Ransomware
-
Blog
Another ransomware gang says it breached IT giant Conduent
Ransomware gang SafePay today claimed responsibility for a January 2025 cyber attack against IT giant Conduent. Conduent suffered an outage at the time that it confirmed on January 22 was the result of a cyber security incident. The outage disrupted electronic money transfers and EBT payments made by its clients, which include half of Fortune 100 companies, for two days.…
Read More » -
Blog
Black Basta ransomware gang’s internal chat logs leak online
An unknown leaker has released what they claim to be an archive of internal Matrix chat logs belonging to the Black Basta ransomware operation. ExploitWhispers, the individual who previously uploaded the stolen messages to the MEGA file-sharing platform, which are now removed, has uploaded it to a dedicated Telegram channel. It’s not yet clear if ExploitWhispers is a security researcher who…
Read More » -
Blog
The new ransomware groups worrying security researchers in 2025
Ransomware gangs are being arrested and taken down, but the threat from the data locking malware doesn’t go away. In 2024, a number of completely new ransomware gangs entered the fray. Take, for example, up and coming group Termite, which claimed responsibility for the Blue Yonder cyber-attack, or the AI-assisted Funksec group. The last year has seen fragmentation in the…
Read More » -
Blog
New NailaoLocker ransomware used against EU healthcare orgs
A previously undocumented ransomware payload named NailaoLocker has been spotted in attacks targeting European healthcare organizations between June and October 2024. The attacks exploited CVE-2024-24919, a Check Point Security Gateway vulnerability, to gain access to targeted networks and deploy the ShadowPad and PlugX malware, two families tightly associated with Chinese state-sponsored threat groups. Orange Cyberdefense CERT links the attacks to Chinese…
Read More » -
Blog
Ghost ransomware breached orgs in 70 countries
CISA and the FBI said attackers deploying Ghost ransomware have breached victims from multiple industry sectors across over 70 countries, including critical infrastructure organizations. Other industries impacted include healthcare, government, education, technology, manufacturing, and numerous small and medium-sized businesses. “Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware,” CISA, the…
Read More » -
Blog
There’s a new ransomware player on the scene: the ‘BlackLock’ group has become one of the most prolific operators in the cyber crime industry – and researchers warn it’s only going to get worse for potential victims
The BlackLock ransomware group has become one of the most prolific operators in the Ransomware as a Service (RaaS) ecosystem, with experts warning it could accelerate its growth over the next year. Also known as El Dorado, BlackLock was ranked as the the seventh most active ransomware group based on the number of posts on its data leak site by…
Read More » -
Blog
Lee Enterprises newspaper disruptions caused by ransomware attack
Newspaper publishing giant Lee Enterprises has confirmed that a ransomware attack is behind ongoing disruptions impacting the group’s operations for over two weeks. As a local news provider and one of the largest newspaper groups in the United States, Lee publishes 77 daily newspapers and 350 weekly and specialty publications across 26 states. Its newspapers have a daily circulation of…
Read More » -
Blog
Ransomware gang INC claims recent cyber attack on the City of McKinney, Texas
Ransomware gang INC added the City of McKinney, Texas, to its data leak site this weekend. This comes after the city issued a data breach notification following a cyber attack that started in October 2024. In its notification, the city states that it was: “the victim of an unknown third party gaining unauthorized access to the City network environment on…
Read More » -
Blog
RansomHub claims two recent ransomware attacks on US government entities
Over the weekend, RansomHub added two US government entities to its data leak site — the City of Tarrant and Sault Ste. Marie Tribe of Chippewa Indians. In the case of Tarrant, it alleges to have stolen 28 GB of data, while a purported 119 GB has been stolen from the Sault Tribe. Both of these government organizations confirmed ransomware…
Read More » -
Blog
Ransomware gang alleges theft of patient data from Michigan health system
Overnight, ransomware gang BianLian added Aspire Rural Health System to its data leak site, alleging to have stolen a variety of data. This includes patient records, financial information, and email correspondence. Aspire Rural Health System hasn’t confirmed a cyber attack but did note technical disruptions in early January which led to phones and systems being shut down for over 24…
Read More »