Security news aggregator

Latest coverage for Ransomware

Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.

31 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.

Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.

Showing 20 most recent headlines of 31 Filtered view

Ransomware Attacks Pummel Critical National Infrastructure Sectors, Experts WarnThe oil and gas sector in Pakistan is on high alert following a ransomware attack against the state-owned oil and gas company Pakistan Petroleum, an instance of ransomware impacting critical infrastructure in a year that has already tallied hundreds of incidents.

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Thursday renewed sanctions against Russian cryptocurrency exchange platform Garantex for facilitating ransomware actors and other cybercriminals by processing more than $100 million in transactions linked to illicit activities since 2019

Some custom malware, some legit software tools At least a dozen ransomware gangs have incorporated kernel-level EDR killers into their malware arsenal, allowing them to bypass almost every major endpoint security tool on the market, escalate privileges, and ultimately steal and encrypt data before extorting victims into paying a ransom.…

US Treasury Says Crypto Exchange Helped Launder $100 Million for Ransomware GangsThe U.S. Department of Treasury sanctioned Thursday a Russian founder and co-owners of the Garantex cryptocurrency exchange in a bid to tighten methods criminal hackers use to launder extortion money and Kremlin sanctions busting. Regulators also sanctioned Garantex successor Grinex.

Report North Korean Hacking Group Adds Ransomware to Traditional PlaybookA ScarCruft subgroup dubbed "ChinopuNK" has launched a disruptive ransomware campaign across South Korea, using phishing lures, AutoIt loaders and microphone-capturing malware - marking a major change in the North Korean hacking group's traditionally espionage-focused cyber tactics.

New Ransomware Possibly Linked to Earth BaxiaA previously uncatalogued ransomware strain is targeting public sector and aviation organizations in the Middle East. The threat actor uses techniques similar to a previously documented hacking group tracked as Earth Baxia and likely based in China.

Cryptocurrency Tracing Suggests Group Is Rebrand of Russian-Speaking BlackCat GroupEven lesser-known ransomware groups haul in serious extortion cash - although in the ransomware world, little is what it seems. Take relative newcomer Embargo, which appears to be a rebrand of, or successor to, the notorious BlackCat group, also known as Alphv.

City Refuses to Pay Ransom; Employees Report to Arena to Reset Passwords in PersonThe Minnesota city of St. Paul continues to respond to a ransomware attack, with the mayor saying it will pay no ransom. Instead, it's restoring systems from backups and verifying employees' identity at a centralized location before resetting their passwords.

Minnesota’s capital is the latest to feature on Interlock’s leak blog after late-July cyberattack The Interlock ransomware gang has flaunted a 43GB haul of files allegedly stolen from the city of Saint Paul, following a late-July cyberattack that forced the Minnesota capital to declare a state of national emergency.…

And yes, there’s the usual credit monitoring Global staffing firm Manpower confirmed ransomware criminals broke into its Lansing, Michigan franchise's network and stole personal information belonging to 144,189 people, months after the extortionists claimed that they pilfered "all of [the company's] confidential data." …

Loading more headlines...