Ransomware
-
Blog
Cyber attack that shut down schools in New Mexico claimed by ransomware gang
Ransomware gang Interlock today claimed responsibility for a February 2025 cyber attack on the Aztec Municipal School District in New Mexico. The school district announced a network outage on February 24, 2025 forced schools to cancel classes. It reopened on March 3, 2025, but as of time if writing, the district is still recovering systems and restricting access to the…
Read More » -
Blog
VSCode extensions found downloading early-stage ransomware
Two malicious VSCode Marketplace extensions were found deploying in-development ransomware, exposing critical gaps in Microsoft’s review process. The extensions, named “ahban.shiba” and “ahban.cychelloworld,” were downloaded seven and eight times, respectively, before they were eventually removed from the store. It is notable that the extensions were uploaded onto the VSCode Marketplace on October 27, 2024 (ahban.cychelloworld) and February 17, 2025 (ahban.shiba), bypassing…
Read More » -
Blog
RansomHub ransomware uses new Betruger ‘multi-function’ backdoor
A newly identified custom backdoor deployed in several recent ransomware attacks has been linked to at least one RansomHub ransomware-as-a-service (RaaS) operation affiliate. Symantec researchers who named this malware Betruger describe it as a “rare example of a multi-function backdoor” that was likely engineered for use in ransomware attacks. The malware’s capabilities include a wide range of capabilities that overlap…
Read More » -
Blog
Ransomware gang says it hacked the Virginia Attorney General
Ransomware gang Cloak today claimed responsibility for a February 2025 cyber attack on the attorney general of Virginia. In February, the attorney general was hit by a cyber attack that prompted officials to shut down computer systems including email, VPN, internet access, and the AG’s website, according to the Washington Post. Employees were forced to file paper documents instead of…
Read More » -
Blog
Ransomware gang says it hacked Klickitat Valley Health, stole SSNs and PHI
Ransomware gang Kraken today claimed responsibility for a February 2025 data breach at Klickitat Valley Health in Washington. The breach compromised the following patient info: Names Social Security numbers Health insurance info Medical record numbers Patient account numbers Dates of birth Addresses Dates of service Physician names and departments Diagnoses Other treatment info Klickitat Valley Health has not verified Kraken’s…
Read More » -
Blog
New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure”
Image: rthanuthattaphong/Envato Elements Experts warn that desperate ransomware attackers are shifting focus from businesses to individuals, applying “psychological pressure” with personal threats that bring digital extortion into the physical world. In one stunning recent example, Guy Segal and Moty Cristal from ransomware negotiator and incident response firm Sygnia said a threat actor personally called an executive’s mobile phone and referenced…
Read More » -
Blog
Pennsylvania State Education Association notifies 500K people of data breach claimed by ransomware gang
The Pennsylvania State Education Association this week confirmed it notified 517,487 people of a July 2024 data breach that compromised the following personal info: Names Social Security numbers Account numbers and PINs Security codes Passwords Routing numbers Credit/debit card numbers, PINs, and expiration dates Passport numbers Taxpayer ID numbers Usernames Health insurance info Medical info Dates of birth Drivers license…
Read More » -
Blog
Ransomware gang says it hacked the Cleveland Municipal Court
Ransomware gang Qilin today claimed responsibility for a February 23, 2025 cyber attack on the Cleveland Municipal Court. The court immediately shut down all operations and reopened on March 12, 2025. Now three weeks later, the court is still struggling to resume normal operations. Employees report being unable to access the internet and court computer systems. Background checks have been…
Read More » -
Blog
On average, government offices suffer a month of downtime after ransomware attacks
While many have been enjoying the twists and turns of Netflix’s Zero Day from the comfort of their sofas, for hundreds of government entities around the world, crippling cyber attacks have been a cold, hard reality. From 2018 to 2024, we tracked 1,133 confirmed ransomware attacks on government entities. On average, these attacks caused nearly a month’s worth of downtime…
Read More » -
Blog
New Akira ransomware decryptor cracks encryptions keys using GPUs
Security researcher Yohanes Nugroho has released a decryptor for the Linux variant of Akira ransomware, which utilizes GPU power to retrieve the decryption key and unlock files for free. Nugroho developed the decryptor after being asked for help from a friend, deeming the encrypted system solvable within a week, based on how Akira generates encryption keys using timestamps. The project…
Read More »