Internet and Ransomware - Cyber Security Informer

News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus

The Last Watchdog

MARCH 28, 2025

Mar 28, 2025, CyberNewswire — From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging cyberthreats to plague enterprises. Traditionally, the primary target of ransomware has been the victims device. Palo Alto, Calif., In other words, the browser is becoming the new endpoint.

Antivirus

Antivirus Ransomware Social Engineering Engineering

Ransomware Is Getting Ugly

Schneier on Security

MAY 14, 2021

Modern ransomware has two dimensions: pay to get your data back, and pay not to have your data dumped on the Internet. The Colonial Pipeline is another current high-profile ransomware victim. The negotiations don’t seem to be doing well. The criminals want $4M. The DC police offered them $100,000. Solving this is not easy.

Ransomware

Ransomware Cryptocurrency Cybercrime Internet

Wanted: Disgruntled Employees to Deploy Ransomware

Krebs on Security

AUGUST 19, 2021

Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. ” This attacker’s approach may seem fairly amateur, but it would be a mistake to dismiss the threat from West African cybercriminals dabbling in ransomware. billion in 2020.

Ransomware

Ransomware Social Engineering Cybercrime Scams

Ransomware Hit ATM Giant Diebold Nixdorf

Krebs on Security

MAY 11, 2020

Diebold Nixdorf , a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. Suspecting a ransomware attack, Diebold said it immediately began disconnecting systems on that network to contain the spread of the malware.

Ransomware

Ransomware Retail Malware Technology

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks, was extradited from South Korea to the US to face cybercrime charges. Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges.

Cybercrime

Cybercrime Ransomware Healthcare Education

REvil Ransomware Gang Starts Auctioning Victim Data

Krebs on Security

JUNE 2, 2020

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. A partial screenshot from the REvil ransomware group’s Dark Web blog. and Europe in early March.” So it’s a double vig.”

Ransomware

Ransomware Backups Encryption Internet

New DeadBolt Ransomware Targets NAT Devices

Schneier on Security

JANUARY 26, 2022

There’s a new ransomware that targets NAT devices made by QNAP: The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a.deadbolt file extension.

Ransomware

Ransomware Firewall Internet Internet

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

.” Intrinsec found Prospero has courted some of Russia’s nastiest cybercrime groups, hosting control servers for multiple ransomware gangs over the past two years. Earlier this week, Spamhaus said it noticed that Prospero was suddenly connecting to the Internet by routing through networks operated by Kaspersky Lab in Moscow.

Malware

Malware Antivirus Software DDOS

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. All they need is one successful attempt to gain initial access."

Ransomware

Ransomware IoT Encryption Social Engineering

A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.

Security Affairs

MARCH 16, 2025

A Micronesian state suffered a ransomware attack and was forced to shut down all computers of its government health agency. A state in Micronesia, the state of Yap, suffered a ransomware attack, forcing the shutdown of all computers in its government health agency. No ransomware group has claimed responsibility for this attack.

Ransomware

Ransomware Government Internet Internet

110 Nursing Homes Cut Off from Health Records in Ransomware Attack

Krebs on Security

NOVEMBER 22, 2019

A ransomware outbreak has besieged a Wisconsin based IT company that provides cloud data hosting, security and access management to more than 100 nursing homes across the United States. VCPI) provides IT consulting, Internet access, data storage and security services to some 110 nursing homes and acute-care facilities in 45 states.

Ransomware

Ransomware Computers and Electronics Healthcare Data breaches

U.S. Offered $10M for Hacker Just Arrested by Russia

Krebs on Security

DECEMBER 4, 2024

In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “ Wazawaka ,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest.

Cybercrime

Cybercrime Ransomware Cryptocurrency Government

Arrest, Seizures Tied to Netwalker Ransomware

Krebs on Security

JANUARY 27, 2021

and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. The victim shaming site maintained by the NetWalker ransomware group, after being seized by authorities this week. ” Image: Chainalysis.

Ransomware

Ransomware Cybercrime Antivirus Encryption

Ransomware Group Debuts Searchable Victim Data

Krebs on Security

JUNE 14, 2022

The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web. Today, however, the group began publishing individual victim websites on the public Internet, with the leaked data made available in an easily searchable form.

Ransomware

Ransomware Internet Internet Cybercrime

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Krebs on Security

JUNE 9, 2020

that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly $300,000 worth of bitcoin. The average ransomware payment by ransomware strain.

Ransomware

Ransomware System Administration Backups Technology

No company too small for Phobos ransomware gang, indictment reveals

Malwarebytes

DECEMBER 2, 2024

The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world.

Ransomware

Ransomware Backups Small Business Malware

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

eSecurity Planet

NOVEMBER 6, 2024

Following a July 18 attack by the Rhysida ransomware group — believed to have Russian affiliations — Columbus is still reeling from the exposure of vast amounts of sensitive resident data. The post Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe appeared first on eSecurity Planet.

Ransomware

Ransomware Authentication Identity Theft Penetration Testing

Disrupting Ransomware by Disrupting Bitcoin

Schneier on Security

JULY 26, 2021

Ransomware isn’t new; the idea dates back to 1986 with the “Brain” computer virus. Now, it’s become the criminal business model of the internet for two reasons. This is where the suggestion to ban cryptocurrencies as a way to “solve” ransomware comes from.

Ransomware

Ransomware Cryptocurrency Banking Accountability

Healthcare Now Third-Most Targeted Industry for Ransomware

SecureWorld News

NOVEMBER 14, 2024

Ransomware attacks on healthcare organizations have sharply increased in 2024, as shown by recent research from Safety Detectives. Compared to 2023, healthcare providers are facing a higher frequency of ransomware incidents, impacting their ability to deliver essential services and protect sensitive patient data.

Healthcare

Healthcare Ransomware Identity Theft Data breaches

July 2024 ransomware attack on the City of Columbus impacted 500,000 people

Security Affairs

NOVEMBER 4, 2024

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the personal and financial data of 500,000 individuals. On July 29, 2024, the City published an update on the City’s website and confirmed that the City of Columbus suffered a ransomware attack. ” reads the update published by the City.

Ransomware

Ransomware Identity Theft Data breaches Cyber threats

Who’s Behind the 8Base Ransomware Website?

Krebs on Security

SEPTEMBER 18, 2023

The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The 8Base ransomware group’s victim shaming website on the darknet.

Ransomware

Ransomware Accountability Encryption Internet

FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals

Krebs on Security

OCTOBER 28, 2020

26, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the United States. On Monday, Oct. hospitals and healthcare providers.”

Ransomware

Ransomware Healthcare Computers and Electronics Cybercrime

Together for a Better Internet: Celebrating Safer Internet Day 2025

Thales Cloud Protection & Licensing

FEBRUARY 11, 2025

Together for a Better Internet: Celebrating Safer Internet Day 2025 andrew.gertz@t Tue, 02/11/2025 - 14:57 At a time when technology is integral to our lives, Safer Internet Day (SID) has never been more relevant. These measures align perfectly with the spirit of Safer Internet Day. With an estimated 5.8

Internet

Internet Internet Education Technology

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

Ransomware? Well, the stats are even scarier with over 50% increase in ransomware attacks in 2021, compared to 2020. The media paid close attention to ransomware attacks last year, as they had a significant impact on Colonial Pipeline, the nation’s largest fuel distributor, and JBS, the nation’s largest meat distributor.

Ransomware

Ransomware Risk Internet Internet

Conti Ransomware Group Diaries, Part I: Evasion

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. “There will be panic. 428 hospitals.”

Ransomware

Ransomware Healthcare Cybercrime Government

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

Golubov later earned immunity from prosecution by becoming an elected politician and founding the Internet Party of Ukraine , which called for free internet for all, the creation of country-wide “hacker schools” and the “computerization of the entire economy.”

Retail

Retail Advertising Cryptocurrency Marketing

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Krebs on Security

SEPTEMBER 27, 2023

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The victim shaming website for the Snatch ransomware gang. top , sntech2ch[.]top top , dwhyj2[.]top

Ransomware

Ransomware Internet Internet Phishing

MY TAKE: Why the Matter smart home standard portends the coming of the Internet of Everything

The Last Watchdog

OCTOBER 19, 2022

Matter is intended to be the lingua franca for the Internet of Things. The Internet of Things is a huge new platform for amazing innovation,” Hanna observes. Notably, they’ll connect to the Internet – and to each other – via an advanced type of mesh network. . It’s only a first step and there’s a long way to go.

Internet

Internet Internet Manufacturing Technology

Report: U.S. Cyber Command Behind Trickbot Tricks

Krebs on Security

OCTOBER 9, 2020

A week ago, KrebsOnSecurity broke the news that someone was attempting to disrupt the Trickbot botnet , a malware crime machine that has infected millions of computers and is often used to spread ransomware. Holden said the Trickbot operators have begun rebuilding their botnet, and continue to engage in deploying ransomware at new targets.

Ransomware

Ransomware Internet Internet Passwords

Microsoft Uses Trademark Law to Disrupt Trickbot Botnet

Krebs on Security

OCTOBER 12, 2020

has executed a coordinated legal sneak attack in a bid to disrupt the malware-as-a-service botnet Trickbot , a global menace that has infected millions of computers and is used to spread ransomware. Microsoft Corp. ” Microsoft’s action comes just days after the U.S.

Healthcare

Healthcare Ransomware Internet Internet

Cyber Pearl Harbor Is Happening Right Now — It’s Ransomware

Daniel Miessler

SEPTEMBER 29, 2020

The idea was that it’d be some massive blast that would take out the country’s power grid, or disable the entire internet, along with what they used to call e-commerce. Ransomware is the Cyber Pearl Harbor we’ve been waiting for all along. Ransomware is the new PCI. It just looks different. It’s annoying 2.

Ransomware

Ransomware Government Social Engineering Small Business

Medusa ransomware hit over 300 critical infrastructure organizations until February 2025

Security Affairs

MARCH 13, 2025

The Medusa ransomware operation hit over 300 organizations in critical infrastructure sectors in the United States until February 2025. The FBI, CISA, and MS-ISAC have issued a joint advisory detailing Medusa ransomware tactics, techniques, and indicators of compromise (IOCs) based on FBI investigations as recent as February 2025.

Ransomware

Ransomware Encryption Cryptocurrency Insurance

Fireside chat: New ‘SASE’ weapon chokes off ransomware before attack spreads laterally

The Last Watchdog

JUNE 21, 2022

It’s stunning that the ransomware plague persists. Verizon’s Data Breach Incident Report shows a 13 percent spike in 2021, a jump greater than the past years combined; Sophos’ State of Ransomware survey shows victims routinely paying $1 million ransoms. Related: ‘SASE’ blends connectivity and security.

Ransomware

Ransomware Data breaches Network Security Internet

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Williams Dr. Darren Williams , CEO, BlackFog Lesser-known ransomware groups like Hunters International will grow rapidly, leveraging AI for more efficient attacks, while “gang-hopping” by cybercriminals complicates attribution and containment. This empowers them to proactively prioritize what matters most.

Cyber threats

Cyber threats CISO IoT Phishing

RSAC Fireside Chat: Counteracting Putin’s weaponizing of ransomware — with containment

The Last Watchdog

MAY 20, 2023

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts. Ransomware purveyors have demonstrated their capability to endlessly take advantage of a vastly expanded network attack surface – one that will only continue to expand as the shift to massively interconnected digital services accelerates.

Ransomware

Ransomware Internet Internet

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Krebs on Security

NOVEMBER 8, 2021

Department of Justice today announced the arrest of Ukrainian man accused of deploying ransomware on behalf of the REvil ransomware gang, a Russian-speaking cybercriminal collective that has extorted hundreds of millions from victim organizations. The DOJ also said it had seized $6.1 Vasinskyi was arrested Oct. victim organizations.

Ransomware

Ransomware Cybercrime System Administration Passwords

2023 FBI Internet Crime Report reported cybercrime losses reached $12.5 billion in 2023

Security Affairs

MARCH 7, 2024

The FBI Internet Crime Complaint Center (IC3) 2023 report states that reported cybercrime losses reached $12.5 The 2023 Internet Crime Report published the FBI’s Internet Crime Complaint Center (IC3) reveals that reported cybercrime losses reached $12.5 billion in 2023. billion in 2023.

Cybercrime

Cybercrime Internet Internet Scams

Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace

The Last Watchdog

AUGUST 15, 2022

The top ransomware gangs have become so relentless that it’s not unusual for two or more of them to attack the same company within a few days – or even a few hours. Related: How ‘IABs’ foster ransomware. LockBit went in first and exfiltrated data and passwords, and then used PsExe to distribute their ransomware payload.

Ransomware

Ransomware System Administration Cyber Attacks Hacking

Attacks Aimed at Disrupting the Trickbot Botnet

Krebs on Security

OCTOBER 2, 2020

Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot , an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations.

Ransomware

Ransomware Malware Healthcare Internet

Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085

Security Affairs

AUGUST 1, 2024

Shadowserver researchers reported that over 20,000 internet-exposed VMware ESXi instances are affected by the actively exploited flaw CVE-2024-37085. by Broadcom, this vuln has been reported by Microsoft as exploited in the wild by ransomware operators. While rated only CVSS 6.8 We see 20 275 instances vulnerable on 2024-07-30.

Internet

Internet Internet Ransomware Authentication

RSAC insights: How IABs — initial access brokers — help sustain, accelerate the ransomware plague

The Last Watchdog

JUNE 20, 2022

Or the payload might be a data exfiltration routine — or a full-blown ransomware attack. Sophos’ study of adversary activity found that some 47 percent of attacks started with an exploited vulnerability and 73 percent of attacks involved ransomware. Speaking of ransomware, cyber extortion continues to persist at a plague level.

Ransomware

Ransomware Digital transformation Marketing Software

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Krebs on Security

JULY 19, 2021

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. “That is still somewhat rare,” Wosar said. “So you’re like, ‘Oh great.

Backups

Backups Ransomware Encryption Insurance

Warning over free online file converters that actually install malware

Malwarebytes

MARCH 17, 2025

The FBI warned specifically about that malware leading to ransomware attacks, but we’ve also seen similar sites that install browser hijackers, adware, and potentially unwanted programs (PUPs). Report it to the Internet Crime Complaint Center. Instead of converting files, the tools actually load malware onto victims computers.

Malware

Malware Adware Education Phishing

News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus

Ransomware Is Getting Ugly

Trending Sources

Wanted: Disgruntled Employees to Deploy Ransomware

Ransomware Hit ATM Giant Diebold Nixdorf

5 Key Findings From the 2023 FBI Internet Crime Report

Russian Phobos ransomware operator faces cybercrime charges

REvil Ransomware Gang Starts Auctioning Victim Data

New DeadBolt Ransomware Targets NAT Devices

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.

110 Nursing Homes Cut Off from Health Records in Ransomware Attack

U.S. Offered $10M for Hacker Just Arrested by Russia

Arrest, Seizures Tied to Netwalker Ransomware

Ransomware Group Debuts Searchable Victim Data

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

No company too small for Phobos ransomware gang, indictment reveals

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

Disrupting Ransomware by Disrupting Bitcoin

Healthcare Now Third-Most Targeted Industry for Ransomware

July 2024 ransomware attack on the City of Columbus impacted 500,000 people

Who’s Behind the 8Base Ransomware Website?

FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals

Together for a Better Internet: Celebrating Safer Internet Day 2025

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

Conti Ransomware Group Diaries, Part I: Evasion

An Interview With the Target & Home Depot Hacker

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

MY TAKE: Why the Matter smart home standard portends the coming of the Internet of Everything

Report: U.S. Cyber Command Behind Trickbot Tricks

Microsoft Uses Trademark Law to Disrupt Trickbot Botnet

Cyber Pearl Harbor Is Happening Right Now — It’s Ransomware

Medusa ransomware hit over 300 critical infrastructure organizations until February 2025

Fireside chat: New ‘SASE’ weapon chokes off ransomware before attack spreads laterally

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

RSAC Fireside Chat: Counteracting Putin’s weaponizing of ransomware — with containment

REvil Ransom Arrest, $6M Seizure, and $10M Reward

2023 FBI Internet Crime Report reported cybercrime losses reached $12.5 billion in 2023

Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace

Attacks Aimed at Disrupting the Trickbot Botnet

Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085

RSAC insights: How IABs — initial access brokers — help sustain, accelerate the ransomware plague

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Warning over free online file converters that actually install malware

Stay Connected