Skip to main content

Tag: ransomware

999 articles

Handcuffed young men escorted by a stern-looking officer outside a UK courthouse.

UK Sentences Scattered Spider Members to 66 Months for Cyberattacks

In a major cybercrime crackdown, two young men have been sentenced to 66 months in jail for their role in a 2024 cyberattack that crippled Transport for London's network operations. Thalha Jubair and Owen Flowers were arrested and pleaded guilty, marking a significant win for the UK's National Crime Agency after nearly two years of investigation.

Analyst 207
Government office with a barricaded door and encrypted computer screen.

Ransomware Targets Government Agencies Daily, Study Reveals

Government agencies are under attack, with ransomware hitting a staggering 187 organizations in just six months - that's one body disrupted every single day, on average. This alarming trend is up 13% from the previous half-year, leaving public services vulnerable and citizens at risk.

Analyst 207
Man led away by border officers in airport departure hall.

US Misidentifies Russian Hacker in Extradition Bid

A Russian man named Aleksandr Ermakov has been wrongly detained in an Armenian jail on a US extradition request, with his lawyers claiming he is not the REvil ransomware suspect the US is actually after. His family and lawyers are now racing against time to clear his name and prevent his deportation to the US.

Analyst 207
Rows of computer equipment hum in a brightly-lit, bustling server room.

The Gentlemen Ransomware Gang Surges to Top Spot

The Gentlemen ransomware gang has surged to the top spot, unleashing a whopping 300 attacks in just three months thanks to its aggressive recruitment of affiliates and user-friendly intrusion kit. This makes them the most active ransomware group, outpacing even the notorious Qilin affiliate operation.

Analyst 207
Empty dairy production facility with idle equipment and computers.

Ransomware Attack Disrupts Fairlife US Dairy Production

A ransomware attack has hit Fairlife, a US dairy production subsidiary of Coca-Cola, disrupting operations and prompting an immediate response from the company. The incident has triggered a thorough investigation, with outside experts and law enforcement working to contain the breach.

Analyst 207
Woolwich Crown Court exterior with formal entrance and institutional architecture.

UK Sentences Two Scattered Spider Hackers to 5.5 Years Over £29 Million TfL Hack

Two young hackers, Owen Flowers and Thalha Jubair, have been sentenced to 5.5 years in prison for their reckless cyber attacks, including a £29 million hack of Transport for London, with prosecutors highlighting the disturbing extent of their disregard for human life. The pair's guilty plea marks a landmark case, believed to be the first convictions under the Computer Misuse Act 1990's most serious offence.

Analyst 207
Rows of computer servers and networking equipment in a brightly-lit corporate server room.

Spirals Ransomware Encrypts Network in Record Time

In a lightning-fast attack, the newly identified Spirals ransomware gang compromised a network and encrypted its entire system in under 24 hours, showcasing an alarming level of speed and sophistication. The attack began with a simple vulnerability - an exposed IIS server - which allowed hackers to upload a web shell and rapidly escalate their privileges.

Analyst 207
Rack-mounted SonicWall SMA1000 appliance in a typical office server closet.

Attackers Exploit Zero-Days in SonicWall Appliances

Cyber attackers are exploiting two zero-day vulnerabilities, CVE-2026-15409 and CVE-2026-15410, in SonicWall appliances, with ransomware attacks seemingly their ultimate goal. Rapid7's team has thwarted attempts at data exfiltration and encryption, but the threat remains.

Analyst 207
Server room with rows of out-of-focus servers, symbolizing disrupted VPN service.

Treasury Disrupts Ransomware Networks with Sanctions on VPN Service

The US Treasury Department has cracked down on a notorious VPN service, 1VPNS, and its alleged administrators, sanctioning them for enabling ransomware groups to launch devastating attacks on US companies and institutions. This move disrupts the cybercriminal ecosystem, cutting off a key tool used to hide attack origins, deploy malware, and manage stolen data.

Analyst 207
Laptop screen displays virtual private network setup on neutral desk in office.

US Treasury Disrupts Ransomware Networks with Sanctions on VPN, Malware Providers

The US Treasury has cracked down on ransomware networks by sanctioning a VPN provider and its administrator, who allegedly helped cybercrime groups hide their tracks and evade detection. This move aims to disrupt the tools and services that enable devastating attacks causing billions of dollars in losses to US critical infrastructure providers.

Analyst 207
Law enforcement officers surround a computer setup, symbolizing the dismantling of a VPN service linked to ransomware groups.

US Treasury Sanctions VPN Service Over Ransomware Support

The US Treasury has cracked down on a VPN service that helped ransomware groups hide their tracks, announcing sanctions against First VPN Service and its Ukrainian administrator, Dmytro Rashevskyi. This move follows a multi-jurisdictional law enforcement operation that dismantled the service in May 2026.

Analyst 207
Dimly lit server closet with cluttered computer equipment and cables.

The Gentlemen Ransomware Expands Reach with Lucrative Affiliate Model

Meet The Gentlemen, a ransomware group that's rapidly risen to notoriety with a game-changing affiliate model that dishes out a whopping 90% payout to its partners. This lucrative approach has helped them scale from a small operation to one of 2026's most active ransomware-as-a-service programs in record time.

Analyst 207
System administrator working in server room with laptop displaying system interface.

Microsoft Uncovers GigaWiper Backdoor with Ransomware, Wiping Capabilities

Microsoft has uncovered a highly destructive backdoor, dubbed GigaWiper, which combines ransomware and wiping capabilities, marking a concerning shift in the evolution of wiper malware. This modular threat can both extort and destroy, posing significant real-world consequences.

Analyst 207
Laptop in office setting with blank screen, subtle signs of disruption nearby.

Ransomware Evolves, Exploits Microsoft Driver to Evade Defenses

The GodDamn ransomware group is stepping up its game, using a newly discovered malicious driver called PoisonX to cleverly evade defenses and continue its attacks. This latest tactic is part of an ongoing evolution of the Hyadina ransomware family, which has been wreaking havoc since 2022.

Analyst 207
Defendant Angelo Martino sits in a federal courtroom, hands cuffed, with a somber expression.

Ransomware Negotiator Sentenced for Aiding BlackCat Extortions

A ransomware negotiator turned double agent, Angelo Martino, has been sentenced to 70 months in prison for betraying his clients and working with BlackCat to drive up ransoms for personal gain. Martino's shocking deceit involved selling out his clients' confidential negotiating positions to the very cybercriminals he was hired to thwart.

Analyst 207
Courthouse interior with judge's bench and row of chairs under natural daylight.

Ex-Con Ransomware Negotiator Sentenced for BlackCat Attacks

A former ransomware negotiator, Angelo Martino, has been sentenced to 70 months in prison for his role in a string of BlackCat ransomware attacks that targeted multiple victims between 2023 and 2025. Martino's guilty plea brings to justice a key player in the notorious ALPHV ransomware gang.

Analyst 207
Government building interior with podium and judge's bench, symbolizing law enforcement and justice.

Ransomware Negotiator Sentenced for Duping Clients in $75.3 Million Extortion Scheme

A trusted ransomware negotiator turned double agent, Angelo Martino betrayed his clients, funneling their confidential info to BlackCat affiliates and lining his pockets with a share of their ransoms, leaving a trail of devastated businesses in his wake. His deceit raked in $75.3 million for him and his co-conspirators.

Analyst 207
Government office interior with concerned officials in a public records room.

US County Pays $1M to Cyber Extortionists Amid Data Leak Threat

A US county recently made a shocking decision to pay $1 million to cyber extortionists, despite lacking concrete proof that the hackers had deleted the stolen data, after a month-long negotiation that began with a hefty demand of $3 million. The extortion group, Kairos, had threatened to leak sensitive information, prompting the county to make a counteroffer that was ultimately outweighed by the threat.

Analyst 207
Cluttered office desk with laptop, monitor, and papers, in a large room with fluorescent lighting.

GodDamn Ransomware Exploits Signed Driver to Disable Endpoint Defenses

Ransomware attackers have taken a disturbing new tactic, using a malicious kernel driver signed by Microsoft to disable endpoint defenses and wreak havoc on systems. The PoisonX driver, identified as g11.sys, is a game-changer in ransomware operations, making it harder for security teams to detect and respond to threats.

Analyst 207
Blurred laptop screen on a desk in a university hallway with students walking in the background, conveying a sense of…

Hackers Breach Mount Royal University, Expose Sensitive Data

Mount Royal University recently fell victim to a cyberattack that compromised sensitive data, with hackers accessing and stealing files from the university's network before deleting them. The breach, which occurred on June 17, has disrupted multiple university systems and may take weeks to fully recover from.

Analyst 207
Empty seats and scattered devices in a large public venue's ticketing area.

Multiple Breaches Expose Millions in June

A massive data breach at Madison Square Garden put over 26 million records at risk after a threat actor group, ShinyHunters, made a ransom demand and released the data when it wasn't met. This alarming incident highlights the growing threat of data breaches and the importance of robust cybersecurity measures.

Analyst 207
Law enforcement setting with blurred computer screen in foreground.

Microsoft Telemetry Fingers Scattered Spider Suspect in US Crackdown

Microsoft's sharp-eyed telemetry has helped track down a suspect linked to the notorious Scattered Spider group, a prolific gang that allegedly raked in over $100 million in ransom payments by infiltrating more than 100 US company networks.

Analyst 207
Help desk area with technician and employees in a retail setting.

FBI Traces Scattered Spider Hacker via Persistent Windows Device ID

In a brazen ransom email, the attackers boldly declared, "IMPORTANT: WE STOLE THE DATA, CONTACT UMMEDIATELY," leaving no doubt about their malicious intentions. The hackers infiltrated the retailer's network through a clever help-desk ploy, tricking staff into resetting passwords and gaining control of critical accounts.

Analyst 207
Server room with equipment racks and monitors, a lone blank laptop screen in foreground.

Ransomware Operators Leverage AI for Autonomous Attacks

Meet JADEPUFFER, a pioneering threat actor that's harnessing AI to launch autonomous ransomware attacks - and adapting in real-time to get the job done. This groundbreaking tactic has been observed by researchers, who spotted JADEPUFFER's lightning-fast 31-second pivot from a failed login to a successful exploit.

Analyst 207