Security news aggregator

Latest coverage for Ransomware

Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.

19 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.

Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.

Showing 19 most recent headlines Filtered view
Bank Info Security 1 year, 6 months ago

Alleged LockBit Coder Faces 41-Count Indictment in US

US Seeks Extradition of Dual Russian and Israeli Citizen Rostislav Panev from IsraelA newly unsealed U.S. federal indictment against Rostislav Panev says the LockBit ransomware operation paid the Israeli national a $10,000 monthly salary for coding and consulting services. Federal prosecutors are seeking Panev's extradition from Israel following his August arrest.

Looking Back on the Ransomware Attacks, Resilience Lessons and Tech TrendsIn the latest weekly update, ISMG editors discussed defining cybersecurity moments of 2024, from the CrowdStrike outage and its implications for vendor resilience to ransomware's continued evolution, and the shifting dynamics in the tech industry affecting startups and M&A activity.

Missouri-Based Hospital Chain Initially Reported That Attack Affected Only 500Seven months after a ransomware disrupted its IT systems for weeks, Catholic hospital chain Ascension Health is now notifying nearly 5.6 million current and former patients and employees that the incident - which also involved data theft - potentially compromised their information.

Bank Info Security 1 year, 6 months ago

Romanian Sentenced to 20 Years for NetWalker Ransomware

Daniel Hulea Orchestrated Attacks Targeting Businesses During the COVID-19 PandemicA U.S. federal court sentenced a Romanian man to 20 years in a U.S. prison for his role in Netwalker ransomware attacks including against healthcare and education sectors during the novel coronavirus pandemic, extorting millions of dollars from victims worldwide.

Also: Interpol Says 'Pig Butchering' Shames Victims, A Data Leak Scandal in MexicoThis week, U.S. asks Israel to extradite an alleged LockBit coder, don't say "pig butchering," and an Apache Struts flaw. A hunt for alleged data thieves in Mexico, Europe probes TikTok and Netfilix fined 4.75 million. A ransomware attack against Texas medical centers and a credit union breach.

At Least 200 Servers Still Vulnerable as Ransomware Group Claims Mass ExploitsMore than 200 Cleo managed file-transfer servers remain internet-exposed and unpatched, despite warnings of a mass attack targeting critical vulnerabilities in the widely used software. The Clop ransomware operation, which has repeatedly targeted MFT software, claimed credit for the attacks.

CISOs at Organizations That Fell Victim Have a Different Story, 451 Research FindsAre your defenses against ransomware good enough to survive contact with the enemy? Don't be so sure. A new study from market researcher 451 Research finds that "overconfidence in security tooling remains an issue in the face of ransomware" for organizations that haven't yet fallen victim.

But can you really take crims at their word? Supply chain integration vendor Cleo has urged its customers to upgrade three of its products after an October security update was circumvented, leading to widespread ransomware attacks that Russia-linked gang Cl0p has claimed are its evil work.…

File-Transfer Software Being Exploited by One or More Groups; Vendor Pushes PatchesThe ransomware group Clop is claiming credit for the mass exploitation of managed file-transfer software built by Cleo Communications, following on from the similar targeting of MOVEit file-transfer in 2023. Many large organizations rely on the MFT server software to securely transfer files.