Ransomware
-
Blog
Police takes down 300 servers in ransomware supply-chain crackdown
In the latest phase of Operation Endgame, an international law enforcement operation, national authorities from seven countries seized 300 servers and 650 domains used to launch ransomware attacks. “From 19 to 22 May, authorities took down some 300 servers worldwide, neutralised 650 domains, and issued international arrest warrants against 20 targets, dealing a direct blow to the ransomware kill chain,”…
Read More » -
Blog
Ransomware gang says it stole personal data in cyber attack on Pierce County, WA libraries
Ransomware gang Inc yesterday took credit for an April 2025 cyber attack that disrupted libraries in Pierce County, Washington. Inc listed the Pierce County Library System on its data leak site and claims to have stolen personal data in the attack. As proof, Inc posted images of files it claims to have stolen. The proof pack includes scans of driver’s…
Read More » -
Blog
It’s been a bad week for ransomware operators
Hundreds of servers have been taken down as part of an international law enforcement operation against ransomware groups. Coordinated by Europol and Eurojust, the action saw key infrastructure dismantled over the last week, with 300 servers taken down, 650 domains neutralized, and nearly two dozen international arrest warrants issued. In a statement confirming the campaign, Europol revealed more than €3.5…
Read More » -
Blog
US indicts leader of Qakbot botnet linked to ransomware attacks
The U.S. government has indicted Russian national Rustam Rafailevich Gallyamov, the leader of the Qakbot botnet malware operation that compromised over 700,000 computers and enabled ransomware attacks. As per court documents, Gallyamov started to develop Qakbot (also known as Qbot and Pinkslipbot) in 2008 and deployed it to create a network of thousands of infected computers. Over time, a team…
Read More » -
Blog
3AM ransomware uses spoofed IT calls, email bombing to breach networks
A 3AM ransomware affiliate is conducting highly targeted attacks using email bombing and spoofed IT support calls to socially engineer employees into giving credentials for remote access to corporate systems. This tactic was previously linked to the Black Basta ransomware gang and later observed in FIN7 attacks, but its effectiveness has driven a wider adoption. Sophos reports seeing at least…
Read More » -
Blog
Ransomware gang Interlock claims recent attack on West Lothian Council – 2.63 TB of data stolen
Ransomware gang Interlock has this morning added West Lothian Council to its data leak site. It alleges to have stolen 2.63 TB of data, which includes 3,349,196 files and 580,783 folders. The proof pack contains images of passports, driver’s licenses, and various other documents. The Scottish council confirmed it had been hit by a ransomware attack on May 6, with…
Read More » -
Blog
Kettering Health hit by system-wide outage after ransomware attack
Kettering Health, a healthcare network that operates 14 medical centers in Ohio, was forced to cancel inpatient and outpatient procedures following a cyberattack that caused a system-wide technology outage. The nonprofit organization also manages emergency centers and over 120 outpatient facilities across western Ohio, and it employs over 15,000 people, including more than 1,800 physicians. In a statement published on…
Read More » -
Blog
Fake KeePass password manager leads to ESXi ransomware attack
Threat actors have been distributing trojanized versions of the KeePass password manager for at least eight months to install Cobalt Strike beacons, steal credentials, and ultimately, deploy ransomware on the breached network. WithSecure’s Threat Intelligence team discovered the campaign after they were brought in to investigate a ransomware attack. The researchers found that the attack started with a malicious KeePass…
Read More » -
Blog
Ransomware gang claims recent cyber attack on City of Blaine, MN – 489 GB stolen
Over the weekend, ransomware gang Qilin claimed an attack on the City of Blaine, Minnesota. It alleged to have stolen 489 GB of data and uploaded various documents within its proof pack, including an internal investigation within the police department and documents containing personal information. On April 18, the city confirmed it had experienced a “network security incident” earlier that…
Read More » -
Blog
Ransomware gangs increasingly use Skitnet post-exploitation malware
Ransomware gang members increasingly use a new malware called Skitnet (“Bossnet”) to perform stealthy post-exploitation activities on breached networks. The malware has been offered for sale on underground forums like RAMP since April 2024, but according to Prodaft researchers, it started gaining significant traction among ransomware gangs since early 2025. Prodaft told BleepingComputer they have observed multiple ransomware operations deploying…
Read More »