By Rae Ann Varona ( May 1, 2025, 10:35 PM EDT) — DaVita Inc. is facing at least two proposed class actions over a data breach the kidney care provider announced in April, with current and former patients alleging Wednesday in Colorado federal court that data thieves have already engaged in identity theft and fraud...Read More
Over the past year, a clear pattern has emerged across the threat landscape: ransomware operations are increasingly relying on compartmentalized affiliate models. In these models, initial access brokers (IABs) [6], malware loaders, and post-exploitation operators work together. Due to those specialization roles, a new generation of loader campaigns has risen. Threat actors increasingly employ loader...Read More
‘We will continue to provide updates as we make progress,’ the company said in a blog post. Hitachi Vantara has confirmed experiencing a ransomware incident that disrupted some systems, with servers remaining offline and the support connect feature for partners made inaccessible for now. The Santa Clara, Calif.-based hybrid cloud infrastructure and data protection products...Read More
I’ve been speaking a lot lately about one of my favorite topics: the need for threat prioritization. The threat landscape is expanding and evolving. The volume of threats continues to increase, especially in the ransomware space, which has seen longstanding groups splinter and new ones emerge organically. And tradecraft is growing and evolving as well....Read More
Guest blog courtesy of Halcyon.Hellcat is a rapidly evolving ransomware strain that has distinguished itself through innovative and highly effective tactics, techniques, and procedures (TTPs). Since emerging in mid-2024, it has targeted critical sectors such as government, education, and energy with increasing precision and sophistication. Operating under a Ransomware-as-a-Service (RaaS) model, Hellcat combines business scalability...Read More
Table of Contents Ransomware Evolution Payment Rates Types of Ransomware Attack Vectors TTPs Victimology As we approach the one year anniversary of two prominent ransomware group collapses (Lockbit and BlackCat/ALPHV), we find the ransomware ecosystem to be as fractured and uncertain as it did in the months following these events. The Ransomware-as-a-Service (RaaS) model remains...Read More
DOWNTOWN BROOKLYN — A UKRAINIAN NATIONAL HAS BEEN EXTRADITED FROM SPAIN and was scheduled to be arraigned at federal court in Brooklyn on Thursday afternoon, May 1. A superseding indictment was unsealed charging the defendant, Artem Stryzhak, with conspiracy to commit fraud, extortion and related acts in connection with computers, and for his role in...Read More
( May 1, 2025, 17:45 GMT | Official Statement) — MLex Summary: The US Department of Justice announced a superseding indictment accusing Artem Stryzhak of conspiring to commit fraud and related activity, including extortion, in connection with computers, for his role in a series of international attacks using the Nefilim ransomware. Stryzhak, a Ukrainian citizen,...Read More
Four days after a ransomware attack hit DuPage County computers, officials have offered little information about the incident — including whether there was any breach of data — but offered assurances that the government continues to function. “Thanks to extensive planning and preparedness efforts, we have been able to ensure the continuity of operations for...Read More
