Ransomware
-
Blog
Ransomware gang says it hacked a Nebraska natural resources authority
Ransomware gang Qilin today claimed responsibility for a November 2024 cyber attack against North Platte Natural Resources District in Nebraska. The district first announced it was hit by a cyber attack on November 27, 2024. Although it didn’t disclose what data was compromised, it does recommend victims take precautions to protect their identities and Social Security numbers from abuse. NPRND…
Read More » -
Blog
Ransomware roundup: Q1 2025 – Comparitech
In Q1 of 2025, we recorded 2,190 ransomware attacks globally–1,000 more than we noted in the same period of 2024 (1,172). Government organizations remain a key focus for hackers, and the manufacturing industry has also seen a huge uptick in attacks. Of the 2,190 attacks we’ve tracked, 197 of them have been confirmed (e.g., through a data breach notification or…
Read More » -
Blog
Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’
Image: nicescene/Adobe Stock Microsoft has detected a zero-day vulnerability in the Windows Common Log File System (CLFS) being exploited in the wild to deploy ransomware. Target industries include IT, real estate, finance, software, and retail, with companies based in the US, Spain, Venezuela, and Saudi Arabia. The vulnerability, tracked as CVE-2025-29824 and rated “important,” is present in the CLFS kernel…
Read More » -
Blog
Windows CLFS zero-day exploited by ransomware gang
Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims’ systems. The vulnerability, tracked as CVE-2025-29824, was patched during this month’s Patch Tuesday and was only exploited in a limited number of attacks. CVE-2025-29824 is due to a use-after-free weakness that lets local attackers…
Read More » -
Blog
Idaho county government hacked by ransomware, personal info breached
Gooding County, Idaho officials this week notified an undisclosed number of people about a ransomware attack on the county’s computer network. The county notified victims whose personal info was compromised in the resulting data breach. The notice says the county first detected the cyber attack on March 25, 2025. “On April 4, 2025, as part of its ongoing investigation, the…
Read More » -
Blog
Food giant WK Kellogg discloses data breach linked to Clop ransomware
US food giant WK Kellogg Co is warning employees and vendors that company data was stolen during the 2024 Cleo data theft attacks. Cleo software is a managed file transfer utility that was targeted by the Clop ransomware gang en masse at the end of last year. This attack leveraged two zero-day flaws tracked as CVE-2024-50623 and CVE-2024-55956, allowing the threat actors…
Read More » -
Blog
Ransomware gang claims responsibility for shutdown of Andretti Karting & Games locations across the USA
Ransomware gang Interlock today claimed responsibility for a March 2025 cyber attack against Andretti Indoor Karting & Games, a chain of family entertainment businesses with locations across the southern USA. Andretti temporarily closed all its locations on March 16 due to technical issues. A few days later, the company announced that a “cyber event” disrupted its systems, including arcade games,…
Read More » -
Blog
Port of Seattle says ransomware breach impacts 90,000 people
Port of Seattle, the U.S. government agency overseeing Seattle’s seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an August 2024 ransomware attack. The agency disclosed the attack on August 24, saying the resulting IT outage disrupted multiple services and systems, including reservation check-in systems, passenger display boards, the Port…
Read More » -
Blog
Ransomware gang says it hacked a South Carolina school district
Ransomware gang Interlock today claimed responsibility for a cyber attack at Cherokee County School District in South Carolina. The school district announced it was hit by a cyber attack on March 15, 2025, forcing schools to shut down its network, wi-fi, and several software applications. By March 31, the network was restored and classes were back to normal, according to…
Read More » -
Blog
Hunters International shifts from ransomware to pure data extortion
The Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to date theft and extortion-only attacks. As threat intelligence firm Group-IB revealed this week, the cybercrime group remained active despite announcing on November 17, 2024, that it was shutting down due to declining profitability and increased government scrutiny. Since then, Hunters International has launched a…
Read More »