Skip to content
The Nexus
DossierENTITY

ransomware

Coverage of ransomware in the Nexus archive.

Earliest in view: May 27 · 07:00 UTCMost recent: Jul 2 · 09:13 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJul 2 · 09:13 UTCTHE HACKER NEWS
    AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack

    Sysdig, a security firm, reports discovering the first ransomware attack fully executed by an AI agent named JADEPUFFER. The AI agent conducted a database ransomware attack by infiltrating systems, stealing credentials, moving laterally in the network, and encrypting/wiping a company's production database.

  • SECURITYJun 30 · 09:00 UTCCYBERSCOOP
    How ransomware syndicates weaponize corporate-style organization

    The Black Basta ransomware group operated with a corporate-style structure, using organized teams, outsourcing tasks, and performance-based payments to extort victims. They targeted 520 victims across 39 industries, collecting $107 million in bitcoin, and employed tactics like phishing, malware, DDoS attacks, and data audits to maximize ransom demands.

  • SECURITYJun 22 · 06:06 UTCTHE HACKER NEWS
    INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific

    INTERPOL has reported a 'dramatic increase' in cybercrime across Asia and the South Pacific, driven by digitalization, internet expansion, new technologies, organized criminal networks, and uneven cybersecurity readiness. Phishing is highlighted as the most widespread threat in the region.

  • SECURITYJun 18 · 00:24 UTCFOX 32 CHICAGO
    How AI is changing cybersecurity: Expert shares ransomware and online safety tips

    A ransomware attack at Evanston Township High School underscores growing cybersecurity threats, as experts warn AI is making cyberattacks more sophisticated and harder to detect. The incident highlights concerns about AI's role in escalating online safety risks.

  • SECURITYJun 13 · 10:30 UTCWIRED
    The FCC Wants to Kill Burner Phones

    The FCC aims to restrict burner phones, Microsoft released a major security update linked to AI bug hunting, and the ShinyHunters ransomware group exploited an Oracle zero-day vulnerability.

  • SECURITYJun 11 · 07:00 UTCTHE REGISTER
    Every employee’s password was stored in a single Excel file

    A CEO of a 2,000-employee facility services company stored all employee usernames and passwords in an Excel file on his desktop, refusing multi-factor authentication (MFA) despite prior ransomware incidents and data breaches. The company later suffered two data breaches involving sensitive client data.

  • SECURITYJun 8 · 15:46 UTCTHE REGISTER
    Ransomware sends Illinois high school on an early summer vacation

    Evanston Township High School in Illinois is closed until Wednesday following a ransomware attack on June 7, disrupting summer school, sports camps, and online systems. The school is working with cybersecurity experts and the FBI to investigate and restore operations, with phone systems and email access limited. A similar attack affecting 13 schools in Powys, Wales, was reported on June 4.

  • SECURITYJun 4 · 16:00 UTCFOX NEWS
    Charter breach warning: What customers should know

    Charter Communications (Spectrum) confirmed a cybersecurity incident after ransomware group ShinyHunters listed it on a leak site. Hackers claimed to steal millions of customer records via a vishing attack, but Charter stated sensitive data like private telecom account information was not released.

  • SECURITYJun 4 · 05:00 UTCTHE REGISTER
    All the passwords were stored in Active Directory description fields

    A company stored service account passwords in Active Directory description fields, leading to a ransomware attack after hackers accessed these credentials via phishing and the Sliver tool. The breach resulted in 2000+ users being affected and the company being offline for months.

  • SECURITYJun 3 · 20:31 UTCBLEEPING COMPUTER
    The U.S. sanctions Nobitex crypto exchange used by ransomware

    The U.S. Treasury's Office of Foreign Assets Control (OFAC) has sanctioned Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to terrorist activities.

  • SECURITYJun 1 · 10:46 UTCTHE CIPHER BRIEF
    Deterrence Is Not Enough in the Age of Synthetic Asymmetry

    The article argues that traditional deterrence strategies are ineffective against modern synthetic asymmetry, where non-state actors and cyber operations exploit technological convergence to cause disproportionate economic and societal disruption. It emphasizes the need for democracies to adopt 'synthetic resilience'—a capacity to absorb and adapt to multi-domain attacks—highlighting examples like the 2021 Colonial Pipeline ransomware attack, which caused billions in downstream economic losses.

  • SECURITYMay 22 · 13:17 UTCDARK READING
    Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks

    Verizon's 2026 Data Breach Investigations Report reveals that the healthcare sector faces escalating social engineering attacks despite efforts to defend against them. While ransomware and vendor breaches remain persistent threats, the report highlights that evolving social engineering tactics are creating new vulnerabilities in the healthcare industry.

  • SECURITYMay 21 · 13:09 UTCBLEEPING COMPUTER
    Police seize “First VPN” service used in ransomware, data theft attacks

    Law enforcement agencies have shut down 'First VPN,' a virtual private network service that was being exploited for ransomware attacks and data theft operations. The takedown was conducted through a joint international law enforcement operation, disrupting a key tool used by cybercriminals.

  • SECURITYMay 7 · 22:22 UTCHACKER NEWS
    Canvas (Instructure) LMS Down in Ongoing Ransomware Attack

    Canvas, a learning management system by Instructure, is down due to an ongoing ransomware attack. The breach has affected the platform's functionality. Users are experiencing outages and disruptions.

  • SECURITYMay 6 · 14:04 UTCBLEEPING COMPUTER
    Why ransomware attacks succeed even when backups exist

    Ransomware attacks succeed by targeting backup systems before encryption, leaving no path to recovery. Backups are destroyed by attackers, making them unavailable for recovery. This renders backups ineffective against ransomware attacks.

  • SECURITYMay 1 · 13:10 UTCTHE REGISTER
    First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed

    A critical vulnerability in cPanel, a widely used hosting stack, is being actively exploited, with reports of ransomware demands emerging before patches were released. CISA has added the flaw to its list of known-exploited vulnerabilities, highlighting the risk to millions of websites.

  • SECURITYApr 29 · 11:00 UTCARS TECHNICA
    Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

    Security firm Checkmarx has been targeted in multiple supply-chain attacks over 40 days, including a breach of the Trivy vulnerability scanner and a ransomware attack. Attackers compromised GitHub accounts to deliver malware to users, stealing credentials like repository tokens and SSH keys.

  • SECURITYApr 28 · 18:36 UTCTHE REGISTER
    Don't pay Vect a ransom - your data's likely already wiped out

    The ransomware Vect, associated with recent Trivy and LiteLLM supply-chain attacks, is actually a wiper that destroys files larger than 128KB. Check Point Research warns that paying the ransom is ineffective, as data recovery is impossible for victims.

  • SECURITYApr 22 · 20:51 UTCDARK READING
    'The Gentlemen' Rapidly Rises to Ransomware Prominence

    The ransomware group 'The Gentlemen' has rapidly expanded its operations and gained attention for its sophisticated tactics, despite the name implying politeness. Researchers are impressed by its speed and technical capabilities.

  • SECURITYApr 22 · 18:52 UTCBLEEPING COMPUTER
    Kyber ransomware gang toys with post-quantum encryption on Windows

    A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints, using Kyber1024 post-quantum encryption in attacks. This marks a shift toward quantum-resistant encryption methods in ransomware campaigns.

  • SECURITYApr 21 · 15:56 UTCTECHCRUNCH
    Ransomware negotiator pleads guilty to helping ransomware gang

    A former cybersecurity firm employee pleaded guilty to aiding ransomware criminals to maximize profits and take a cut of the ransom. The individual's actions involved collaborating with a ransomware gang to facilitate their operations.

  • SECURITYApr 21 · 15:29 UTCDARK READING
    Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk

    A critical remote code execution flaw (CVE-2026-1731) in Bomgar RMM has led to a surge in exploitation attempts, enabling ransomware attacks and supply chain compromises. The vulnerability highlights significant risks in remote monitoring and management tools.

  • SECURITYApr 21 · 14:15 UTCTHE REGISTER
    Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords

    A third former ransomware negotiator has pleaded guilty to aiding the ALPHV/BlackCat ransomware gang in extorting U.S. businesses, following his two co-workers' guilty pleas. Court documents revealed a nonprofit organization paid nearly $26.8 million in ransom to the group.

  • TECHNOLOGYApr 20 · 14:01 UTCBLEEPING COMPUTER
    The backup myth that is putting businesses at risk

    The article highlights that while backups protect data, they are insufficient to maintain business operations during outages. Datto emphasizes the critical need for Business Continuity and Disaster Recovery (BCDR) solutions to ensure operational resilience against ransomware and disruptions.

  • SECURITYApr 15 · 16:18 UTCTHE REGISTER
    Automotive data biz Autovista blames ransomware for service disruption

    Autovista, an automotive data business, is addressing ransomware attacks that disrupted services in Europe and Australia. The company has engaged external support to mitigate the infection and advised customers to block inbound emails from their systems.

  • SECURITYApr 14 · 12:56 UTCTHE REGISTER
    No honor among thieves as 0APT threatens rival ransomware gang Krybit

    Two rival ransomware gangs, 0APT and Krybit, are engaged in a conflict after 0APT threatened to expose individuals linked to Krybit. The incident highlights ongoing tensions between cybercriminal groups.

  • SECURITYApr 14 · 08:52 UTCHACKER NEWS
    Ransomware Is Growing Three Times Faster Than the Spending Meant to Stop It

    Ransomware growth is outpacing security spending by three times, according to a Ciphercue blog article. The piece highlights a critical gap in cybersecurity efforts despite increased financial investment.

  • SECURITYApr 13 · 21:35 UTCTHE REGISTER
    Zombie Microsoft bugs rise from the dead, pave way for crims and ransomware scum

    Four Microsoft vulnerabilities, including one patched 14 years ago and another linked to ransomware, are being exploited by cybercriminals. The U.S. cyber-defense agency has warned federal agencies to patch these flaws within two weeks to mitigate risks.

  • SECURITYApr 8 · 21:09 UTCTHE REGISTER
    Criminal wannabes even more dangerous than the pros, says ex-FBI cyber chief

    Ex-FBI cyber chief Cynthia Kaiser warns that amateur criminals (wannabes) are more dangerous than professional cyber threats. She highlights ransomware as the biggest threat today, despite her earlier focus on state-sponsored threats from China and Russia.

  • SECURITYApr 8 · 11:30 UTCTHE REGISTER
    Dutch healthcare software vendor goes dark after ransomware attack

    A Dutch healthcare software vendor, ChipSoft, has been hit by a ransomware attack causing its website to go dark. While emails are still operational, the company's online services are currently unavailable.

  • SECURITYApr 1 · 22:04 UTCDARK READING
    Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense

    Hospitals face inevitable ransomware attacks that may cause short- or long-term outages. A chief medical information officer emphasizes the importance of rehearsals for defense against such threats.

  • SECURITYMar 23 · 07:00 UTCTHE GUARDIAN TECH
    We Know You Can Pay a Million by Anja Shortland review – the terrifying new world of ransomware

    The article traces the origins of ransomware to Joseph L Popp Jr's 1989 Aids Trojan, a virus that demanded payment for data access. It highlights how this primitive malware evolved into a global cybercrime business, emphasizing the dangers of data extortion and the psychological impact on victims.

  • SECURITYDec 20 · 09:09 UTCFBI NATIONAL PRESS
    United States Charges Dual Russian and Israeli National as Developer of LockBit Ransomware Group

    The United States has charged Rostislav Panev, a dual Russian and Israeli national, with being a developer of the LockBit ransomware group. This represents a significant law enforcement action against one of the most prominent ransomware operations. The charges underscore ongoing international efforts to combat cybercriminal activity.

  • SECURITYMay 27 · 07:00 UTCLAWFARE
    The Ransomware Problem Is a Bitcoin Problem - Lawfare

    The article argues that the ransomware problem is fundamentally linked to Bitcoin, as the cryptocurrency facilitates ransom payments. It highlights the role of Bitcoin in enabling ransomware attacks by providing anonymity and ease of transaction.

ransomware · Dossier · The Nexus