Ransomware attackers routinely deploy tools designed to disable endpoint detection and response software before launching encryptors. These tools, known as EDR killers, have become a standard component of ransomware intrusions. ESET Research tracked nearly 90 EDR killers actively used in the wild. The workflow is consistent across groups: an attacker gains high privileges, deploys an...Read More
A prolific ransomware group has been exploiting a zero-day vulnerability in a Cisco firewall product since January, according to a new analysis from AWS. AWS CISO, CJ Moses, warned yesterday that the Interlock operation had been using CVE-2026-20131 in attacks since January 26. CVE-2026-20131 is a remote code execution (RCE) flaw in the web-based management...Read More
Interlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure Pierluigi Paganini March 19, 2026 The Interlock ransomware group has exploited a Cisco FMC zero-day RCE vulnerability in attacks since late January. The Interlock ransomware group has been exploiting a critical zero-day RCE vulnerability, tracked as CVE-2026-20131 (CVSS score of 10.0), in Cisco...Read More
Rubrik and Rackspace Technology have launched a UK-hosted cyber recovery service for public sector bodies and regulated organisations, with the goal of restoring systems within hours of a ransomware incident. Called UK Sovereign Cyber Recovery Cloud, the service combines Rubrik’s data security platform with Rackspace’s UK sovereign hosting and operational services. It is positioned as...Read More
A newly identified ransomware campaign linked to the LeakNet group is leveraging a sophisticated technique known as “ClickFix” to gain initial access into corporate systems. The attackers are distributing this method through compromised legitimate websites, making the attack harder to detect and increasing its reach across unsuspecting users. ClickFix is a social engineering tactic that...Read More
A newly identified ransomware campaign linked to the LeakNet group is leveraging a sophisticated technique known as “ClickFix” to gain initial access into corporate systems. The attackers are distributing this method through compromised legitimate websites, making the attack harder to detect and increasing its reach across unsuspecting users. ClickFix is a social engineering tactic that...Read More
Ransomware payments cratered in 2025, but it seems like the cybercrooks launching the attacks didn’t get the memo. That’s the headline from Chainalysis’ 2026 Crypto Crime Report, which shows total on-chain ransomware payments falling for a second straight year, even as victim counts and leak site pressure continue to climb. Ransomware gangs pulled in about...Read More
The North Ferry’s Mashomack. (Credit: Charity Robey) It’s not just second homeowners and deep-pocketed developers who are transforming the North Fork. Hackers have wormed their way in for the second time in four months. Last week, North Ferry Company’s payment system froze under a ransomware attack, leaving customers unable to pay online while the FBI...Read More
Introduction When ransomware struck Change Healthcare in February 2024, the attack paralyzed prescription processing across the United States, forcing pharmacies to turn patients away and hospitals to revert to paper records. The breach affected 190 million Americans and cost UnitedHealth Group over $2.4 billion, making it the largest healthcare data breach in U.S. history. The...Read More
A ransomware group known as LeakNet has been quietly building a more dangerous attack strategy. Until recently, the group averaged about three victims per month — but new evidence shows it is scaling up fast, adding new tools that most security defenses are not built to catch. LeakNet has introduced two notable additions: a social...Read More
