Microsoft Threat Intelligence has released fresh research uncovering how financially motivated actor Storm-0501 has shifted away from traditional ransomware deployment to cloud-native ransomware operations. Known for earlier campaigns targeting U.S. schools and healthcare providers, Storm-0501 has evolved rapidly, adapting to hybrid cloud environments and exploiting critical gaps in security visibility across enterprises. Instead of relying purely on malware...Read More
Over the past year, the Underground ransomware gang has emerged as a formidable threat to organizations across diverse industries and geographies. First identified in July 2023, the group resurfaced in May 2024 with a Dedicated Leak Site (DLS), signaling a renewed and more sophisticated operational phase. Their campaigns now span from the United Arab Emirates...Read More
The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion attacks targeting cloud environments. “Unlike traditional on-premises ransomware, where the threat actor typically deploys malware to encrypt critical files across endpoints within the compromised network and then negotiates for a decryption key, cloud-based ransomware introduces...Read More
Las Vegas — Nevada officials revealed Wednesday that personal information may have been compromised in what was described as a “sophisticated ransomware-based cybersecurity attack” that occurred Sunday in which hackers infiltrated government networkers and disrupted essential services statewide. Nevada Gov. Joe Lombardo had initially said Monday there were no signs personal data was stolen. However, in...Read More
LAS VEGAS (KSNV) — The state now confirms that the cyberattack on Nevada on Sunday morning was a ransomware attack. For the first time since the incident, there was a press conference on Wednesday in Carson City, where several agencies are working to restore services at state offices. When it comes to the cyber attack...Read More
Global ransomware activity showed minimal change in July, with a marginal 1% increase in reported incidents compared to the prior month, according to a new report by NCC Group. The research found that there were 376 ransomware cases worldwide in July, up from 371 in June. Despite this relative stability in incident figures, experts caution...Read More
A massive ransomware cyberattack that has crippled Nevada’s state government since Sunday has resulted in some data being moved outside of the network by “malicious actors,” state officials said Wednesday. State agency officials would not disclose the nature of the data that was taken outside the state network during the press conference in Carson City,...Read More
One ransomware hit can stall cranes, freeze payroll, and throw entire projects off schedule in hours. With scattered job sites, mobile crews, and countless subcontractor logins, construction firms are prime targets for cybercriminals chasing high payouts. The real cost isn’t just locked files; it’s broken timelines, lost trust, and contracts in jeopardy. The firms staying...Read More
ESET has identified PromptLock, the first AI-powered ransomware, using OpenAI models to generate scripts that target Windows, Linux and macOS. It was only a matter of time before artificial intelligence became a building block for cybercriminals. This week, researchers at ESET revealed what they are calling the first known AI-powered ransomware, a prototype dubbed PromptLock,...Read More
Threat researchers discovered the first AI-powered ransomware, called PromptLock, that uses Lua scripts to steal and encrypt data on Windows, macOS, and Linux systems. The malware uses OpenAI’s gpt-oss:20b model through the Ollama API to dynamically generate the malicious Lua scripts from hard-coded prompts. How PromptLock works According to ESET researchers, PromptLock is written in Golang...Read More
