Ransomware
Coverage of Ransomware in the Nexus archive.
- AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
Sysdig, a security firm, reports discovering the first ransomware attack fully executed by an AI agent named JADEPUFFER. The AI agent conducted a database ransomware attack by infiltrating systems, stealing credentials, moving laterally in the network, and encrypting/wiping a company's production database.
- How ransomware syndicates weaponize corporate-style organization
The Black Basta ransomware group operated with a corporate-style structure, using organized teams, outsourcing tasks, and performance-based payments to extort victims. They targeted 520 victims across 39 industries, collecting $107 million in bitcoin, and employed tactics like phishing, malware, DDoS attacks, and data audits to maximize ransom demands.
- INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific
INTERPOL has reported a 'dramatic increase' in cybercrime across Asia and the South Pacific, driven by digitalization, internet expansion, new technologies, organized criminal networks, and uneven cybersecurity readiness. Phishing is highlighted as the most widespread threat in the region.
- How AI is changing cybersecurity: Expert shares ransomware and online safety tips
A ransomware attack at Evanston Township High School underscores growing cybersecurity threats, as experts warn AI is making cyberattacks more sophisticated and harder to detect. The incident highlights concerns about AI's role in escalating online safety risks.
- The FCC Wants to Kill Burner Phones
The FCC aims to restrict burner phones, Microsoft released a major security update linked to AI bug hunting, and the ShinyHunters ransomware group exploited an Oracle zero-day vulnerability.
- Every employee’s password was stored in a single Excel file
A CEO of a 2,000-employee facility services company stored all employee usernames and passwords in an Excel file on his desktop, refusing multi-factor authentication (MFA) despite prior ransomware incidents and data breaches. The company later suffered two data breaches involving sensitive client data.
- Ransomware sends Illinois high school on an early summer vacation
Evanston Township High School in Illinois is closed until Wednesday following a ransomware attack on June 7, disrupting summer school, sports camps, and online systems. The school is working with cybersecurity experts and the FBI to investigate and restore operations, with phone systems and email access limited. A similar attack affecting 13 schools in Powys, Wales, was reported on June 4.
- Charter breach warning: What customers should know
Charter Communications (Spectrum) confirmed a cybersecurity incident after ransomware group ShinyHunters listed it on a leak site. Hackers claimed to steal millions of customer records via a vishing attack, but Charter stated sensitive data like private telecom account information was not released.
- All the passwords were stored in Active Directory description fields
A company stored service account passwords in Active Directory description fields, leading to a ransomware attack after hackers accessed these credentials via phishing and the Sliver tool. The breach resulted in 2000+ users being affected and the company being offline for months.
- The U.S. sanctions Nobitex crypto exchange used by ransomware
The U.S. Treasury's Office of Foreign Assets Control (OFAC) has sanctioned Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to terrorist activities.
- Deterrence Is Not Enough in the Age of Synthetic Asymmetry
The article argues that traditional deterrence strategies are ineffective against modern synthetic asymmetry, where non-state actors and cyber operations exploit technological convergence to cause disproportionate economic and societal disruption. It emphasizes the need for democracies to adopt 'synthetic resilience'—a capacity to absorb and adapt to multi-domain attacks—highlighting examples like the 2021 Colonial Pipeline ransomware attack, which caused billions in downstream economic losses.
- Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks
Verizon's 2026 Data Breach Investigations Report reveals that the healthcare sector faces escalating social engineering attacks despite efforts to defend against them. While ransomware and vendor breaches remain persistent threats, the report highlights that evolving social engineering tactics are creating new vulnerabilities in the healthcare industry.
- Police seize “First VPN” service used in ransomware, data theft attacks
Law enforcement agencies have shut down 'First VPN,' a virtual private network service that was being exploited for ransomware attacks and data theft operations. The takedown was conducted through a joint international law enforcement operation, disrupting a key tool used by cybercriminals.
- Canvas (Instructure) LMS Down in Ongoing Ransomware Attack
Canvas, a learning management system by Instructure, is down due to an ongoing ransomware attack. The breach has affected the platform's functionality. Users are experiencing outages and disruptions.
- Why ransomware attacks succeed even when backups exist
Ransomware attacks succeed by targeting backup systems before encryption, leaving no path to recovery. Backups are destroyed by attackers, making them unavailable for recovery. This renders backups ineffective against ransomware attacks.
- First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed
A critical vulnerability in cPanel, a widely used hosting stack, is being actively exploited, with reports of ransomware demands emerging before patches were released. CISA has added the flaw to its list of known-exploited vulnerabilities, highlighting the risk to millions of websites.
- Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Security firm Checkmarx has been targeted in multiple supply-chain attacks over 40 days, including a breach of the Trivy vulnerability scanner and a ransomware attack. Attackers compromised GitHub accounts to deliver malware to users, stealing credentials like repository tokens and SSH keys.
- Don't pay Vect a ransom - your data's likely already wiped out
The ransomware Vect, associated with recent Trivy and LiteLLM supply-chain attacks, is actually a wiper that destroys files larger than 128KB. Check Point Research warns that paying the ransom is ineffective, as data recovery is impossible for victims.
- 'The Gentlemen' Rapidly Rises to Ransomware Prominence
The ransomware group 'The Gentlemen' has rapidly expanded its operations and gained attention for its sophisticated tactics, despite the name implying politeness. Researchers are impressed by its speed and technical capabilities.
- Kyber ransomware gang toys with post-quantum encryption on Windows
A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints, using Kyber1024 post-quantum encryption in attacks. This marks a shift toward quantum-resistant encryption methods in ransomware campaigns.
- Ransomware negotiator pleads guilty to helping ransomware gang
A former cybersecurity firm employee pleaded guilty to aiding ransomware criminals to maximize profits and take a cut of the ransom. The individual's actions involved collaborating with a ransomware gang to facilitate their operations.
- Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk
A critical remote code execution flaw (CVE-2026-1731) in Bomgar RMM has led to a surge in exploitation attempts, enabling ransomware attacks and supply chain compromises. The vulnerability highlights significant risks in remote monitoring and management tools.
- Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords
A third former ransomware negotiator has pleaded guilty to aiding the ALPHV/BlackCat ransomware gang in extorting U.S. businesses, following his two co-workers' guilty pleas. Court documents revealed a nonprofit organization paid nearly $26.8 million in ransom to the group.
- The backup myth that is putting businesses at risk
The article highlights that while backups protect data, they are insufficient to maintain business operations during outages. Datto emphasizes the critical need for Business Continuity and Disaster Recovery (BCDR) solutions to ensure operational resilience against ransomware and disruptions.
- Automotive data biz Autovista blames ransomware for service disruption
Autovista, an automotive data business, is addressing ransomware attacks that disrupted services in Europe and Australia. The company has engaged external support to mitigate the infection and advised customers to block inbound emails from their systems.
- No honor among thieves as 0APT threatens rival ransomware gang Krybit
Two rival ransomware gangs, 0APT and Krybit, are engaged in a conflict after 0APT threatened to expose individuals linked to Krybit. The incident highlights ongoing tensions between cybercriminal groups.
- Ransomware Is Growing Three Times Faster Than the Spending Meant to Stop It
Ransomware growth is outpacing security spending by three times, according to a Ciphercue blog article. The piece highlights a critical gap in cybersecurity efforts despite increased financial investment.
- Zombie Microsoft bugs rise from the dead, pave way for crims and ransomware scum
Four Microsoft vulnerabilities, including one patched 14 years ago and another linked to ransomware, are being exploited by cybercriminals. The U.S. cyber-defense agency has warned federal agencies to patch these flaws within two weeks to mitigate risks.
- Criminal wannabes even more dangerous than the pros, says ex-FBI cyber chief
Ex-FBI cyber chief Cynthia Kaiser warns that amateur criminals (wannabes) are more dangerous than professional cyber threats. She highlights ransomware as the biggest threat today, despite her earlier focus on state-sponsored threats from China and Russia.
- Dutch healthcare software vendor goes dark after ransomware attack
A Dutch healthcare software vendor, ChipSoft, has been hit by a ransomware attack causing its website to go dark. While emails are still operational, the company's online services are currently unavailable.
- Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense
Hospitals face inevitable ransomware attacks that may cause short- or long-term outages. A chief medical information officer emphasizes the importance of rehearsals for defense against such threats.
- We Know You Can Pay a Million by Anja Shortland review – the terrifying new world of ransomware
The article traces the origins of ransomware to Joseph L Popp Jr's 1989 Aids Trojan, a virus that demanded payment for data access. It highlights how this primitive malware evolved into a global cybercrime business, emphasizing the dangers of data extortion and the psychological impact on victims.
- United States Charges Dual Russian and Israeli National as Developer of LockBit Ransomware Group
The United States has charged Rostislav Panev, a dual Russian and Israeli national, with being a developer of the LockBit ransomware group. This represents a significant law enforcement action against one of the most prominent ransomware operations. The charges underscore ongoing international efforts to combat cybercriminal activity.
- The Ransomware Problem Is a Bitcoin Problem - Lawfare
The article argues that the ransomware problem is fundamentally linked to Bitcoin, as the cryptocurrency facilitates ransom payments. It highlights the role of Bitcoin in enabling ransomware attacks by providing anonymity and ease of transaction.