gangs
-
Blog
Ransomware gangs increasingly use Skitnet post-exploitation malware
Ransomware gang members increasingly use a new malware called Skitnet (“Bossnet”) to perform stealthy post-exploitation activities on breached networks. The malware has been offered for sale on underground forums like RAMP since April 2024, but according to Prodaft researchers, it started gaining significant traction among ransomware gangs since early 2025. Prodaft told BleepingComputer they have observed multiple ransomware operations deploying…
Read More » -
Blog
Ransomware gangs join ongoing SAP NetWeaver attacks
Ransomware gangs have joined ongoing SAP NetWeaver attacks, exploiting a maximum-severity vulnerability that allows threat actors to gain remote code execution on vulnerable servers. SAP released emergency patches on April 24 to address this NetWeaver Visual Composer unauthenticated file upload security flaw (CVE-2025-31324), days after it was first tagged by cybersecurity company ReliaQuest as targeted in the wild. Successful exploitation…
Read More » -
Blog
Broadcom’s customer shakedown opens old pathways for ransomware gangs
In early May 2025, VMware owner Broadcom began sending cease-and-desist letters to customers who still have perpetual licenses with expired customer support. The company’s demands include rolling back every update made after the support service ended under the threat of audits and litigation. Customers are allowed to maintain zero-day updates, but all other security updates must be rolled back under…
Read More » -
Blog
CISA warns of Fast Flux DNS evasion used by cybercrime gangs
CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the “Fast Flux” cybercrime evasion technique used by state-sponsored threat actors and ransomware gangs. Although the technique isn’t new, its effectiveness has been documented and proven repeatedly in actual cyberattacks. How Fast Flux helps with evasion Fast Flux is a DNS technique used for evading…
Read More » -
Blog
Healthcare systems are rife with exploits — and ransomware gangs have noticed
Healthcare organizations are facing serious threats from ransomware groups, with nearly nine-in-ten (89%) found to have medical devices that are vulnerable to exploits. That’s according to research from Claroty, which examined the state of security among healthcare organizations — and the diagnosis isn’t good. The report found that effectively all (99%) of healthcare organizations have at least one known, actively…
Read More » -
Blog
US seizes domain of Garantex crypto exchange used by ransomware gangs
The U.S. Secret Service has seized the domain of the sanctioned Russian cryptocurrency exchange Garantex in collaboration with the Department of Justice’s Criminal Division, the FBI, and Europol. Other law enforcement authorities involved in this action include the Dutch National Police, the German Federal Criminal Police Office, the Frankfurt General Prosecutor’s Office, the Estonian National Criminal Police, and the Finnish…
Read More » -
Blog
Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks
Microsoft had discovered five Paragon Partition Manager BioNTdrv.sys driver flaws, with one used by ransomware gangs in zero-day attacks to gain SYSTEM privileges in Windows. The vulnerable drivers were exploited in ‘Bring Your Own Vulnerable Driver’ (BYOVD) attacks where threat actors drop the kernel driver on a targeted system to elevate privileges. “An attacker with local access to a device can exploit these vulnerabilities…
Read More » -
Blog
Black Basta ransomware gang’s internal chat logs leak online
An unknown leaker has released what they claim to be an archive of internal Matrix chat logs belonging to the Black Basta ransomware operation. ExploitWhispers, the individual who previously uploaded the stolen messages to the MEGA file-sharing platform, which are now removed, has uploaded it to a dedicated Telegram channel. It’s not yet clear if ExploitWhispers is a security researcher who…
Read More » -
Blog
Two Illinois school districts disclose data breaches claimed by ransomware gangs
Two school districts north of Chicago this week confirmed they notified thousands of people about data breaches claimed by ransomware gangs, according to public disclosures. Community High School District 117 says it notified 18,830 people about a June 2024 data breach. Ransomware gang BlackSuit claimed responsibility. “We recently discovered unauthorized access to our network between approximately June 2 and June…
Read More » -
Blog
US charges operators of cryptomixers linked to ransomware gangs
The U.S. Department of Justice indicted three operators of sanctioned Blender.io and Sinbad.io crypto mixer services used by ransomware gangs and North Korean hackers to launder ransoms and stolen cryptocurrency. Cryptocurrency mixers allow the mixing of deposited crypto assets among many wallet addresses to help obfuscate their source. The services then take a commission from all laundered crypto deposited before…
Read More »