Latest Ransomware news

INC ransomware source code selling on hacking forums for $300,000

A cybercriminal using the name "salfetka" claims to be selling the source code of INC Ransom, a ransomware-as-a-service (RaaS) operation launched in August 2023.
- Bill Toulas
- May 13, 2024
- 04:22 PM
- 0
Botnet sent millions of emails in LockBit Black ransomware campaign

Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign.
- Sergiu Gatlan
- May 13, 2024
- 03:08 PM
- 0
CISA: Black Basta ransomware breached over 500 orgs worldwide

CISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024.
- Sergiu Gatlan
- May 11, 2024
- 10:09 AM
- 0
The Week in Ransomware - May 10th 2024 - Chipping away at LockBit

After many months of taunting law enforcement and offering a million-dollar reward to anyone who could reveal his identity, the FBI and NCA have done just that, revealing the name of LockBitSupp, the operator of the LockBit ransomware operation.
- Lawrence Abrams
- May 10, 2024
- 06:01 PM
- 0
Ascension redirects ambulances after suspected ransomware attack

Ascension, a major U.S. healthcare network, is diverting ambulances from several hospitals due to a suspected ransomware attack that has been causing clinical operation disruptions and system outages since Wednesday.
- Sergiu Gatlan
- May 10, 2024
- 02:51 PM
- 2
Ohio Lottery ransomware attack impacts over 538,000 individuals

The Ohio Lottery is sending data breach notification letters to over 538,000 individuals affected by a cyberattack that hit the organization's systems on Christmas Eve.
- Sergiu Gatlan
- May 10, 2024
- 11:38 AM
- 0
University System of Georgia: 800K exposed in 2023 MOVEit attack

The University System of Georgia (USG) is sending data breach notifications to 800,000 individuals whose data was exposed in the 2023 Clop MOVEit attacks.
- Bill Toulas
- May 08, 2024
- 05:48 PM
- 0
City of Wichita breach claimed by LockBit ransomware gang

The LockBit ransomware gang has claimed responsibility for a disruptive cyberattack on the City of Wichita, which has forced the City's authorities to shut down IT systems used for online bill payment, including court fines, water bills, and public transportation.
- Bill Toulas
- May 08, 2024
- 12:16 PM
- 0
LockBit ransomware admin identified, sanctioned in US, UK, Australia

The FBI, UK National Crime Agency, and Europol have unveiled sweeping indictments and sanctions against the admin of the LockBit ransomware operation, with the identity of the Russian threat actor revealed for the first time.
- Lawrence Abrams
- May 07, 2024
- 10:04 AM
- 2
City of Wichita shuts down IT network after ransomware attack

The City of Wichita, Kansas, disclosed it was forced to shut down portions of its network after suffering a weekend ransomware attack.
- Lawrence Abrams
- May 06, 2024
- 10:34 AM
- 3
Lockbit's seized site comes alive to tease new police announcements

The NCA, FBI, and Europol have revived a seized LockBit ransomware data leak site to hint at new information being revealed by law enforcement this Tuesday.
- Lawrence Abrams
- May 06, 2024
- 07:06 AM
- 0
REvil hacker behind Kaseya ransomware attack gets 13 years in prison

Yaroslav Vasinskyi, a Ukrainian national, was sentenced to 13 years and seven months in prison and ordered to pay $16 million in restitution for his involvement in the REvil ransomware operation.
- Bill Toulas
- May 02, 2024
- 10:44 AM
- 2
French hospital CHC-SV refuses to pay LockBit extortion demand

The Hôpital de Cannes - Simone Veil (CHC-SV) in France announced it received a ransom demand from the Lockbit 3.0 ransomware gang, saying they refuse to pay the ransom.
- Bill Toulas
- May 01, 2024
- 12:38 PM
- 1
Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach

Daily newspaper Philadelphia Inquirer revealed that attackers behind a May 2023 security breach have stolen the personal and financial information of 25,549 individuals.
- Sergiu Gatlan
- April 30, 2024
- 04:12 PM
- 0
Change Healthcare hacked using stolen Citrix account with no MFA

UnitedHealth confirms that Change Healthcare's network was breached by the BlackCat ransomware gang, who used stolen credentials to log into the company's Citrix remote access service, which did not have multi-factor authentication enabled.
- Bill Toulas
- April 30, 2024
- 10:13 AM
- 4
UnitedHealth confirms it paid ransomware gang to stop data leak

The UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to protect sensitive data stolen during the Optum ransomware attack in late February.
- Bill Toulas
- April 23, 2024
- 10:28 AM
- 10
Synlab Italia suspends operations following ransomware attack

Synlab Italia has suspended all its medical diagnostic and testing services after a ransomware attack forced its IT systems to be taken offline.
- Bill Toulas
- April 22, 2024
- 11:27 AM
- 0
Ransomware payments drop to record low of 28% in Q1 2024

Ransomware actors have had a rough start this year, as stats from cybersecurity firm Coveware show that the trend of victims declining to pay the cybercriminals continues and has now reached a new record low of 28%.
- Bill Toulas
- April 21, 2024
- 10:21 AM
- 1
The Week in Ransomware - April 19th 2024 - Attacks Ramp Up

While ransomware attacks decreased after the LockBit and BlackCat disruptions, they have once again started to ramp up with other operations filling the void.
- Lawrence Abrams
- April 19, 2024
- 07:36 PM
- 0
HelloKitty ransomware rebrands, releases CD Projekt and Cisco data

An operator of the HelloKitty ransomware operation announced they changed the name to 'HelloGookie,' releasing passwords for previously leaked CD Projekt source code, Cisco network information, and decryption keys from old attacks..
- Bill Toulas
- April 19, 2024
- 03:20 PM
- 4