Agenda ransomware group, popularly known as Qilin, has been abusing legitimate remote management and file transfer tools, security researchers revealed in a new disclosure. By deploying a Linux-based ransomware binary on Windows hosts, the threat actor has affected more than 700 victims since January 2025. According to Trend Micro findings, the cross-platform execution sidesteps Windows-centric…
Category: Ransomware, Security
Asia Pacific, Global Security News, Ransomware, Security
Open-source DFIR Velociraptor was abused in expanding ransomware efforts
Velociraptor, the open-source DFIR tool meant to hunt intruders, has itself gone rogue – being picked up by threat actors in coordinated ransomware operations. Never tied to extortion attacks before, the tool has been found to be abused by a China-based group, Storm-2603, previously known for exploiting Microsoft SharePoint vulnerabilities. Cisco Talos researchers first spotted…
Global Security News, Ransomware, Security
LockBit, DragonForce, and Qilin form a ‘cartel’ to dictate ransomware market conditions
Three of the most notorious ransomware-as-a-service operations have formed a criminal cartel aimed at coordinating attacks and sharing resources in what they describe as an increasingly “challenging” ransomware business environment. DragonForce, Qilin, and LockBit announced the partnership in early September, with DragonForce proposing the collaboration shortly after LockBit reemerged with its LockBit 5.0 ransomware variant,…
Global Security News, Ransomware, Security
LockBit, DragonForce, and Qilin form a ‘cartel’ to dictate ransomware market conditions
Three of the most notorious ransomware-as-a-service operations have formed a criminal cartel aimed at coordinating attacks and sharing resources in what they describe as an increasingly “challenging” ransomware business environment. DragonForce, Qilin, and LockBit announced the partnership in early September, with DragonForce proposing the collaboration shortly after LockBit reemerged with its LockBit 5.0 ransomware variant,…
Global Security News, Ransomware, Security
LockBit, DragonForce, and Qilin form a ‘cartel’ to dictate ransomware market conditions
Three of the most notorious ransomware-as-a-service operations have formed a criminal cartel aimed at coordinating attacks and sharing resources in what they describe as an increasingly “challenging” ransomware business environment. DragonForce, Qilin, and LockBit announced the partnership in early September, with DragonForce proposing the collaboration shortly after LockBit reemerged with its LockBit 5.0 ransomware variant,…
Global Security News, Ransomware, Security
LockBit, DragonForce, and Qilin form a ‘cartel’ to dictate ransomware market conditions
Three of the most notorious ransomware-as-a-service operations have formed a criminal cartel aimed at coordinating attacks and sharing resources in what they describe as an increasingly “challenging” ransomware business environment. DragonForce, Qilin, and LockBit announced the partnership in early September, with DragonForce proposing the collaboration shortly after LockBit reemerged with its LockBit 5.0 ransomware variant,…
Global Security News, Ransomware, Security
LockBit, DragonForce, and Qilin form a ‘cartel’ to dictate ransomware market conditions
Three of the most notorious ransomware-as-a-service operations have formed a criminal cartel aimed at coordinating attacks and sharing resources in what they describe as an increasingly “challenging” ransomware business environment. DragonForce, Qilin, and LockBit announced the partnership in early September, with DragonForce proposing the collaboration shortly after LockBit reemerged with its LockBit 5.0 ransomware variant,…
Global Security News, Ransomware, Security
LockBit, DragonForce, and Qilin form a ‘cartel’ to dictate ransomware market conditions
Three of the most notorious ransomware-as-a-service operations have formed a criminal cartel aimed at coordinating attacks and sharing resources in what they describe as an increasingly “challenging” ransomware business environment. DragonForce, Qilin, and LockBit announced the partnership in early September, with DragonForce proposing the collaboration shortly after LockBit reemerged with its LockBit 5.0 ransomware variant,…
Exploits, Global Security News, Ransomware, Security
Ransomware upstart ‘The Gentlemen’ raises the stakes for OT‑heavy sectors
A new threat actor, The Gentlemen, has emerged as a fast-moving ransomware group that has rapidly expanded its activity across Asia Pacific, South America, the US, and the Middle East. First identified in August, the group has already hit organizations in 17 countries, with victims spanning across manufacturing, construction, healthcare, and insurance. Trend Micro has…
Emerging Tech, Global Security News, Ransomware, Security
Ransomware upstart Gunra goes cross-platform with encryption upgrades
A new Linux variant of the “Gunra” ransomware family has been identified with highly configurable multithreading, allowing attackers to run up to 100 parallel encryptions. A Trend Micro research underlined that the emerging threat group, which has already claimed 14 victims spanning healthcare, manufacturing, and IT, has rolled out a new ransomware variant with significant…
Exploits, Global Security News, Ransomware, Security
Interlock ransomware threat expands across the US and Europe, hits healthcare and smart cities
The FBI, CISA, Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a joint cybersecurity advisory warning of an emerging ransomware threat from Interlock, a group that uses double extortion tactics to target businesses and critical infrastructure organizations across the US. The Interlock ransomware variant was…
Emerging Tech, Global Security News, Ransomware, Security
Trend Micro flags BERT: A rapidly growing ransomware threat
A new threat actor, BERT, has emerged as a fast-moving ransomware group that has rapidly expanded its activity across Asia, Europe, and the US. Discovered in April, BERT is targeting both Windows and Linux systems. Tracked by Trend Micro as “Water Pombero,” the group is targeting critical infrastructure sectors such as healthcare, technology, and event…
Global Security News, Ransomware, Security
IBM Power11 challenges x86 and GPU giants with security-first server strategy
With the launch of Power11 servers, IBM is shifting the discussion from raw performance numbers to security and reliability, highlighting its claim of zero planned downtime and quick ransomware detection. One of the key highlights of the platform is a one-minute guaranteed ransomware threat detection with its Power Cyber Vault. “Its promise of ransomware detection…
Global Security News, Ransomware, Security
Ingram Micro confirms ransomware attack after days of downtime
Ingram Micro is facing a major cybersecurity crisis as a ransomware attack has triggered a multi-day IT outage, disrupting services for customers and partners across the globe. The outage, which reportedly began on July 3, has impacted several of the company’s core platforms and left it unable to process or ship orders. Days after the…
Global Security News, Ransomware, Security
‘Would rather pay bounty than ransom’: Coinbase on $20M extortion attempt
Coinbase, the largest crypto exchange in the US, is offering a $20 million bounty for information leading to those behind a May 2025 breach that compromised customer data. In a Wednesday evening filing with the Securities and Exchange Commission (SEC), the company said it was informed, on May 11, of a breach affecting its customers’…
Global Security News, Ransomware, Security
Trotz Back-Up: 86 Prozent der Unternehmen zahlen Lösegeld
80 Prozent der Cyberangriffe beginnen mit kompromittierten Zugangsdaten und einem Active Directory. Andrey_Popov – shutterstock.com Cybertools um sich gegen Angriffe zu wappnen, werden genauso wie Kampagnen zur Sensibilisierung gegen Phishing und Ähnliches immer zahlreicher. Dennoch kapitulieren Unternehmen auf der ganzen Welt immer noch häufig vor Ransomware-Angreifern. Eine neue Studie von Rubrik Zero Labs, an der…
Global Security News, Ransomware, Security
Global firms succumb to ransomware: 86% pay up despite having advanced backup tools
Despite an explosion in cybersecurity tools and awareness campaigns, organizations around the world are still surrendering to ransomware attackers at an alarming rate. According to new research from Rubrik Zero Labs, 86% of organizations globally admitted to paying ransom demands following a cyberattack in the past year — a figure that underscores a harsh reality:…
Global Security News, Ransomware, Security
New VanHelsing ransomware claims three victims within a month
A new ransomware-as-a-service (RaaS) affiliate program, VanHelsing, is rapidly gaining traction, with its operators successfully targeting three victims within a month of its launch on March 7. Presumably Russian, for its prohibition of Commonwealth of Independent States (CIS) targets, the RaaS project was first discovered by CYFIRMA on March 16, as attackers used it for…
Exploits, Global Security News, Ransomware, Security
Ransomware goes postal: US healthcare firms receive fake extortion letters
In late February, healthcare organizations across the US started receiving extortion demands by mail claiming that their organization’s data had been stolen in a ransomware attack and giving them 10 days to respond. According to the letters, printed on paper and delivered in envelopes purporting to be from the BianLian ransomware group, the data would…
Exploits, Global Security News, Ransomware, Security
A new ransomware regime is now targeting critical systems with weaker networks
The year 2024’s ransomware shake-up, fueled by law enforcement crackdowns on giants like LockBit, has shifted focus to critical operations, with major attacks this year hitting targets like Halliburton, TfL, and Arkansas water plant. A Dragos study for the third quarter of 2024 highlighted a surge in activity from new groups like RansomHub, Play, and…