Ransomware.org

His name is Guan Tianfeng and in December 2024 the US State Department’s Rewards for Justice campaign placed a reward of up to $10 million for anyone offering information on his whereabouts. Guan Tianfeng, it is alleged, masterminded an April 2020 attack on Sophos XG firewalls using an exploit for a zero-day vulnerability later hastily […]

The post China accused of hiding nation state attack on firewalls behind ‘Ragnarok’ ransomware appeared first on Ransomware.org.

When ransomware strikes, the first question every security team asks themselves is how the attackers got inside what was supposed to be a well-defended network. These days, the question is asked within minutes of the attack being discovered, and for good reason. Without understanding the weakness that led to an attack, resolving it is a […]

The post VPN weaknesses fuel surge in ransomware attacks appeared first on Ransomware.org.

Ransomware’s history is littered with threat actors that rise and fall but every now and then a new name appears that grabs people’s attention for the wrong reasons. RansomHub, a ransomware-as-a-service (RaaS) platform which seems to have successfully recruited affiliates from the downed BlackCat and Lockbit groups during 2024, is the latest example of this […]

The post Ransomware borrows industry tools to target corporate EDR  appeared first on Ransomware.org.

When ransomware visits your network, resolve to build it back better. And if you’re tempted to pay the ransom, don’t. That money is better spent on new defenses to prevent a repeat incident. These are some of the takeaways from a remarkable British Library report, Learning Lessons From The Cyberattack, that analyzes the paralyzing ransomware […]

The post 10 Lessons from the British Library Ransomware Attack appeared first on Ransomware.org.

Imagine an everyday ransomware attack on a U.S. city that results in sensitive data being leaked weeks later when the large ransom demanded is not paid. Now imagine that the mayor of that city denies that the leaked data was as bad as it appeared, asserting in a press conference that the stolen data was […]

The post Researcher sued by city for disclosing severity of ransomware attack appeared first on Ransomware.org.

The precise origins of today’s ransomware are still up for debate but there is no doubt that a piece of malware called Reveton, which first emerged in 2012, was an important moment. The world has a chance to re-assess this malware’s significance with the news that its alleged creator, Maksim Silnikau, was arrested in Spain […]

The post Police Nab Alleged Ransomware Pioneer After Decade-long Pursuit appeared first on Ransomware.org.

Around a decade ago, the bad people who make ransomware had an idea that proved so successful it helped fuel a crime boom that still haunts us to this day: hide the technical complexity of ransomware behind simple web platforms so that any criminal can launch attacks. Better known as ransomware-as-a-service (RaaS), after a slow […]

The post Is Ransomware-as-a-Service Now the Extortion Industry’s Achilles’ Heel? appeared first on Ransomware.org.

Cybercriminals, it is widely observed, have a fondness for weekends. This is not by chance—at weekends organizations are short-staffed, making this the best time to launch a cyberattack. It’s a pattern that played out in a ransomware attack on the Romanian health system on Sunday, Feb. 11, that sent some of the country’s most important […]

The post Romanian Healthcare System Laid Low by Attack on Shared Software Platform appeared first on Ransomware.org.

Stop us if you’ve heard this one before but ransomware is undergoing another one of its periodic surges. Granted, cybercrime always seems to be on the up—does the media ever report drops in cybercrime?—but this time there’s some hard evidence to back it up. That ransomware activity for 2023 rose was no surprise with the […]

The post As Ransomware Attacks Surge Again, What’s Ahead for 2024? appeared first on Ransomware.org.

As we regularly observe in this blog, ransomware is devious and endlessly inventive. It’s this ability to find new variations on the same basic extortion template that has made it the most successful commercial form of cybercrime yet invented. Excepting the occasional technical hack (including a talent for spotting weaknesses everyone else has overlooked), most […]

The post Ransomware Groups Experiment with a New Tactic: Re-Extortion appeared first on Ransomware.org.

How will the sudden emergence of artificial intelligence (AI) platforms such as ChatGPT influence future ransomware attacks? Right now, there are so many pessimistic answers to this question it can be hard to judge the real-world risk they pose. On the one hand, there’s no doubt that AI can easily be used to improve individual […]

The post AI Will Power a New Generation of Ransomware, Predicts Britain’s NCSC appeared first on Ransomware.org.

The most extraordinary week in ransomware history anyone can remember began on Feb. 19 with an historic takedown of the infrastructure used by notorious ransomware group, LockBit. Industry watchers were euphoric, almost giddily so. If anything, that might be understating it. Twitter-X was ablaze with congratulations, most of them aimed at Britain’s National Crime Agency […]

The post Police Dismember LockBit in Historic Ransomware Takedown appeared first on Ransomware.org.

The 1980s brutalism of the British Library in London has been likened to an unwelcoming fortress, and yet the intimidating appearance was no help when ransomware attackers decided to pay it a visit last October. In what is turning out to be one of the worst incidents ever to hit a public U.K. organization, over […]

The post Why Are Ransomware Attacks Becoming More Dangerous? The British Library Attack Gives Us Some Clues appeared first on Ransomware.org.

Has the digital reign of terror from the world’s second most active ransomware group, ALPHV (BlackCat), come to an end, or hasn’t it? If you ask the coalition of global police forces that recently seized its infrastructure, you’ll get a clear yes in answer to that question. The first sign that ALPHV was in trouble […]

The post After DOJ Takedown, the Notorious ALPHV Ransomware Group Fights Back appeared first on Ransomware.org.

One of the most unexpected trends of recent years is the way ransomware has turned high-impact cybercrime incidents into a public spectacle. For ransomware criminals, the more public the better. Extra publicity equals more embarrassment for the victim, which even if it doesn’t result in a ransom being paid serves as a warning to future […]

The post Is the Relationship Between Journalists and Ransomware Gangs Healthy? appeared first on Ransomware.org.

In the relatively short history of ransomware crime, very few of the professional criminals behind these attacks have ever been brought to justice. So many crimes, so few arrests, and there’s no mystery as to why: Ransomware criminals typically operate from countries with weak or no laws against what they do, and sometimes (stand up, […]

The post Europol Makes New Ransomware Arrests. But Will It Make Any Difference? appeared first on Ransomware.org.