May 08, 2025Ravie LakshmananThreat Intelligence / Ransomware Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of a campaign observed in November 2024. “NETXLOADER is a new .NET-based loader that plays a critical role in cyber attacks,”...Read More

Top-Rated Ransomware Defense, Web Security, and 24/7 Digital Protection for 38% Off  PCMag Source link .........................Read More

Hackers breached LockBit’s backend, releasing a database with thousands of Bitcoin addresses and key evidence of the ransomware group’s financial structure. Nearly 60,000 Bitcoin addresses linked to LockBit’s ransomware operations have been exposed following a major breach of the group’s dark web affiliate panel. The leak, which included a MySQL database dump, was shared publicly...Read More

A new report from cyber insurance specialist Coalition finds the majority of 2024 claims (60 percent) originated from business email compromise (BEC) and funds transfer fraud (FTF) incidents, with 29 percent of BEC events resulting in FTF. Ransomware claims did stabilize in 2024 but they remain the most costly and disruptive type of cyberattack. “Over...Read More

Ransomware as a service. What is ransomware as a service? Ransomware as a service is a business model where ransomware operators and third parties, called “affiliates”, work together to launch ransomware attacks. RaaS was first identified in 2012 with the Reveton ransomware strain, and in the subsequent decade, it has exploded into a sophisticated and...Read More

Shayimamba Conco, cyber security expert at Check Point. Ransomware attacks rebounded in 2024 after law enforcement took down LockBit and Noberus, two of the most prolific ransomware syndicates. The former was said to have been responsible for around 25% of all victims listed on ransomware leak sites in 2023. In February 2025, the Cybersecurity and...Read More

Almost 60,000 Bitcoin addresses tied to LockBit’s ransomware infrastructure were leaked after hackers breached the group’s dark web affiliate panel.  The leak included a MySQL database dump shared publicly online. It contained crypto-related information that could help blockchain analysts trace the group’s illicit financial flows. Ransomware is a type of malware used by malicious actors....Read More

The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber extortion rings, has itself become the victim of a major cyberattack. On May 7, attackers breached and defaced the group’s dark web sites, leaking a trove of operational data and internal chats in a stunning turn of events that sent shockwaves...Read More

In a significant shift within the cybercriminal ecosystem, Qilin ransomware group has surged to prominence in April 2025, orchestrating 74 cyber attacks globally according to the latest threat intelligence report. This dramatic rise follows the unexpected disappearance of RansomHub, which had dominated the ransomware landscape since early 2024 but claimed just three attacks in April...Read More

The notorious LockBit ransomware operation has suffered a significant breach. Attackers defaced their dark web infrastructure and leaking a comprehensive database containing sensitive operational details on May 7. The hack represents a major blow to one of the world’s most prolific ransomware groups. Visitors to LockBit’s dark web sites are now greeted with a defiant...Read More