Security news aggregator

Latest coverage for Ransomware

Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.

18 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.

Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.

Showing 18 most recent headlines Filtered view

Defunct Ransomware Group's Diaspora Includes Hackers With Focus on Microsoft TeamsBased on intelligence gleaned from the leak of Black Basta ransomware messages, researchers are warning organizations to beware phishing attacks launched via Microsoft partner domains and via Teams, as well as the targeting of personal Google accounts accessed via corporate devices.

7.2 Million Individuals' Personal Data Being Held to Ransom by Threat ActorA data-leak group extortion is shaking down the government of Paraguay for a ransom payment worth $7.4 million, or $1 for every one of the country's citizens. The group, calling itself Brigada Cyber PMC, claims the stolen data includes people's personally identifiable information.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management (RMM) instances to compromise customers of an unnamed utility billing software provider

Good news: The vendor patched the flaw in January. Bad news: Not everyone got the memo Ransomware criminals infected a utility billing software providers' customers, and in some cases disrupted services, after exploiting unpatched versions of SimpleHelp’s remote monitoring and management (RMM) tool, according to a Thursday CISA alert.…

Bank Info Security 1 year, 1 month ago

Governments Embrace Secure by Design to Curb Cyberthreats

NextJenSecurity Founder Calls for Global Policy Shifts to Reduce VulnerabilitiesGovernments worldwide are shifting from reactive responses to preventive strategies to tackle ransomware attacks. Jen Ellis, founder of NextJenSecurity, stresses the need for vulnerability accountability and secure-by-design policies to tackle systemic cybersecurity flaws.

Bank Info Security 1 year, 1 month ago

LockBit's New Reality Is Out of Control Affiliates

May Database Leak Shows Ransomware Group Taking New ChancesAffiliates of beleaguered ransomware-as-a-service operation LockBit have turned toward Chinese targets, finds an analysis of a May leak of the group's admin panel. LockBit affiliates targeted 156 organizations during that time, the majority of them located in China.

Bank Info Security 1 year, 1 month ago

AHA Warns Hospitals About Latest Play Ransomware Threats

Group's Advisory Follows an Updated Joint Alert from US, Australian AgenciesThe American Hospital Association is warning hospitals and other healthcare sector organizations of rising double-extortion attack threats involving the Play ransomware group. The AHA alert follows an updated joint government advisory issued last week about Play's latest tactics.

Bank Info Security 1 year, 1 month ago

Supply Chain Attacks Really Are Surging

Software Supply Chain Providers Under Fire by Ransomware Rings, Nation-State GroupsHackers are doubling down on software supply chain attacks, with known attacks surging from over 12 last year to more than 24 per month in April and May, threat intelligence researchers report. Ransomware-wielding groups and nation-state hackers, alike, have been tied to such attacks.

AI is your secret weapon against ransomware crooks. Here's how to use it Partner Content Cybercriminals are evolving, and so are the tools to stop them. As AI becomes more accessible, attackers are sharpening their tactics. But here's the good news: defenders are, too. AI is no longer a buzzword; it's a frontline weapon in the fight against ransomware.…

NHS in England Urging One Million People to Donate Blood to 'Secure' SupplyThe National Health System in England is still dealing with blood supply issues one year after a ransomware attack on a British pathology laboratory services provider disrupted patient care and testing services at several London-based hospitals and triggered a nationwide blood shortage.