Ciblée par une cyberattaque début décembre, VidyMed avait directement coupé l’accès aux systèmes pour contenir l’im

A new ransomware campaign encrypts Amazon S3 buckets using AWS's Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption key.

• The FunkSec ransomware group emerged in late 2024 and published over 85 victims in December, surpassing every other ransomware group that month.
• FunkSec operators appear to use AI-assisted malware development which can enable even inexperienced actors to quickly produce and refine advanced tools.
• The group’s activities straddle the line between hacktivism and cybercrime, complicating efforts to understand their true motivations.
• Many of the group’s leaked datasets are recycled from previous hacktivism campaigns, raising doubts about the authenticity of their disclosures.
• Current methods of assessing ransomware group threats often rely on the actors’ own claims, highlighting the need for more objective evaluation techniques.

The Japanese electronics giant says it did not negotiate with the hackers responsible for the attack.

Rhode Island officials said they're still analyzing the impact of a ransomware gang's breach of state health and social services systems. Some are still down.

The Clop ransomware gang started to extort victims of its Cleo data theft attacks and announced on its dark web portal that 66 companies have 48 hours to respond to the demands.

The LockBit ransomware group will soon launch a comeback with the planned release of LockBit 4.0 in February 2025, Cyble

U.K. investigators tell the story of how examining a cybercrime group's extortion funds helped to unravel a money-laundering network reaching from the illegal drug trade to Moscow's elite.

Cyber criminals claim to have successfully attacked Medion, a distributor of electronic products.

​Ascension, one of the largest private U.S. healthcare systems, is notifying over 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation.

NotLockBit is a new and emerging ransomware family that actively mimics the behavior and tactics of the well-known LockBit ransomware.

• Our 2024 Dray:Break report revealed 14 new vulnerabilities in DrayTek devices
  *See our upcoming presentation at Black Hat Europe for more details
• PRODAFT shared threat intelligence from 2023 on a ransomware campaign exploiting DrayTek devices
• This is the first time this campaign is discussed publicly
• Our analysis shows sophisticated attack workflows to deploy ransomware including possible:
  • Zero-day vulnerabilities
  • Credential harvesting and password cracking
    VPN and tunneling abuse

Two NHS trusts in England have been hacked in recent weeks, the latest attacks to hit the national health service.

BT Group (formerly British Telecom)'s Conferencing division shut down some of its servers following a Black Basta ransomware attack.

The company, ENGlobal Corporation, has restricted employee access to its IT system, limiting it to only essential business operations.

Supply chain management SaaS vendor Blue Yonder experienced a ransomware attack that impacted big companies like Starbucks.

I pirati del gruppo RansomHub pubblicano su Dark Web alcuni dei documenti sottratti e chiedono al club di Serie A di pagare un riscatto

L’attacco è avvenuto il 18 novembre ma è stato comunicato il giorno dopo attraverso l’avviso di un ente che si serve di INPS Servizi

The Justice Department unsealed criminal charges today against Evgenii Ptitsyn, 42, a Russian national, for allegedly administering the sale, distribution, and operation of Phobos ransomware.

In this new report, learn how threat actors are leveraging cloud services to target web services with ransomware attackers.