Tag: ransomware operations
30 articles

Ryuk Ransomware Operative Pleads Guilty in US Court
A major player behind the notorious Ryuk Ransomware gang has taken responsibility for their crimes, with Karen Serobovich Vardanyan, a 34-year-old Armenian national, pleading guilty in a US court to conspiracy and computer fraud. As part of his plea deal, Vardanyan will pay over $1.1m in restitution for his role in the massive cyberattack that netted over $15m in bitcoin payments.

Ryuk Ransomware Operative Pleads Guilty, Faces 15-Year Sentence
A 34-year-old Armenian man, Karen Serobovich Vardanyan, has pleaded guilty to masterminding a brazen ransomware scheme that raked in around $15 million by infiltrating hundreds of computer networks and deploying Ryuk ransomware. Vardanyan's guilty plea comes after his extradition from Ukraine, where he was arrested in April 2025.

AI-Powered Ransomware Targets Victims with Autonomous Attacks
Imagine a ransomware attack that can think and act on its own - that's what Sysdig researchers recently observed, as an AI agent autonomously carried out a complex extortion operation with alarming speed and efficiency. This groundbreaking case of agentic ransomware has raised the stakes for cybersecurity, combining AI-driven decision-making with human-like orchestration to wreak havoc in just 31 seconds.

Sysdig Exposes First Fully Agentic Ransomware Campaign
Meet JadePuffer, the groundbreaking ransomware campaign that's fully driven by a large language model (LLM) and can launch a devastating attack in as little as 31 seconds. This AI-powered threat uses an adaptive and automated approach to exploit vulnerabilities and extort its targets.

Avalon Malware Framework Targets Enterprise with CrownX Ransomware
Meet Avalon, a sneaky malware framework that's targeting enterprises with a potent ransomware punch, known as CrownX, and discover how it infiltrates systems through clever phishing tactics. This modular menace combines credential collection, lateral movement, and more into a single, reusable threat.

FortiBleed Exposes Link to Ransomware Ops
A shocking new report reveals that the notorious FortiBleed vulnerability has a direct link to ransomware operations, with a key player found negotiating with both groups. This alarming connection has led to at least 12 ransomware deployments and hundreds of encrypted endpoints.

FortiBleed Campaign Tied to Lynx Ransomware Operators
Researchers uncovered a massive credential-theft operation, dubbed FortiBleed, which exposed over 73,000 Fortinet device credentials and was surprisingly linked to active ransomware negotiation panels. This shocking discovery offers a rare glimpse into the tactics of threat actors.

Scattered Spider Teens Plead Guilty to TfL Cyberattack
Two British teenagers, Thalha Jubair and Owen Flowers, have pleaded guilty to infiltrating Transport for London's systems, causing a £29m hit and disrupting public services in a stark reminder that cybercrime has very real-world consequences. The breach, which occurred in late August 2024, highlights the significant impact of cyberattacks on everyday life.

Klue OAuth Breach Enables Icarus Extortion Attacks on Salesforce Data
A recent OAuth breach at market intelligence platform Klue has enabled a new extortion group called Icarus to steal sensitive Salesforce CRM data from multiple organizations, sparking a wave of ransom demands. Salesforce has swiftly responded by disabling the connection between Klue's Battlecards app and its platform to protect customers.

Conti Ransomware Member Pleads Guilty to Cybercrimes
A longtime member of the notorious Conti ransomware group has pleaded guilty to cybercrimes in federal court, marking a major win for justice after the defendant's attacks caused millions of dollars in damage to people and businesses worldwide. Oleksii Oleksiyovych Lytvynenko, a 44-year-old Ukrainian national, admitted to developing malware and participating in Conti's ransomware campaign.

Ukrainian Hacker Pleads Guilty in Conti Ransomware Case
Meet Oleksii Lytvynenko, a Ukrainian hacker who just pleaded guilty to his role in the notorious Conti ransomware case, which targeted over 1,000 victims worldwide and raked in a staggering $150 million in ransom payments. He's now facing up to 20 years in prison for his involvement.

Gentlemen Ransomware Spreads Globally, Targets 478 Victims
Meet The Gentlemen, a notorious ransomware group with a sprawling affiliate program that's left 478 victims in its wake, exploiting modern vulnerabilities with alarming speed and flexibility. Led by a single Russian-language operator, LARVA-368, this cybercrime powerhouse has been wreaking havoc since March 2025.

Check Point Exposes VPN Zero-Day Link to Qilin Ransomware Gang
A critical VPN vulnerability, CVE-2026-50751, has been exploited in attacks linked to the notorious Qilin ransomware gang, affecting a handful of organizations worldwide. Check Point has released security updates to patch this authentication bypass flaw in its legacy Remote Access and Mobile Access deployments.

Cybercriminals Impersonate IT Personnel in Targeted Attacks
Cybercriminals are now masquerading as IT personnel to launch targeted attacks, with the FBI warning that law firms and professional sectors are prime targets. This new tactic allows groups like the Silent Ransom Group to swiftly access and exfiltrate sensitive data, often without encrypting systems.

FBI Warns Law Firms of In-Person Extortion Tactics by Silent Ransom Group
The FBI is sounding the alarm for US law firms, warning them of a growing threat from the Silent Ransom Group, which targets the legal industry for its highly sensitive data and uses in-person extortion tactics. This group has been linked to a string of incidents, and the FBI is urging law firms to be vigilant.

Authorities Disrupt First VPN Service Used by 25 Ransomware Groups
In a major win for cybersecurity, an international coalition led by France and the Netherlands has disrupted a notorious VPN service used by 25 ransomware groups, taking a significant blow to cybercrime operations. The takedown was made possible through a collaborative effort involving 16 countries and key partners like Europol and Eurojust.

Law Enforcement Disrupts First VPN Service Tied to Ransomware Attacks
In a major cybercrime crackdown, law enforcement agencies have dismantled a notorious VPN service used by ransomware attackers, seizing 33 servers and taking its domains offline in a coordinated operation across 27 countries. The takedown of First VPN, a so-called "no-logs" provider, has dealt a significant blow to threat actors behind ransomware and data theft campaigns.

ShinyHunters Breach Exposes Educational SaaS Canvas
ShinyHunters hackers have claimed responsibility for taking down educational software platform Canvas in a cyberattack that left users offline. The group didn't hold back, giving the developer a scathing "F for security" in their criticism of the breach.

Crypto Heist Ringleader Gets 6.5 Years for $230 Million Loot
Marlon Ferro, the mastermind behind a brazen crypto heist, has been sentenced to 6.5 years for stealing $230 million in cryptocurrency using a cunning mix of online scams and targeted home invasions. He served as the group's instrument of last resort, carrying out daring residential burglaries to get his hands on valuable digital assets.

Iranian Spies Masquerade as Ransomware Gangs in Espionage Ops
A new wave of cyber threats has emerged, where Iranian spies masquerade as ransomware gangs to secretly infiltrate and gather intel from targeted organizations. Behind the scenes, they're hiding a wide-open backdoor, putting defenders and the organizations they protect at risk.

US Sentences Two Cybersecurity Pros for BlackCat Ransomware Role
Two cybersecurity experts turned to a life of crime, using their specialized knowledge to extort victims through BlackCat ransomware attacks, and have been sentenced to four years in prison for their roles. Ryan Goldberg and Kevin Martin deployed the ransomware against multiple US victims between April and December 2023.

US Cybersecurity Workers Jailed for Aiding BlackCat Ransomware Gang
Meet Ryan Goldberg and Kevin Martin, two cybersecurity experts who abused their skills to line their pockets by aiding the notorious BlackCat ransomware gang. They've been sentenced to four years in prison for their roles in facilitating devastating ransomware attacks.

Trigona Ransomware Exploits Custom Tool for Swift Data Exfiltration
Trigona ransomware attackers have unleashed a custom-built, command-line tool that turbocharges data theft, allowing them to siphon off sensitive information with lightning speed and razor-sharp efficiency. This potent tool is the latest weapon in their arsenal, enabling faster and more efficient data exfiltration from compromised environments.

Kyber Ransomware Targets Windows, VMware with Post-Quantum Encryption
Meet the Kyber Ransomware, a potent threat that targets both Windows and VMware environments with cutting-edge, post-quantum encryption. This sophisticated malware has been found to strike multiple systems at once, as seen in a March 2026 incident where two variants were deployed on the same network.