#ransomware

#ransomware

The Uvalde Consolidated Independent School District will close for most of next week after the district detected ransomware in its servers, according to district officials. The district will close from Sept. 15-18 and will exchange the dates it is closed with other previously scheduled non-working days integrated into the current UCISD calendar. The ransomware detected by the district is affecting several essential online systems, including phones, thermostats, camera monitoring and visitor management systems, among critical services, the district said.

The biggest cyber risk to schools is our kids. Everyone talks about protecting grandma, but the reality is younger generations are the ones getting scammed the most. Gen Z in particular is impatient, naive, and easy to trick. Scam texts and calls bombard them every day, and they have not yet learned to pause and question what they are seeing.

Wednesday's management advisory memorandum from VA's Office of Inspector General reviewed how the agency and Oracle Health were following interface testing procedures at the Captain James A. Lovell Federal Health Care Center in North Chicago, Illinois. VA and the Department of Defense officially announced the launch of the new EHR system at the Chicago medical center in March 2024. VA's software is designed to be interoperable with the Pentagon's similar Oracle Health system.

JLR was attacked earlier, too. In March 2025, JLR was targeted by the HELLCAT ransomware group, which compromised Atlassian Jira credentials to steal hundreds of gigabytes of sensitive data. This new attack, leading to the systematic shutdown of production facilities and retail systems, suggests either a ransomware attack or a significant system compromise. Clearly, JLR needs to immediately implement capabilities to prevent lateral movement that attackers resort to after an initial breach, among other cybersecurity controls.

Ianis Aleksandrovich Antropenko exemplifies the profile of a modern cybercriminal, yet, unlike many others who have faced strict prosecution for similar offenses, the Justice Department has granted him liberties rarely extended to such suspects. The 36-year-old Russian national was arrested almost a year ago in California for his alleged involvement in multiple ransomware attacks from at least May 2018 to August 2022.

"Agentic AI has been weaponized," the company said in a . "AI models are now being used to perform sophisticated cyber attacks, not just advise on how to carry them out."

Anthropic reported last week that a hacker used its technology for an AI-fueled crime spree involving large-scale ransomware attacks. The attacker used the Claude chatbot for recon, code generation, credential theft, infiltration, and ransom notes against 17 organizations, including healthcare providers, government agencies, religious charities, and a defense contractor. The AI even helpfully proposed ransom amounts, ranging from $75,000 to $500,000 in Bitcoin. This marks the first known case where AI choreographed an entire extortion scheme, automating nearly every step.

Miljödata runs HR, sick leave, and incident reporting systems for approximately 80 percent of Sweden's municipalities, making it a juicy single point of failure. Over the weekend, those systems went dark, leaving councils from Gotland and Halland to Karlstad and Skellefteå unable to access key services. Miljödata CEO Erik Hallén confirmed on August 25 that the disruption was the result of a cyberattack that had affected 200 of Sweden's 290 municipalities.

Two alleged Taiwanese clients of a Chinese ransomware group behind attacks on the Mackay Memorial Hospital and other targets in Taiwan have been arrested and released on bail. According to a Ministry of Justice Investigation Bureau, between February and March, the group CrazyHunter used ransomware to attack hospitals, publicly listed companies, and academic institutions, per CNA. Victims who refused to pay ransoms informed the bureau's Taipei field office.

AI isn't just helping white-collar workers be more productive - it's also aiding white-collar criminals. Anthropic said in a Wednesday report that it detected and thwarted cybercriminals attempting to carry out hacks using the startup's AI tool, Claude. While AI has been used in hacking efforts for years, Anthropic said advances in the technology mean it's being used to "perform" cyberattacks throughout the entire operation - and with smaller teams.

Ransomware is malicious code designed to lock you out of your own data, typically by encrypting files or entire systems and then demanding payment, usually in cryptocurrency, to restore access. Victims are left with impossible choices: pay the ransom and hope the attacker delivers the key, or lose access permanently, sometimes along with the public exposure of stolen data. This isn't just about frozen spreadsheets or lost vacation photos.

"The Company is working diligently to restore the affected systems," the manufacturer said in a Form 8-K filed with the US Securities and Exchange Commission yesterday. The ransomware attack "temporarily impacted the Company's operations, including internal/external communications, shipping, receiving, manufacturing production, and various other support functions," it continued. Data I/O also claims that, while it has restored some of its functions, others remain offline, with no timetable for a fix. An investigation is ongoing.

Warlock, the emergent cyber crime gang that claims it is holding UK network and telecoms services provider Colt's data to ransom, appears to have hit multiple other victims in the past few weeks, it has emerged. This is according to data supplied through the open source RansomLook.io information service, which is currently tracking 475 ransomware gangs across hundreds of dark web forums, markets and other channels. Warlock has claimed a total of 22 new victims since since 16 August, according to the data.

"The company's preliminary investigation determined that a threat actor gained unauthorized access to, and encrypted certain of, the company's systems," Inotiv says.

The existence of the exploit was first reported last week by vx-underground, which said it was released by Scattered Lapsus$ Hunters, a new fluid alliance formed by Scattered Spider and ShinyHunters.

"What you mentioned around, you know, data being leaked, that's vital intelligence for law enforcement, for threat researchers, and that's the big takeaway from a lot of these takedowns, I guess. In the wake of that, you're seizing domains, you're seizing servers, you're getting really valuable information on how these organizations work."

Recovery isn't a last resort - it's a strategy. The organizations that plan and rehearse their recoveries are the ones that come through an attack strongest.

The reality of today's threat landscape demands a holistic approach to cyber resilience, which requires organizations to do more than just prevent attacks.

The data dump from a ransomware group, labeled under a medical practice, actually contained files from a tax preparation service named Lacerte, not any patient data or office files.