Ransomware

  • Blog

    US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks

    A 36-year-old Yemeni national, who is believed to be the developer and primary operator of ‘Black Kingdom’ ransomware, has been indicted by the United States for conducting 1,500 attacks on Microsoft Exchange servers. The suspect, Rami Khaled Ahmed, is accused of deploying the Black Kingdom malware on roughly 1,500 computers in the United States and abroad, demanding ransom payments of $10,000…

    Read More »
  • Blog

    Co-op confirms data theft after DragonForce ransomware claims attack

    The Co-op cyberattack is far worse than initially reported, with the company now confirming that data was stolen for a significant number of current and past customers. “As a result of ongoing forensic investigations, we now know that the hackers were able to access and extract data from one of our systems,” Co-op told BleepingComputer. “The accessed data included information…

    Read More »
  • Blog

    Ransomware gang says it hacked the Cobb County, GA government

    Ransomware gang Qilin yesterday claimed responsibility for a data breach at the local government of Cobb County, Georgia. Cobb County’s IT department on March 21, 2025 shut down the county’s servers for a week after detecting unauthorized users on its network. Several county services went down as a result, including courthouse filing, the jail database, and wi-fi access. A month…

    Read More »
  • Blog

    Ransomware roundup: April 2025 – Comparitech

    In April 2025, Comparitech researchers logged 479 ransomware attacks in total, 39 of which were confirmed by the targeted entity (e.g., through a data breach notification or press release). This is a significant decline from the monthly figures we tracked in Q1 of 2025 (530 in January, 973 in February, and 713 in March). The decline was in part caused…

    Read More »
  • Blog

    Hitachi Vantara takes servers offline after Akira ransomware attack

    Hitachi Vantara, a subsidiary of Japanese multinational conglomerate Hitachi, was forced to take servers offline over the weekend to contain an Akira ransomware attack. The company provides data storage, infrastructure systems, cloud management, and ransomware recovery services to government entities and some of the world’s biggest brands, including BMW, Telefónica, T-Mobile, and China Telecom. In a statement shared with BleepingComputer,…

    Read More »
  • Blog

    Marks & Spencer breach linked to Scattered Spider ransomware attack

    Ongoing outages at British retail giant Marks & Spencer are caused by a ransomware attack believed to be conducted by a hacking collective known as “Scattered Spider” BleepingComputer has learned from multiple sources. Marks & Spencer (M&S) is a British multinational retailer that employs 64,000 employees and sells various products, including clothing, food, and home goods in over 1,400 stores worldwide.…

    Read More »
  • Blog

    Ransomware gang says it hacked the Malaysia’s Kuala Lumpur International Airport

    Ransomware gang Qilin today claimed responsibility for a March 2025 cyber attack against the Kuala Lumpur International Airport in Malaysia. The airport has not verified Qilin’s claim. The airport announced a cyberattack disrupted flight information displays, check-in counters, and baggage handling starting on March 23, 2025, forcing staff to write departure times on dry erase boards. Airport officials say they…

    Read More »
  • Blog

    DragonForce expands ransomware model with white-label branding scheme

    The ransomware scene is re-organizing, with one gang known as DragonForce working to gather other operations under a cartel-like structure. DragonForce is now incentivizing ransomware actors with a distributed affiliate branding model, providing other ransomware-as-a-service (RaaS) operations a means to carry out their business without dealing with infrastructure maintenance cost and effort. A group’s representative told BleepingComputer that they’re purely…

    Read More »
  • Blog

    Ransomware gang Interlock claims attack on kidney dialysis company DaVita – 1.5 TB of data stolen

    Today, ransomware gang Interlock has added kidney dialysis firm DaVita to its data leak site. It alleges to have stolen 1.5 TB of data, which includes 683,104 files and 75,836 folders. On April 14, DaVita reported that it had suffered a ransomware attack on April 12, and this was “affecting and encrypting certain on-premises systems.” The attack continues to disrupt…

    Read More »
  • Blog

    Hydraulics maker KYB hit by another ransomware attack, reports data breach

    Hydraulic component manufacturer KYB Americas Corporation this week notified an undisclosed number of people about a February 2025 data breach that compromised their personal information. “On or about February 18, 2025, KYB became aware that certain systems in its environment were inaccessible,” says KYB’s notice (PDF) to victims. “Through this investigation, KYB learned that an unknown actor gained access to…

    Read More »
Back to top button
close