[ad_1] A sophisticated new attack method that disables endpoint security protection has been identified by security researchers, enabling threat actors to deploy ransomware undetected.  The technique, dubbed “Bring Your Own Installer,” was recently discovered by Aon’s Stroz Friedberg Incident Response team during an investigation of a Babuk ransomware attack. The method exploits a vulnerability in...Read More

[ad_1] In April 2025, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a HIPAA enforcement settlement with Comprehensive Neurology, PC, a New York-based neurology practice, in connection with a ransomware incident that compromised the electronic protected health information (“ePHI”) of approximately 6,800 individuals. This case marks OCR’s 12th ransomware-related...Read More

[ad_1] Anti-Ransomware Day was established on May 12 in 2020 by INTERPOL in collaboration with Kaspersky to commemorate the anniversary of the infamous WannaCry ransomware attack that occurred on May 12, 2017. The purpose of Anti-Ransomware Day is to raise global awareness about the threats posed by ransomware and to promote best practices for prevention...Read More

[ad_1] Published On : 2025-05-08 Ransomware of the week CYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring various forums. This includes multiple – industries, geography, and technology – that could be relevant to your organization. Type: RansomwareTarget Technologies: MS Windows IntroductionCYFIRMA Research and Advisory Team has found...Read More

[ad_1] LockBit, one of the most notorious and prolific cybercrime groups, has been compromised, handing law enforcement and threat intelligence experts a trove of critical insider information. On May 7, a cyber threat actor known as “Rey” on X discovered that LockBit’s dark web affiliate panels had been defaced and replaced with a message and...Read More

[ad_1] Malicious payloads NETXLOADER and SmokeLoader have been leveraged by the Qilin ransomware gang, also known as Agenda, to escalate attacks against telecommunications, healthcare, financial services, and technology organizations in the U.S., Brazil, the Netherlands, India, and the Philippines during the first three months of 2025, reports GBHackers News. Advanced obfuscation methods, including JIT hooking...Read More

[ad_1] BleepingComputer reports that the LockBit ransomware operation has been impacted by a data breach resulting in the defacement of its admin panels to include a message with a link redirecting to an archive file, which threat actor Rey noted to have an SQL file from its affiliate panel’s MySQL database. Additional analysis of the...Read More

[ad_1] Ransomware-as-a-Service (RaaS) has solidified its position as the dominant framework driving ransomware attacks in 2024, according to the latest insights from Kaspersky ahead of International Anti-Ransomware Day on May 12. Kaspersky Security Network data reveals an 18% drop in ransomware detections from 5,715,892 in 2023 to 4,668,229 in 2024, yet the share of affected...Read More

[ad_1] Patched Windows zero-day vulnerability (CVE-2025-29824) in the Common Log File System (CLFS) driver was exploited in attacks linked to the Play ransomware operation prior to its disclosure on April 8, 2025. The flaw, which enabled privilege escalation via a use-after-free condition in the clfs.sys kernel driver, was weaponized by Balloonfly, the cybercrime group behind...Read More

[ad_1] LockBit has suffered a data breach following panel defacement. (Photo: Tero Vesalainen/ Shutterstock) LockBit, a ransomware group known for numerous cyberattacks, has encountered a data breach following the defacement of its dark web affiliate panels. These panels now display a message stating, “Don’t do crime CRIME IS BAD xoxo from Prague,” along with a...Read More