Geek-Guy.com

Tag: ransomware

AI, Apps, Compliance, Exploits, Global Security News, Government & Policy, malware, Network Security

Amazon threat intelligence teams identify Interlock ransomware campaign targeting enterprise firewalls

Amazon threat intelligence has identified an active Interlock ransomware campaign exploiting CVE-2026-20131, a critical vulnerability in Cisco Secure Firewall Management Center (FMC) Software that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device, which was disclosed by Cisco on March 4, 2026. After Cisco’s disclosure, Amazon threat…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Ransomware’s Opening Play: Target Identity First

For years, ransomware attacks followed a familiar script.  Threat actors gained entry through a vulnerable server, a phishing email, or malicious software on an endpoint. Once inside, they moved laterally through the network, then encrypted systems and demanded payment. That playbook has changed. Today’s ransomware operators increasingly target identity infrastructure as their first objective.  Active…

Read more →

AI, Cloud Security, Compliance, Cybersecurity, Global Security News, Risk Management, Venture

Eon Launches Ransomware Protection for Cloud Databases

As enterprises move critical workloads to managed cloud databases, a growing ransomware recovery gap is emerging across modern cloud infrastructure. Eon is aiming to close that gap with new ransomware protection designed specifically for managed cloud database environments. The new capability expands Eon’s ransomware protection suite and focuses on detecting corruption and restoring trusted data…

Read more →

AI, Global Security News

LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader

The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method. The use of ClickFix, where users are tricked into manually running malicious commands to address non-existent errors, is a departure from relying on traditional methods for obtaining initial access, such as through stolen…

Read more →

AI, Data Breaches, Exploits, Global Security News, malware, Network Security

The ransomware economy is shifting toward straight-up data extortion

Ransomware remains a scourge that shows some signs of relenting, but incident responders and threat hunters are busier than ever as more financially-motivated attackers lean exclusively on data theft for extortion. Attacks that only involve data theft for extortion may not be more prevalent than traditional ransomware when attackers encrypt systems, but momentum is moving…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

AiLock Ransomware Claims England Hockey Data Breach

England Hockey is investigating a potential cyberattack after a ransomware group claimed to have stolen sensitive data from its systems and threatened to publish it online.  The AiLock ransomware gang recently listed the organization on its public data leak site, claiming to have exfiltrated large volumes of internal data as part of the attack. “We…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Network Security, Risk Management

Feds say another DigitalMint negotiator ran ransomware attacks and extorted $75 million

A 41-year-old South Florida man is accused of conducting at least 10 ransomware attacks and extorting a combined $75.25 million in ransom payments while he was working as a ransomware negotiator for DigitalMint.  Five of Angelo John Martino III’s alleged victims hired DigitalMint, which assigned Martino to conduct ransomware negotiations on their clients’ behalf —…

Read more →

AI, Global Security News, Network Security, Russia

Phobos ransomware leader pleads guilty, faces up to 20 years in prison

Russian national Evgenii Ptitsyn pleaded guilty to running the Phobos ransomware outfit that extorted more than $39 million from more than 1,000 victims globally, the Justice Department said Wednesday. Ptitsyn assumed a leadership role in the Phobos ransomware group in January 2022, yet his criminal activities began by April 2019, according to court records. He…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, privacy, Risk Management

Data breach at University of Hawaiʻi Cancer Center impacts 1.2 Million individuals

A ransomware attack on the University of Hawaiʻi Cancer Center exposed personal data of 1.2 million people. A 2025 ransomware attack targeting the University of Hawaiʻi Cancer Center compromised the personal information of about 1.2 million individuals. The attack hit the University of Hawaiʻi Cancer Center on August 31, 2025, impacting servers that support research…

Read more →

AI, APAC, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Network Security

Ransomware groups switch to stealthy attacks and long-term access

Ransomware attackers are switching tactics in favor of more stealthy infiltration, as the threat of public exposure of sensitive corporate data is becoming the main mechanism of extortion. Picus Security’s annual red-teaming report shows attackers shifting away from loud disruption toward quiet, long-term access — or from “predatory” smash-and-grab tactics to “parasitic” silent residency. Four…

Read more →

AI, APAC, Global Security News, Government & Policy, malware

Lazarus APT group deployed Medusa Ransomware against Middle East target

North Korea’s Lazarus Group used Medusa ransomware in an attack on an unnamed Middle East organization, researchers report. The North Korea-linked Lazarus APT Group, also known as Diamond Sleet and Pompilus, has been spotted deploying Medusa ransomware against an unnamed organization in the Middle East, according a new report from the Symantec and Carbon Black…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Network Security

What are the types of ransomware attacks?

Ransomware isn’t an isolated, potential cyber threat—it’s like a living organism that can shapeshift with multiple strains, tactics, and targets. The cybercriminals behind ransomware attacks run these operations like a business and are motivated to keep up profits at any cost.  Their tactics range from quickly locking down an entire network to slowly leaking sensitive…

Read more →

AI, Data Breaches, Global Security News

Everest ransomware hits Vikor Scientific ‘s supplier, data of 140,000 patients stolen

Everest ransomware claims an attack on diagnostic firm Vikor Scientific (Vanta Diagnostics), exposing data of nearly 140,000 people. The Everest ransomware group has claimed responsibility for a cyberattack on Vikor Scientific, now operating as Vanta Diagnostics. The healthcare diagnostic firm disclosed a data breach impacting nearly 139,964 individuals, as reported by the US Department of…

Read more →

AI, Cybersecurity, Data Breaches, Endpoint, Global Security News, Network Security, Risk Management

Global Chip Supplier Advantest Discloses Cyber Incident 

Japanese semiconductor equipment company Advantest has confirmed it was hit by a ransomware attack after detecting unusual activity inside its corporate network on February 15.  The company says an unauthorized third party may have accessed internal systems and deployed ransomware, potentially affecting sensitive data tied to customers or employees. “Preliminary findings appear to indicate that…

Read more →

Global Security News

Japanese chip-testing toolmaker Advantest suffers ransomware attack

Japanese tech testing company Advantest has suffered a ransomware attack, the company confirmed last Thursday, after detecting unusual activity within its IT environment on February 15, 2026. What happened? Tokyo-based Advantest is a leading manufacturer of automatic test and measurement equipment used in the design and production of semiconductors that used in computers, electronic devices…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

University of Mississippi Medical Center Closes Clinics After Ransomware Attack

A ransomware attack has forced the University of Mississippi Medical Center (UMMC) to temporarily close most of its clinics, cancel elective procedures, and shift to manual documentation as IT systems remain offline.  The incident, detected in the early hours of Feb. 19, 2026, disrupted UMMC’s network, including its EPIC electronic medical record (EMR) platform. “We…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Barracuda: Firewall Exploits Drive 90% of Ransomware Incidents

Ninety percent of ransomware incidents in 2025 reportedly exploited firewalls via unpatched software or a vulnerable account, according to Barracuda Networks’ newly published Barracuda Managed XDR Global Threat Report. Outdated tools and remote access abuse heighten ransomware exposure According to the cybersecurity company, the findings show how attackers exploit legitimate IT tools such as remote…

Read more →

Global Security News

The era of the Digital Parasite: Why stealth has replaced ransomware

For years, ransomware encryption functioned as the industry’s alarm bell. When systems locked up, defenders knew an attack had occurred. Not anymore. New empirical data show that attackers are actively dismantling that signal. According to Picus Security’s Red Report 2026, adversaries are no longer optimizing for disruption; they’re optimizing for residency. Based on a thorough…

Read more →

AI, Apps, Data Breaches, Global Security News, Network Security, Risk Management

Japan’s Washington Hotel Reports Ransomware Attack

Washington Hotel Corporation has confirmed a ransomware attack that compromised several internal servers, triggering containment measures and an ongoing investigation into potential data exposure.  The incident was detected when unauthorized access was identified across multiple systems. “Unauthorized access to various business data stored on our servers has been confirmed. The information leak is currently under…

Read more →

AI, Global Security News

LockBit 5.0 ransomware expands its reach across Windows, Linux, and ESXi

The Acronis Threat Research Unit (TRU) has identified a new and significantly enhanced version of the LockBit ransomware, LockBit 5.0, currently being deployed in active campaigns. The latest variant demonstrates expanded cross-platform capabilities, enabling attackers to target Windows, Linux, and VMware ESXi systems within a single coordinated attack. According to analysis, LockBit 5.0 introduces dedicated…

Read more →

AI, Apps, Compliance, Data Breaches, Global Security News, privacy, Risk Management, Security

Why identity recovery is now central to cyber resilience

Ransomware has permanently changed how security leaders think about risk. Verizon’s 2025 Data Breach Investigations Report found that ransomware was involved in 44% of all breaches. For small and midsize businesses, the problem is big; ransomware was involved in nearly nine out of 10 breaches, compared to it playing a role in 39% of incidents…

Read more →

AI, Cybercrime, Endpoint, extortion, Global Security News, malware, Ransomware, Risk Management

0APT ransomware group rises swiftly with bluster, along with genuine threat of attack

Most signs suggest the group is running a massive hoax by claiming hundreds of initial victims, but at least some of the threat 0APT poses is grounded in truth backed by proven capabilities.

The post 0APT ransomware group rises swiftly with bluster, along with genuine threat of attack appeared first on CyberScoop.

Read more →

AI, Breaking News, cyber crime, Cybersecurity, Exploits, Global Security News, malware, Security

Reynolds ransomware uses BYOVD to disable security before encryption

Researchers discovered Reynolds ransomware, which uses BYOVD technique to disable security tools and evade detection before encryption. Researchers found a new ransomware, named Reynolds, that implements the Bring Your Own Vulnerable Driver (BYOVD) technique to disable security tools and evade detection before encrypting systems. Broadcom’s cybersecurity researchers initially attributed the attack to Black Basta due…

Read more →

AI, ANYRUN, Compliance, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Malware Analysis, malware behavior, Risk Management

Emerging Ransomware BQTLock & GREENBLOOD Disrupt Businesses in Minutes 

How long would it take your team to realize ransomware is already running?  The newly identified ransomware families are already causing real business disruption. These threats can disrupt operations fast while also reducing visibility through stealth or cleanup activity, shrinking the time teams have to detect and contain the attack.  Here’s what you should know about BQTLock and GREENBLOOD, and how your team can detect and contain them before…

Read more →

AI, Cybersecurity, Endpoint, Global Security News

Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools

Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself. BYOVD refers to an adversarial technique that abuses legitimate but flawed driver software to escalate privileges and disable Endpoint Detection

Read more →

AI, Breaking News, cyber crime, Cybercrime, Cybersecurity, data breach, Data Breaches, Global Security News, Government & Policy, Network Security, Security

Senegal shuts National ID office after ransomware attack

Senegal closed its national ID card office after a ransomware cyberattack disrupted ID, passport, and biometric services. Senegal confirmed a cyberattack on the Directorate of File Automation, the government office that manages national ID cards, passports, and biometric data. After ransomware claims surfaced, authorities temporarily closed the office to contain the incident. The agency warned…

Read more →

AI, Data Breaches, Exploits, Global Security News, Network Security

Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server

SmarterTools confirmed last week that the Warlock (aka Storm-2603) ransomware gang breached its network by exploiting an unpatched SmarterMail instance. The incident took place on January 29, 2026, when a mail server that was not updated to the latest version was compromised, the company’s Chief Commercial Officer, Derek Curtis, said. “Prior to the breach, we…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, News, Risk Management, Threats

BridgePay Ransomware Causes Widespread Payment Outages

A ransomware attack on BridgePay Network Solutions on Feb. 6, 2026, caused payment processing disruptions across the U.S., affecting merchants, local governments, and service providers. The outage temporarily forced some businesses to rely on cash-only transactions while payment services were unavailable. “No card data was compromised and any file that may have been accessed was…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, News, Risk Management, Threats

BridgePay Ransomware Causes Widespread Payment Outages

A ransomware attack on BridgePay Network Solutions on Feb. 6, 2026, caused payment processing disruptions across the U.S., affecting merchants, local governments, and service providers. The outage temporarily forced some businesses to rely on cash-only transactions while payment services were unavailable. “No card data was compromised and any file that may have been accessed was…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, News, Risk Management, Threats

BridgePay Ransomware Causes Widespread Payment Outages

A ransomware attack on BridgePay Network Solutions on Feb. 6, 2026, caused payment processing disruptions across the U.S., affecting merchants, local governments, and service providers. The outage temporarily forced some businesses to rely on cash-only transactions while payment services were unavailable. “No card data was compromised and any file that may have been accessed was…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, News, Risk Management, Threats

BridgePay Ransomware Causes Widespread Payment Outages

A ransomware attack on BridgePay Network Solutions on Feb. 6, 2026, caused payment processing disruptions across the U.S., affecting merchants, local governments, and service providers. The outage temporarily forced some businesses to rely on cash-only transactions while payment services were unavailable. “No card data was compromised and any file that may have been accessed was…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, News, Risk Management, Threats

BridgePay Ransomware Causes Widespread Payment Outages

A ransomware attack on BridgePay Network Solutions on Feb. 6, 2026, caused payment processing disruptions across the U.S., affecting merchants, local governments, and service providers. The outage temporarily forced some businesses to rely on cash-only transactions while payment services were unavailable. “No card data was compromised and any file that may have been accessed was…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, News, Risk Management, Threats

BridgePay Ransomware Causes Widespread Payment Outages

A ransomware attack on BridgePay Network Solutions on Feb. 6, 2026, caused payment processing disruptions across the U.S., affecting merchants, local governments, and service providers. The outage temporarily forced some businesses to rely on cash-only transactions while payment services were unavailable. “No card data was compromised and any file that may have been accessed was…

Read more →

AI, CISA, Don't miss, Exploits, Global Security News, Hot stuff, News

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers

CVE-2025-22225, a VMware ESXi arbitrary write vulnerability, is being used in ransomware campaigns, CISA confirmed on Wednesday by updating the vulnerability’s entry in its Known Exploited Vulnerabilities (KEV) catalog. Researchers linked VMware ESXi zero-day trio to single exploit toolkit Broadcom fixed CVE-2025-22225, CVE-2025-22224 (a heap overflow vulnerability) and CVE-2025-22226 (an information disclosure flaw) in VMware…

Read more →

AI, Compliance, Cybersecurity, Data Breaches, Global Security News, privacy, Risk Management, Venture

When your mouse turns snitch, and hackers grow a conscience

Your computer’s mouse might not be as innocent as it looks – and one ransomware crew has a crisis of conscience that nobody saw coming. We talk about how something as ordinary as a web page could turn your mouse into a surprisingly nosey neighbour, and why ransomware gangs need to think carefully about their…

Read more →