Latest coverage for Ransomware
Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.
Refine the feed
Search across headline titles and summaries.
Tag briefing
Background for this topic.
Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.
Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.
Royal and BlackSuit ransomware gangs hit over 450 US companies
The U.S. Department of Homeland Security (DHS) says the cybercrime gang behind the Royal and BlackSuit ransomware operations had breached hundreds of U.S. companies before their infrastructure was dismantled last month. [...]
New EDR killer tool used by eight different ransomware groups
A new Endpoint Detection and Response (EDR) killer that is considered to be the evolution of 'EDRKillShifter,' developed by RansomHub, has been observed in attacks by eight different ransomware gangs. [...]
SonicWall finds no SSLVPN zero-day, links ransomware attacks to 2024 flaw
SonicWall says that recent Akira ransomware attacks exploiting Gen 7 firewalls with SSLVPN enabled are exploiting an older vulnerability rather than a zero-day flaw. [...]
SonicWall: Attacks Linked to Legacy Bug and Password Use
SonicWall has claimed an uptick in Akira ransomware intrusions is due to legacy password use
Dialysis Firm Attack Affects 1 Million, Costs $13.5M to Date
Interlock Claims to Have 1.5TB of DaVita's Data as Expenses MountDaVita Inc., one of the largest kidney dialysis providers in the world, told regulators that an April cyberattack has cost the company $13.5 million so far and has affected more than one million people in the U.S., and counting. Interlock says it's behind the data theft and ransomware attack.
On the Rise: Ransomware Victims, Breaches, Infostealers
Researchers See 'Acceleration' in Existing Threats, Ongoing Criminal SuccessCybercrime so far this year can be summarized as featuring "more of everything," with researchers tracking increases in the number of ransomware and data breach victims, credentials stolen by infostealers, and new vulnerability disclosures with exploits coming to light.
Akira ransomware abuses CPU tuning tool to disable Microsoft Defender
Akira ransomware is abusing a legitimate Intel CPU tuning driver to turn off Microsoft Defender in attacks from security tools and EDRs running on target machines. [...]
Clinical Data Stolen in Cyber-Attack on Kidney Dialysis Provider DaVita
The incident, reported to be ransomware-related, has resulted in attackers stealing sensitive personal and clinical data, including lab test results
Ransomware Actors Expand Tactics Beyond Encryption and Exfiltration
Ransomware actors deploy a range of activities to make it harder for victims to recover and increase the consequences of not paying demands
Hacks on 3 Specialty Medical Providers Affect Nearly 800,000
Ransomware, Data Thefts, Other Attacks Continue to Plague Health SectorRecent hacks on a provider of sleep disorder diagnostic gear and services, a network of medical imaging facilities and a multi-disciplinary cancer care center have affected nearly 800,000 patients. The breaches are among the latest rash of cybercriminal attacks plaguing the healthcare sector.
SonicWall Probes Potential Zero-Day After Ransomware Hits
Akira Ransomware Exploited MFA-Protected SonicWall SSL VPNs, Say ResearchersSonicWall said it is probing a surge in attacks against its Gen 7 firewalls, running various firmware versions, which have SSL VPN enabled. Researchers said attackers may have been exploiting a zero-day vulnerability and that multiple victims have been infected with Akira ransomware.
SonicWall urges admins to disable SSLVPN amid rising attacks
SonicWall has warned customers to disable SSLVPN services due to ransomware gangs potentially exploiting an unknown security vulnerability in SonicWall Gen 7 firewalls to breach networks over the past few weeks. [...]
SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported
SonicWall said it's actively investigating reports to determine if there is a new zero-day vulnerability following reports of a spike in Akira ransomware actors in late July 2025
SonicWall investigates 'cyber incidents,' including ransomware targeting suspected 0-day
Bypassing MFA and deploying ransomware…sounds like something that rhymes with 'schmero-day' SonicWall on Monday confirmed that it's investigating a rash of ransomware activity targeting its firewall devices, following multiple reports of a zero-day bug under active exploit in its VPNs.…
Akira Ramps Up Assault on SonicWall Firewalls, Suggesting Zero-Day
An uptick of ransomware activity by the group in late July that uses the vendor's SSL VPN devices for initial intrusion shows evidence of an as-yet-undisclosed flaw under exploitation.
Ransomware gangs join attacks targeting Microsoft SharePoint servers
Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide. [...]
German phone repair biz collapses following 2023 ransomware attack
Founder miffed over prosecutors holding onto its Bitcoin The founder of a German mobile phone repair and insurance biz has begun insolvency proceedings for some operations in his company after struggling financially following a costly ransomware attack in 2023.…
Uptick in Akira Ransomware Actors Targeting SonicWall VPNs
Arctic Wolf has spotted an increase in Akira ransomware attacks targeting SonicWall SSL VPNs