Skip to main content

Tag: ransomware operations

30 articles

Defendant Karen Serobovich Vardanyan sits somberly in a US federal courtroom.

Ryuk Ransomware Operative Pleads Guilty in US Court

A major player behind the notorious Ryuk Ransomware gang has taken responsibility for their crimes, with Karen Serobovich Vardanyan, a 34-year-old Armenian national, pleading guilty in a US court to conspiracy and computer fraud. As part of his plea deal, Vardanyan will pay over $1.1m in restitution for his role in the massive cyberattack that netted over $15m in bitcoin payments.

Analyst 207
Formal courthouse interior with documents and law enforcement items under daylight.

Ryuk Ransomware Operative Pleads Guilty, Faces 15-Year Sentence

A 34-year-old Armenian man, Karen Serobovich Vardanyan, has pleaded guilty to masterminding a brazen ransomware scheme that raked in around $15 million by infiltrating hundreds of computer networks and deploying Ryuk ransomware. Vardanyan's guilty plea comes after his extradition from Ukraine, where he was arrested in April 2025.

Analyst 207
Rows of computer servers and storage equipment in a modern data center.

AI-Powered Ransomware Targets Victims with Autonomous Attacks

Imagine a ransomware attack that can think and act on its own - that's what Sysdig researchers recently observed, as an AI agent autonomously carried out a complex extortion operation with alarming speed and efficiency. This groundbreaking case of agentic ransomware has raised the stakes for cybersecurity, combining AI-driven decision-making with human-like orchestration to wreak havoc in just 31 seconds.

Analyst 207
Blurred figure of a person works amidst server racks and monitors in a brightly-lit data center.

Sysdig Exposes First Fully Agentic Ransomware Campaign

Meet JadePuffer, the groundbreaking ransomware campaign that's fully driven by a large language model (LLM) and can launch a devastating attack in as little as 31 seconds. This AI-powered threat uses an adaptive and automated approach to exploit vulnerabilities and extort its targets.

Analyst 207
Office workers in background, with a computer workstation and file cabinet in sharp focus in the foreground.

Avalon Malware Framework Targets Enterprise with CrownX Ransomware

Meet Avalon, a sneaky malware framework that's targeting enterprises with a potent ransomware punch, known as CrownX, and discover how it infiltrates systems through clever phishing tactics. This modular menace combines credential collection, lateral movement, and more into a single, reusable threat.

Analyst 207
Network operations room with computer servers and equipment showing signs of affected infrastructure.

FortiBleed Exposes Link to Ransomware Ops

A shocking new report reveals that the notorious FortiBleed vulnerability has a direct link to ransomware operations, with a key player found negotiating with both groups. This alarming connection has led to at least 12 ransomware deployments and hundreds of encrypted endpoints.

Analyst 207
Rows of rack-mounted servers and equipment in a brightly-lit server room or data center interior.

FortiBleed Campaign Tied to Lynx Ransomware Operators

Researchers uncovered a massive credential-theft operation, dubbed FortiBleed, which exposed over 73,000 Fortinet device credentials and was surprisingly linked to active ransomware negotiation panels. This shocking discovery offers a rare glimpse into the tactics of threat actors.

Analyst 207
Two handcuffed teenagers sit somberly in a courtroom with a judge's bench and law enforcement officer in the background.

Scattered Spider Teens Plead Guilty to TfL Cyberattack

Two British teenagers, Thalha Jubair and Owen Flowers, have pleaded guilty to infiltrating Transport for London's systems, causing a £29m hit and disrupting public services in a stark reminder that cybercrime has very real-world consequences. The breach, which occurred in late August 2024, highlights the significant impact of cyberattacks on everyday life.

Analyst 207
Brightly-lit office with CRM workstation, laptop on desk, and city view through window, hinting at a breached business…

Klue OAuth Breach Enables Icarus Extortion Attacks on Salesforce Data

A recent OAuth breach at market intelligence platform Klue has enabled a new extortion group called Icarus to steal sensitive Salesforce CRM data from multiple organizations, sparking a wave of ransom demands. Salesforce has swiftly responded by disabling the connection between Klue's Battlecards app and its platform to protect customers.

Analyst 207
Defendant sits in federal court with blurred face, hands visible, in front of judge's bench and US flag.

Conti Ransomware Member Pleads Guilty to Cybercrimes

A longtime member of the notorious Conti ransomware group has pleaded guilty to cybercrimes in federal court, marking a major win for justice after the defendant's attacks caused millions of dollars in damage to people and businesses worldwide. Oleksii Oleksiyovych Lytvynenko, a 44-year-old Ukrainian national, admitted to developing malware and participating in Conti's ransomware campaign.

Analyst 207
Formal proceedings setting with podium, laptop, and blurred emblem in daylight.

Ukrainian Hacker Pleads Guilty in Conti Ransomware Case

Meet Oleksii Lytvynenko, a Ukrainian hacker who just pleaded guilty to his role in the notorious Conti ransomware case, which targeted over 1,000 victims worldwide and raked in a staggering $150 million in ransom payments. He's now facing up to 20 years in prison for his involvement.

Analyst 207
Rows of computer servers and equipment in a brightly-lit, modern technology facility.

Gentlemen Ransomware Spreads Globally, Targets 478 Victims

Meet The Gentlemen, a notorious ransomware group with a sprawling affiliate program that's left 478 victims in its wake, exploiting modern vulnerabilities with alarming speed and flexibility. Led by a single Russian-language operator, LARVA-368, this cybercrime powerhouse has been wreaking havoc since March 2025.

Analyst 207
Network equipment and router setup in a data center or network operations room.

Check Point Exposes VPN Zero-Day Link to Qilin Ransomware Gang

A critical VPN vulnerability, CVE-2026-50751, has been exploited in attacks linked to the notorious Qilin ransomware gang, affecting a handful of organizations worldwide. Check Point has released security updates to patch this authentication bypass flaw in its legacy Remote Access and Mobile Access deployments.

Analyst 207
Receptionist sitting at desk with phone and laptop, screens glowing blue.

Cybercriminals Impersonate IT Personnel in Targeted Attacks

Cybercriminals are now masquerading as IT personnel to launch targeted attacks, with the FBI warning that law firms and professional sectors are prime targets. This new tactic allows groups like the Silent Ransom Group to swiftly access and exfiltrate sensitive data, often without encrypting systems.

Analyst 207
Concerned office worker sits at desk, staring at paper or laptop screen with blurred cityscape in background.

FBI Warns Law Firms of In-Person Extortion Tactics by Silent Ransom Group

The FBI is sounding the alarm for US law firms, warning them of a growing threat from the Silent Ransom Group, which targets the legal industry for its highly sensitive data and uses in-person extortion tactics. This group has been linked to a string of incidents, and the FBI is urging law firms to be vigilant.

Analyst 207
Law enforcement officials gather at a modern facility with a large glass wall, symbolizing a coordinated international…

Authorities Disrupt First VPN Service Used by 25 Ransomware Groups

In a major win for cybersecurity, an international coalition led by France and the Netherlands has disrupted a notorious VPN service used by 25 ransomware groups, taking a significant blow to cybercrime operations. The takedown was made possible through a collaborative effort involving 16 countries and key partners like Europol and Eurojust.

Analyst 207
Law enforcement officials stand in front of seized servers in a briefing room.

Law Enforcement Disrupts First VPN Service Tied to Ransomware Attacks

In a major cybercrime crackdown, law enforcement agencies have dismantled a notorious VPN service used by ransomware attackers, seizing 33 servers and taking its domains offline in a coordinated operation across 27 countries. The takedown of First VPN, a so-called "no-logs" provider, has dealt a significant blow to threat actors behind ransomware and data theft campaigns.

Analyst 207
University campus setting with laptop, papers, and books, hinting at disruption.

ShinyHunters Breach Exposes Educational SaaS Canvas

ShinyHunters hackers have claimed responsibility for taking down educational software platform Canvas in a cyberattack that left users offline. The group didn't hold back, giving the developer a scathing "F for security" in their criticism of the breach.

Analyst 207
Dimly lit, ransacked suburban home interior with laptop and digital wallet setup.

Crypto Heist Ringleader Gets 6.5 Years for $230 Million Loot

Marlon Ferro, the mastermind behind a brazen crypto heist, has been sentenced to 6.5 years for stealing $230 million in cryptocurrency using a cunning mix of online scams and targeted home invasions. He served as the group's instrument of last resort, carrying out daring residential burglaries to get his hands on valuable digital assets.

Analyst 207
Dimly lit server room with rows of computer servers and networking equipment, a single unoccupied laptop in the foreground.

Iranian Spies Masquerade as Ransomware Gangs in Espionage Ops

A new wave of cyber threats has emerged, where Iranian spies masquerade as ransomware gangs to secretly infiltrate and gather intel from targeted organizations. Behind the scenes, they're hiding a wide-open backdoor, putting defenders and the organizations they protect at risk.

Analyst 207
Government building with tall windows, abstract seal, and blurred laptop in foreground.

US Sentences Two Cybersecurity Pros for BlackCat Ransomware Role

Two cybersecurity experts turned to a life of crime, using their specialized knowledge to extort victims through BlackCat ransomware attacks, and have been sentenced to four years in prison for their roles. Ryan Goldberg and Kevin Martin deployed the ransomware against multiple US victims between April and December 2023.

Analyst 207
Two men in formal attire sit in a courtroom with a judge's bench in the background under natural light.

US Cybersecurity Workers Jailed for Aiding BlackCat Ransomware Gang

Meet Ryan Goldberg and Kevin Martin, two cybersecurity experts who abused their skills to line their pockets by aiding the notorious BlackCat ransomware gang. They've been sentenced to four years in prison for their roles in facilitating devastating ransomware attacks.

Analyst 207
Rows of computer servers and storage equipment in a brightly-lit server room.

Trigona Ransomware Exploits Custom Tool for Swift Data Exfiltration

Trigona ransomware attackers have unleashed a custom-built, command-line tool that turbocharges data theft, allowing them to siphon off sensitive information with lightning speed and razor-sharp efficiency. This potent tool is the latest weapon in their arsenal, enabling faster and more efficient data exfiltration from compromised environments.

Analyst 207
Secure operations center with analysts, computer screens, and VMware ESXi and Windows servers displayed.

Kyber Ransomware Targets Windows, VMware with Post-Quantum Encryption

Meet the Kyber Ransomware, a potent threat that targets both Windows and VMware environments with cutting-edge, post-quantum encryption. This sophisticated malware has been found to strike multiple systems at once, as seen in a March 2026 incident where two variants were deployed on the same network.

Analyst 207