Published On : 2025-05-08 Ransomware of the week CYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring various forums. This includes multiple – industries, geography, and technology – that could be relevant to your organization. Type: RansomwareTarget Technologies: MS Windows IntroductionCYFIRMA Research and Advisory Team has found LockZ...Read More

LockBit, one of the most notorious and prolific cybercrime groups, has been compromised, handing law enforcement and threat intelligence experts a trove of critical insider information. On May 7, a cyber threat actor known as “Rey” on X discovered that LockBit’s dark web affiliate panels had been defaced and replaced with a message and a...Read More

Malicious payloads NETXLOADER and SmokeLoader have been leveraged by the Qilin ransomware gang, also known as Agenda, to escalate attacks against telecommunications, healthcare, financial services, and technology organizations in the U.S., Brazil, the Netherlands, India, and the Philippines during the first three months of 2025, reports GBHackers News. Advanced obfuscation methods, including JIT hooking and...Read More

BleepingComputer reports that the LockBit ransomware operation has been impacted by a data breach resulting in the defacement of its admin panels to include a message with a link redirecting to an archive file, which threat actor Rey noted to have an SQL file from its affiliate panel’s MySQL database. Additional analysis of the exposed...Read More

Ransomware-as-a-Service (RaaS) has solidified its position as the dominant framework driving ransomware attacks in 2024, according to the latest insights from Kaspersky ahead of International Anti-Ransomware Day on May 12. Kaspersky Security Network data reveals an 18% drop in ransomware detections from 5,715,892 in 2023 to 4,668,229 in 2024, yet the share of affected users...Read More

Patched Windows zero-day vulnerability (CVE-2025-29824) in the Common Log File System (CLFS) driver was exploited in attacks linked to the Play ransomware operation prior to its disclosure on April 8, 2025. The flaw, which enabled privilege escalation via a use-after-free condition in the clfs.sys kernel driver, was weaponized by Balloonfly, the cybercrime group behind Play...Read More

LockBit has suffered a data breach following panel defacement. (Photo: Tero Vesalainen/ Shutterstock) LockBit, a ransomware group known for numerous cyberattacks, has encountered a data breach following the defacement of its dark web affiliate panels. These panels now display a message stating, “Don’t do crime CRIME IS BAD xoxo from Prague,” along with a link...Read More

LockBit Ransomware Gang Hacked, 59,975 Bitcoin Addresses Leaked; German Crypto Platform eXch Seized with €34 Million Amid Laundering Probe – “The Defiant”  The Defiant Source link .........................Read More

Amid the ongoing tensions between India and Pakistan (here, here, & here), a post (here, here, here, and here) claiming that ATMs across the country will be closed for 2–3 days due to cyberattacks by Pakistan is being widely circulated on social media platforms. The post reads: ‘ATMs will be closed for the next 2–3...Read More

Iowa County’s computer network was impacted by ransomware last week, officials confirmed Friday. The county detected suspicious activity on the network on April 28, and announced on April 30 that part of the network went offline. Cybersecurity experts were brought in to investigate, and determined that ransomware was the cause of the issue. A county...Read More