 400 victims on its data leaks site since early 2023, demanding ransom payments as high as $15m
The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks witnessing a 42% increase between 2023 and 2024
The recently discovered Embargo ransomware group is using Rust-based custom tools to overcome victims’ security defenses, ESET researchers have observed
Threat actors have been observed abusing Amazon S3 (Simple Storage Service) Transfer Acceleration feature as part of ransomware attacks designed to exfiltrate victim data and upload them to S3 buckets under their control
Cybersecurity researchers have discovered a new Linux variant of a ransomware strain known as Play (aka Balloonfly and PlayCrypt) that's designed to target VMware ESXi environments
Researchers at Avast found a flaw in the cryptographic schema of the DoNex ransomware and have been sending out decryptor keys to victims since March 2024
ShrinkLocker throws steel and vaccine makers into the hurt locker Updated Yet more ransomware is using Microsoft BitLocker to encrypt corporate files, steal the decryption key, and then extort a payment from victim organizations, according to Kaspersky.…
A decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regain access to their files
The Trend Micro report observed that small organizations are being increasingly targeted by ransomware gangs, including LockBit and BlackCat
A malicious toolset dubbed Spacecolon is being deployed as part of an ongoing campaign to spread variants of the Scarab ransomware across victim organizations globally
Cybersecurity firm Avast has released a free decryptor for the Akira ransomware that can help victims recover their data without paying the crooks any money. [...]
Gen Digital, the parent company of the security companies, is the latest victim in a rash of Cl0p attacks on the bug in the MOVEit transfer software, leading to employee data being revealed.