DragonForce Ransomware, first identified in late 2023, has rapidly evolved into a formidable player within the global ransomware ecosystem, leveraging a sophisticated Ransomware-as-a-Service (RaaS) model. Originally rooted in ideologically motivated cyberattacks, DragonForce has since pivoted to financially driven operations, offering affiliates a highly customizable toolkit that enables the creation and deployment of tailored ransomware payloads. ...Read More
Wazuh has issued new detection rules to address Mamona, a ransomware variant targeting Windows users that deletes itself soon after encrypting files and deploying ransom notes. The Mamona strain is known for its ability to quickly encrypt files, leave a ransom message, and erase its presence within seconds, complicating detection and post-infection analysis. Unlike more...Read More
A sophisticated new ransomware variant identified as DEVMAN has emerged from the DragonForce ransomware-as-a-service ecosystem, targeting both Windows 10 and Windows 11 systems with notable behavioral differences between operating system versions. This hybrid malware represents a concerning evolution in the ransomware landscape, combining the established DragonForce codebase with unique modifications that create distinct operational signatures....Read More
Law enforcement officials are investigating a former employee of a company that negotiates with hackers and facilitates cryptocurrency payments during ransomware attacks, according to a statement from the firm, DigitalMint. DigitalMint President Marc Jason Grens this week told organizations it works with that the US Justice Department is examining allegations that the then-employee struck deals...Read More
Bronx Pro Group, a real estate development and property management company experienced a data breach. This incident was the result of a ransomware attack carried out by the Akira ransomware group, which claimed responsibility for the breach on the dark web on May 22, 2025. The Akira group published the stolen data on the Tor...Read More
The US Treasury sanctioned Russia-based Aeza Group, a bulletproof hosting service that provided infrastructure for ransomware attacks and data theft operations. The sanctions target four Russian nationals, including CEO Arsenii Penzev and seized a cryptocurrency wallet containing approximately $350,000. The US Treasury Department has sanctioned Russia-based Aeza Group, a major step in the direction of...Read More
An ex-ransomware negotiator is under criminal investigation by the Department of Justice for allegedly working with ransomware gangs to profit from extortion payment deals. The suspect is a former employee of DigitalMint, a Chicago-based incident response and digital asset services company that specializes in ransomware negotiation and facilitating cryptocurrency payments to receive a decryptor or prevent...Read More
Threat researchers from CrowdStrike are pointing to the hacker group’s focus on more than just traditional ransomware attacks — as experts have separately linked the group to a data theft attack against Australian airline Qantas. The notorious threat group Scattered Spider has indeed been known to focus on more than just traditional ransomware attacks in...Read More
Maryland-based benefits administration and payroll solutions provider Kelly Benefits has disclosed that a total of 553,660 individuals had their data compromised as a result of a cyberattack in December, which was initially reported to have affected only 32,234 people, according to BleepingComputer. Source link .........................Read More
