Ransomware attacks have loomed for years as an urgent digital threat with no easy solution -especially as they have evolved to include data grab-and-leak attacks that may not even involve data-encrypting malware at all. Traditional ransomware that locks up files and systems is still rampant, though, and Google on Tuesday launched a new defense for its Google Drive for desktop apps that aims to quickly detect ransomware activity and halt cloud syncing before an infection can spread.
The Windows variant now loads payloads via DLL reflection and employs aggressive anti-analysis packing; the Linux variant accepts command-line directives to tailor which directories and file types to hit; and the ESXi version is built to seize virtualization infrastructure by encrypting VMs. What's more, each encrypted file is stamped with a random 16-character extension, a move designed to make restoring your data even more of a nightmare.
The company said in an SEC filing that it became aware of the cybersecurity incident on September 19. The disclosure does not mention Collins Aerospace, the subsidiary that offers the impacted airport check-in and boarding solutions. RTX confirmed that customers have resorted to backup and manual processes, which has led to flights being delayed and cancelled. The company explained that ransomware was found on "systems that support its Multi-User System Environment (MUSE) passenger processing software," adding, "This software enables multiple airlines to share check-in and gate resources at airports, including baggage handling.
The 80th session of the United Nations General Assembly is in New York this week. One issue that's at the top of the agenda is connected to the war in Gaza. Several countries announced over the weekend that they will formally recognize a state of Palestine. Other US allies are doing the same this week. Also, from London to Brussels and Berlin, some of Europe's biggest airports are grappling with a ransomware attack that has caused delays and cancellations.
A cyberattack that has caused major airport disruptions in the United Kingdom, Germany and Belgium was caused by ransomware, the European Union Agency for Cybersecurity (ENISA) says. In a statement on Monday, ENISA said law enforcement was involved to investigate the software that holds data until those targeted pay to have their access back.
In a report examining the malicious use of LLMs, the cybersecurity company said AI models are being increasingly used by threat actors for operational support, as well as for embedding them into their tools - an emerging category called LLM-embedded malware that's exemplified by the appearance of LAMEHUG (aka PROMPTSTEAL) and PromptLock. This includes the discovery of a previously reported Windows executable called MalTerminal that uses OpenAI GPT-4 to dynamically generate ransomware code or a reverse shell.
On January 23, 2025, the Bian Lian ransomware gang added the Medical Associates of Brevard ("MAB") to its dark web leak site. At the time, they listed the types of data they claimed to have acquired, but did not provide any screenshots or proof of claims. Months later, BianLian went offline. What happened to any data they may have exfiltrated is not currenlty known to DataBreaches, but on September 5, 2025, MAB notified HHS that 246,711 patients were affected by the incident.
The era where two or three RaaS operators controlled the majority of incidents appears to be over - at least for now. The distinction between initial access brokers, affiliates and core operators has become increasingly blurred.
The Uvalde Consolidated Independent School District will close for most of next week after the district detected ransomware in its servers, according to district officials. The district will close from Sept. 15-18 and will exchange the dates it is closed with other previously scheduled non-working days integrated into the current UCISD calendar. The ransomware detected by the district is affecting several essential online systems, including phones, thermostats, camera monitoring and visitor management systems, among critical services, the district said.
The biggest cyber risk to schools is our kids. Everyone talks about protecting grandma, but the reality is younger generations are the ones getting scammed the most. Gen Z in particular is impatient, naive, and easy to trick. Scam texts and calls bombard them every day, and they have not yet learned to pause and question what they are seeing.