Miljödata runs HR, sick leave, and incident reporting systems for approximately 80 percent of Sweden's municipalities, making it a juicy single point of failure. Over the weekend, those systems went dark, leaving councils from Gotland and Halland to Karlstad and Skellefteå unable to access key services. Miljödata CEO Erik Hallén confirmed on August 25 that the disruption was the result of a cyberattack that had affected 200 of Sweden's 290 municipalities.
Two alleged Taiwanese clients of a Chinese ransomware group behind attacks on the Mackay Memorial Hospital and other targets in Taiwan have been arrested and released on bail. According to a Ministry of Justice Investigation Bureau, between February and March, the group CrazyHunter used ransomware to attack hospitals, publicly listed companies, and academic institutions, per CNA. Victims who refused to pay ransoms informed the bureau's Taipei field office.
AI isn't just helping white-collar workers be more productive - it's also aiding white-collar criminals. Anthropic said in a Wednesday report that it detected and thwarted cybercriminals attempting to carry out hacks using the startup's AI tool, Claude. While AI has been used in hacking efforts for years, Anthropic said advances in the technology mean it's being used to "perform" cyberattacks throughout the entire operation - and with smaller teams.
Ransomware is malicious code designed to lock you out of your own data, typically by encrypting files or entire systems and then demanding payment, usually in cryptocurrency, to restore access. Victims are left with impossible choices: pay the ransom and hope the attacker delivers the key, or lose access permanently, sometimes along with the public exposure of stolen data. This isn't just about frozen spreadsheets or lost vacation photos.
"The Company is working diligently to restore the affected systems," the manufacturer said in a Form 8-K filed with the US Securities and Exchange Commission yesterday. The ransomware attack "temporarily impacted the Company's operations, including internal/external communications, shipping, receiving, manufacturing production, and various other support functions," it continued. Data I/O also claims that, while it has restored some of its functions, others remain offline, with no timetable for a fix. An investigation is ongoing.
Warlock, the emergent cyber crime gang that claims it is holding UK network and telecoms services provider Colt's data to ransom, appears to have hit multiple other victims in the past few weeks, it has emerged. This is according to data supplied through the open source RansomLook.io information service, which is currently tracking 475 ransomware gangs across hundreds of dark web forums, markets and other channels. Warlock has claimed a total of 22 new victims since since 16 August, according to the data.
The existence of the exploit was first reported last week by vx-underground, which said it was released by Scattered Lapsus$ Hunters, a new fluid alliance formed by Scattered Spider and ShinyHunters.
"What you mentioned around, you know, data being leaked, that's vital intelligence for law enforcement, for threat researchers, and that's the big takeaway from a lot of these takedowns, I guess. In the wake of that, you're seizing domains, you're seizing servers, you're getting really valuable information on how these organizations work."
Recovery isn't a last resort - it's a strategy. The organizations that plan and rehearse their recoveries are the ones that come through an attack strongest.
Ransomware is a predatory crime that puts the public at risk, wrecks livelihoods and threatens the services we depend on. That's why we're determined to smash the cyber criminal business model and protect the services we all rely on as we deliver our plan for change.
Ransomware-as-a-Service (RaaS) allows inexperienced threat actors to launch large-scale attacks, exfiltrate sensitive data, and disable recovery infrastructure, pushing businesses to reassess their strategies.