Security news aggregator

Latest coverage for Ransomware

Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.

17 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.

Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.

Showing 17 most recent headlines Filtered view

Threat actor exploited known vulnerabilities in the Microsoft software to compromise multiple systems An affiliate of the aggressive Hive ransomware group is exploiting known vulnerabilities in Microsoft Exchange servers to encrypt and exfiltrate data and threaten to publicly disclose the information if the ransom isn't paid.…

Months after arrests, gang – or someone mimicking them – now active The notorious REvil ransomware gang appears to have returned from the bowels of the dark web, three months after the arrest of 14 of its suspected members, with its old website forwarding to a new operation that lists both previous and fresh victims.…

Krebs on Security 4 years, 2 months ago

Conti’s Ransomware Toll on the Healthcare Industry

Conti -- one of the most ruthless and successful Russian ransomware groups -- publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But new information confirms this pledge was always a lie, and that Conti has launched more than 200 attacks against hospitals and other healthcare facilities since first surfacing in 2018 under the name "Ryuk."

Trend Micro Research, News and Perspectives 4 years, 3 months ago

An Investigation of the BlackCat Ransomware via Trend Micro Vision One

We recently investigated a case related to the BlackCat ransomware group using the Trend Micro Vision One™ platform, which comes with extended detection and response (XDR) capabilities. BlackCat (aka AlphaVM or AlphaV) is a ransomware family created in the Rust programming language and operated under a ransomware-as-a-service (RaaS) model.