Latest Ransomware news

BORN Ontario child registry data breach affects 3.4 million people

The Better Outcomes Registry & Network (BORN), a healthcare organization funded by the government of Ontario, has announced that it is among the victims of Clop ransomware's MOVEit hacking spree.
- Bill Toulas
- September 25, 2023
- 01:31 PM
- 0
Dallas says Royal ransomware breached its network using stolen account

The City of Dallas, Texas, said this week that the Royal ransomware attack that forced it to shut down all IT systems in May started with a stolen account.
- Sergiu Gatlan
- September 22, 2023
- 04:59 PM
- 0
Bumblebee malware returns in new attacks abusing WebDAV folders

The malware loader 'Bumblebee' has broken its two-month vacation with a new campaign that employs new distribution techniques that abuse 4shared WebDAV services.
- Bill Toulas
- September 18, 2023
- 12:47 PM
- 0
BlackCat ransomware hits Azure Storage with Sphynx encryptor

The BlackCat (ALPHV) ransomware gang now uses stolen Microsoft accounts and the recently spotted Sphynx encryptor to encrypt targets' Azure cloud storage.
- Sergiu Gatlan
- September 16, 2023
- 10:11 AM
- 0
The Week in Ransomware - September 15th 2023 - Russian Roulette

This week's big news is the extortion attacks on the Caesars and MGM Las Vegas casino chains, with one having already paid the ransom and the other still facing operational disruptions.
- Lawrence Abrams
- September 15, 2023
- 05:54 PM
- 0
ORBCOMM ransomware attack causes trucking fleet management outage

Trucking and fleet management solutions provider ORBCOMM has confirmed that a ransomware attack is causing recent service outages that prevent trucking companies from managing their fleets.
- Lawrence Abrams
- September 15, 2023
- 09:33 AM
- 0
MGM casino's ESXi servers allegedly encrypted in ransomware attack

An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems.
- Ionut Ilascu
- September 14, 2023
- 06:52 PM
- 2
Auckland transport authority hit by suspected ransomware attack

The Auckland Transport (AT) transportation authority in New Zealand is dealing with a widespread outage caused by a cyber incident, impacting a wide range of customer services.
- Bill Toulas
- September 14, 2023
- 04:09 PM
- 0
Caesars Entertainment confirms ransom payment, customer data theft

Caesars Entertainment, self-described as the largest U.S. casino chain with the most extensive loyalty program in the industry, says it paid a ransom to avoid the online leak of customer data stolen in a recent cyberattack.
- Sergiu Gatlan
- September 14, 2023
- 12:58 PM
- 4
Manchester Police officers' data exposed in ransomware attack

United Kingdom's Greater Manchester Police (GMP) said earlier today that some of its employees' personal information was impacted by a ransomware attack that hit a third-party supplier.
- Bill Toulas
- September 14, 2023
- 11:13 AM
- 0
Hackers use new 3AM ransomware to save failed LockBit attack

A new ransomware strain called 3AM has been uncovered after a threat actor used it in an attack that failed to deploy LockBit ransomware on a target network.
- Ionut Ilascu
- September 13, 2023
- 08:29 AM
- 0
Ransomware access broker steals accounts via Microsoft Teams phishing

Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks.
- Sergiu Gatlan
- September 12, 2023
- 03:14 PM
- 1
The Week in Ransomware - September 8th 2023 - Conti Indictments

It started as a slow ransomware news week but slowly picked up pace with the Department of Justice announcing indictments on TrickBot and Conti operations members.
- Lawrence Abrams
- September 08, 2023
- 05:45 PM
- 0
Cisco warns of VPN zero-day exploited by ransomware gangs

Cisco is warning of a CVE-2023-20269 zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) that is actively exploited by ransomware operations to gain initial access to corporate networks.
- Bill Toulas
- September 08, 2023
- 09:32 AM
- 0
US and UK sanction 11 TrickBot and Conti cybercrime gang members

The USA and the United Kingdom have sanctioned eleven Russian nationals associated with the TrickBot and Conti ransomware cybercrime operations.
- Lawrence Abrams
- September 07, 2023
- 10:27 AM
- 0
Sponsored Content
The Initial Access Broker Economy: A Deep Dive into Dark Web Hacking Forums

Initial access brokers (IAB) are cybercriminals that focus on gaining access to corporate environments, which they then auction off to other hackers. Learn more from Flare about the IAB economy and how it affects your business.
- Sponsored by Flare
- September 07, 2023
- 10:02 AM
- 0
LogicMonitor customers hacked in reported ransomware attacks

Network monitoring company LogicMonitor confirmed today that some users of its SaaS platform have fallen victim to cyberattacks.
- Sergiu Gatlan
- August 31, 2023
- 02:24 PM
- 0
Free Key Group ransomware decryptor helps victims recover data

Researchers took advantage of a weakness in the encryption scheme of Key Group ransomware and developed a decryption tool that lets some victims to recover their files for free.
- Bill Toulas
- August 31, 2023
- 12:21 PM
- 0
Hacking campaign bruteforces Cisco VPNs to breach networks

Hackers are targeting Cisco Adaptive Security Appliance (ASA) SSL VPNs in credential stuffing and brute-force attacks that take advantage of lapses in security defenses, such as not enforcing multi-factor authentication (MFA).
- Sergiu Gatlan
- August 30, 2023
- 12:00 PM
- 0
Attacks on Citrix NetScaler systems linked to ransomware actor

A threat actor believed to be tied to the FIN8 hacking group exploits the CVE-2023-3519 remote code execution flaw to compromise unpatched Citrix NetScaler systems in domain-wide attacks.
- Bill Toulas
- August 28, 2023
- 06:19 PM
- 0