Threat actors behind the Interlock ransomware group have unleashed a new PHP variant of its bespoke remote access trojan (RAT) as part of a widespread campaign using a variant of ClickFix called FileFix. “Since May 2025, activity related to the Interlock RAT has been observed in connection with the LandUpdate808 (aka KongTuke) web-inject threat clusters,”...Read More
The Japanese police have released a Phobos and 8-Base ransomware decryptor that lets victims recover their files for free, with BleepingComputer confirming that it successfully decrypts files. Phobos is a ransomware-as-a-service operation that launched in December 2018, enabling other threat actors to join as affiliates and utilize their encryption tool in attacks. In exchange, any...Read More
Fraud Management & Cybercrime , Ransomware FBI Accuses Man of Identifying Exploitable Flaws in Victims’ Networks for Group Mathew J. Schwartz (euroinfosec) • July 17, 2025 Karen Serobovich Vardanyan (Image: National Police of Ukraine) An Armenian national accused by the FBI of facilitating Ryuk ransomware attacks against numerous organizations is due to stand...Read More
A new cyber threat is on the horizon — one that operates without an internet connection. Security researchers have identified Mamona ransomware, a stealthy malware that executes offline, encrypts files using locally generated keys, and erases its tracks, making detection extremely difficult. Unlike traditional ransomware that relies on remote command-and-control servers, Mamona functions entirely offline...Read More
Russian premium vodka producer Beluga, owned by NovaBev Group, has fallen victim to a sophisticated ransomware attack that disrupted its IT infrastructure and operational capabilities. The cyberattack, which occurred on July 14, 2025, represents an escalation in cybercriminal activities targeting major beverage companies, forcing the organization to implement emergency response protocols while maintaining its principled...Read More
With IT outages and disruptions escalating, IT teams are shifting their focus beyond simply backing up data to maintaining operations during an incident. One of the key drivers behind this shift is the growing threat of ransomware, which continues to evolve in both frequency and complexity. Ransomware-as-a-Service (RaaS) platforms have made it possible for even...Read More
It’s been one year since a ransomware attack breached the city of Columbus’ cyber defenses leaking hundreds of thousands of people’s personal information to the dark web, but there’s little sign of internal accountability. A listener asked WOSU’s Curious Cbus several questions about the cyber attack. Authorities from the city all the way up to...Read More
A cryptomining botnet that has been active since 2019 has added a likely AI-generated ransomware to its operations. New analysis by FortiCNAPP team, part of FortiGuard Labs, has identified the first incident of an overlap between H2miner and Lcryx ransomware. The team uncovered this link during an investigation into a cluster of virtual private servers...Read More
