Schneier on Security

SEPTEMBER 30, 2020

Thus, the decision whether to pay or ignore a ransomware demand, seems less of a legal, and more of a practical, determination ­ almost like a cost-benefit analysis. The arguments for rendering a ransomware payment include: Payment is the least costly option; Payment is in the best interest of stakeholders (e.g.

Ransomware 360

Ransomware Data breaches Banking Encryption 360

Schneier on Security

JUNE 2, 2021

The New York Times has a long story on the DarkSide ransomware gang. DarkSide’s services include providing technical support for hackers, negotiating with targets like the publishing company, processing payments, and devising tailored pressure campaigns through blackmail and other means, such as secondary hacks to crash websites.

Ransomware 362

Ransomware Malware Hacking Cybercrime 362

Security Affairs

NOVEMBER 19, 2024

Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks, was extradited from South Korea to the US to face cybercrime charges. Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges.

Cybercrime 113

Cybercrime Ransomware Healthcare Education 113

Security Affairs

MARCH 10, 2025

Another American hospital falls victim to a ransomware attack; the RansomHouse gang announced the hack of Loretto Hospital in Chicago.” ” The RansomHouse gang announced the hack of Loretto Hospital in Chicago, the groups claims to have stolen 1.5TB of sensitive data. Ransomware attacks on U.S.

Hacking 114

Hacking Healthcare Backups Ransomware 114

Security Affairs

DECEMBER 4, 2024

BT Group (formerly British Telecom)’s Conferencing division shut down some of its servers following a Black Basta ransomware attack. British multinational telecommunications holding company BT Group (formerly British Telecom) announced it has shut down some of its servers following a Black Basta ransomware attack.

Ransomware 123

Ransomware Telecommunications Healthcare Insurance 123

Schneier on Security

OCTOBER 1, 2021

The Wall Street Journal is reporting on a baby’s death at an Alabama hospital in 2019, which they argue was a direct result of the ransomware attack the hospital was undergoing. If proven in court, the case will mark the first confirmed death from a ransomware attack. “I need u to help me understand why I was not notified.”

Ransomware 337

Ransomware Hacking Accountability Healthcare 337

Krebs on Security

NOVEMBER 10, 2020

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up. On the evening of Monday, Nov. ”

Ransomware 363

Ransomware Accountability Hacking Advertising 363

Security Affairs

MARCH 10, 2025

Microsoft researchers reported that North Korea-linked APT tracked as Moonstone Sleet has employed the Qilin ransomware in limited attacks. Microsoft observed a North Korea-linked APT group, tracked as Moonstone Sleet, deploying Qilin ransomware in limited attacks since February 2025. ” Microsoft wrote on X. .

Ransomware 116

Ransomware VPN Healthcare Malware 116

Malwarebytes

DECEMBER 2, 2024

The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world.

Ransomware 123

Ransomware Backups Small Business Malware 123

Security Affairs

NOVEMBER 29, 2024

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. In May 2023, the US Justice Department charged Russian national Mikhail Pavlovich Matveev for his alleged role in multiple ransomware attacks. ” reported RIA Novosti.

Ransomware 116

Ransomware Healthcare Hacking Malware 116

Security Affairs

DECEMBER 22, 2024

US authorities charged a dual Russian and Israeli national for being a developer of the LockBit ransomware group. Rostislav Panev, 51, a dual Russian-Israeli national, was charged as a LockBit ransomware developer. The man is accused of being a LockBit ransomware developer from 2019 through at least February 2024.

Ransomware 118

Ransomware Small Business Antivirus Malware 118

Security Affairs

NOVEMBER 13, 2024

Bitdefender released a decryptor for the ShrinkLocker ransomware, which modifies BitLocker configurations to encrypt a system’s drives. ShrinkLocker ransomware was first discovered in May 2024 by researchers from Kaspersky. “ShrinkLocker is a novel ransomware strain that leverages a unique approach to encrypt systems.

Ransomware 120

Ransomware Encryption Passwords Backups 120

Security Affairs

NOVEMBER 8, 2024

Texas oilfield supplier Newpark Resources suffered a ransomware attack that disrupted its information systems and business applications. Texas oilfield supplier Newpark Resources revealed that a ransomware attack on October 29 disrupted access to some of its information systems and business applications.

Ransomware 121

Ransomware Manufacturing Malware Hacking 121

Security Affairs

DECEMBER 26, 2024

A ransomware attack on Pittsburgh Regional Transit (PRT) was the root cause of the agency’s service disruptions. On December 23, 2024, Pittsburgh Regional Transit (PRT) announced it was actively responding to a ransomware attack that was first detected on Thursday, December 19.

Ransomware 119

Ransomware Cyber Attacks Hacking Cybersecurity 119

Lohrman on Security

JUNE 13, 2021

After the recent ransomware attacks against Colonial Pipeline, JBS and others, there are new calls for the U.S. to hack back against cybercrimminals and hold nation-states responsible. So what now?

Hacking 297

Hacking Ransomware 297

Security Affairs

DECEMBER 3, 2024

ENGlobal Corporation disclosed a ransomware attack, discovered on November 25, disrupting operations, in a filing to the SEC. A ransomware attack disrupted the operations of a major energy industry contractor, ENGlobal Corporation. No ransomware gang has claimed responsibility for the attack. million year-to-date.

Ransomware 117

Ransomware Encryption Technology Cybersecurity 117

Security Affairs

NOVEMBER 9, 2024

Once compromised, the CMU could be modified to target connected devices, potentially causing Denial of Service (DoS), device bricking, ransomware attacks, or even safety issues. ” concludes the report.

Hacking 127

Hacking Firmware Software Manufacturing 127

Security Affairs

FEBRUARY 1, 2025

Indian multinational technology company Tata Technologies suspended some IT services following a ransomware attack. Indian multinational Tata Technologies , a Tata Motors subsidiary, suspended some IT services following a ransomware attack. A few days later, the ransomware gang Hive leaked the alleged stolen files on its Tor leak site.

Technology 115

Technology Ransomware Engineering Manufacturing 115

Schneier on Security

NOVEMBER 24, 2020

Wired has a detailed story about the ransomware attack on a Dusseldorf hospital, the one that resulted in an ambulance being redirected to a more distant hospital and the patient dying. Instead, anyone who can be shown to have contributed to the hack may also be prosecuted, he says.

Ransomware 363

Ransomware Cybercrime Hacking 363

Security Affairs

MARCH 1, 2025

Microsoft warns of a Paragon Partition Manager BioNTdrv.sys driver zero-day flaw actively exploited by ransomware gangs inattacks. The IT giant reported that one of these flaws is exploited by ransomware groups inzero-dayattacks. Microsoft reported that ransomware groups exploited CVE-2025-0289 to gain SYSTEM-level access.

Ransomware 115

Ransomware Software Hacking Cybercrime 115

Security Affairs

NOVEMBER 18, 2024

A ransomware attack on Great Plains Regional Medical Center compromised personal data of 133,000 individuals, exposing sensitive information. On September 8, 2024, Great Plains Regional Medical Center (Oklahoma) suffered a ransomware attack. “On September 8, 2024, we suffered a ransomware attack on our computer system.

Ransomware 123

Ransomware Insurance Encryption Healthcare 123

Krebs on Security

MAY 14, 2021

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The DarkSide message includes passages apparently penned by a leader of the REvil ransomware-as-a-service platform.

Ransomware 364

Ransomware Cryptocurrency Cybercrime Healthcare 364

Schneier on Security

FEBRUARY 11, 2022

It had no documented cyber incident response runbooks or IT recovery plans (apart from documented AD recovery plans) for recovering from a wide-scale ransomware event.

Antivirus 354

Antivirus Hacking Ransomware CISO 354

Joseph Steinberg

JUNE 9, 2022

The Tenafly, New Jersey, Public School District has canceled final exams for its high school students after a ransomware cyberattack crippled the district’s computer infrastructure. The ransomware attack on Tenafly’s school system is a reminder of a sad, ironic, reality.

Ransomware 363

Ransomware Artificial Intelligence Education Cybercrime 363

Krebs on Security

JUNE 16, 2021

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims. The CLOP gang seized on those flaws to deploy ransomware to a significant number of Accellion’s FTA customers , including U.S.

Ransomware 357

Ransomware Cybercrime Malware Encryption 357

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. Reached by phone today, Jansson said he quit the company in August, right around the time Gunnebo disclosed the thwarted ransomware attack.

Hacking 359

Hacking Ransomware Banking Accountability 359

Krebs on Security

MAY 6, 2020

Fresenius , Europe’s largest private hospital operator and a major provider of dialysis products and services that are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems.

Ransomware 363

Ransomware Healthcare Cyber Attacks Manufacturing 363

Schneier on Security

MARCH 23, 2023

A vulnerability in a popular data transfer tool has resulted in a mass ransomware attack : TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward.

Ransomware 278

Ransomware Hacking Software 278

Security Affairs

MARCH 16, 2025

A Micronesian state suffered a ransomware attack and was forced to shut down all computers of its government health agency. A state in Micronesia, the state of Yap, suffered a ransomware attack, forcing the shutdown of all computers in its government health agency. No ransomware group has claimed responsibility for this attack.

Ransomware 115

Ransomware Government Internet Internet 115

Krebs on Security

DECEMBER 13, 2021

The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. The unusually candid post-mortem found that nearly two months elapsed between the initial intrusion and the launching of the ransomware.

Healthcare 327

Healthcare Ransomware Antivirus Hacking 327

Schneier on Security

SEPTEMBER 23, 2020

A Dusseldorf woman died when a ransomware attack against a hospital forced her to be taken to a different hospital in another city. UK hospitals had to redirect patients during the 2017 WannaCry ransomware attack , but there were no documented fatalities from that event. The police are treating this as a homicide.

Ransomware 363

Ransomware Hacking 363

Security Affairs

NOVEMBER 6, 2024

Georgia, a ransomware attack disrupted Memorial Hospital and Manor’s access to its Electronic Health Record system. A ransomware attack hit Memorial Hospital and Manor in Bainbridge, Georgia, and disrupted the access to its Electronic Health Record system. Ransomware attacks on U.S. terabytes of data.

Ransomware 123

Ransomware Healthcare Antivirus Data breaches 123

Security Affairs

FEBRUARY 13, 2025

A November 2024 RA World ransomware attack on an Asian software firm used a tool linked to China-linked threat actors. Broadcom researchers reported that threat actors behind an RA World ransomware attack against an Asian software and services firm employed a tool that was explosively associated in the past with China-linked APT groups.

Ransomware 117

Ransomware Software Cybercrime Encryption 117

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. Emerging in 2007 as a banking trojan, QakBot (a.k.a. Today’s operation is not the first time the U.S. ” The DOJ said it also recovered more than 6.5

Hacking 309

Hacking Malware Ransomware Government 309

Krebs on Security

APRIL 18, 2022

Conti — one of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But according to Microsoft and an advisory from the U.S. National Security Agency (NSA).

Healthcare 339

Healthcare Ransomware Cybersecurity Malware 339

Krebs on Security

FEBRUARY 28, 2025

.” Intrinsec found Prospero has courted some of Russia’s nastiest cybercrime groups, hosting control servers for multiple ransomware gangs over the past two years. government for its hacking operations, CEO Eugene Kaspersky says he ordered workers to delete the code. A fake browser update page pushing mobile malware.

Malware 241

Malware Antivirus Software DDOS 241

Krebs on Security

DECEMBER 4, 2024

In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “ Wazawaka ,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest.

Cybercrime 231

Cybercrime Ransomware Cryptocurrency Government 231