#ransomware

#ransomware

Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself. BYOVD refers to an adversarial technique that abuses legitimate but flawed driver software to escalate privileges and disable Endpoint Detection and Response (EDR) solutions so that malicious activities go unnoticed. The strategy has been adopted by many ransomware groups over the years.

To be clear, ransomware isn't going anywhere, and adversaries continue to innovate. But the data shows a clear strategic pivot away from loud, destructive attacks toward techniques designed to evade detection, persist inside environments, and quietly exploit identity and trusted infrastructure. Rather than breaking in and burning systems down, today's attackers increasingly behave like Digital Parasites. They live inside the host, feed on credentials and services, and remain undetected for as long as possible.

In its annual Red Report, a body of research that analyzes real-world attacker techniques using large-scale attack simulation data, Picus Labs warns cybersecurity professionals that threat actors are rapidly shifting away from ransomware encryption to parasitic "sleeperware" extortion as their means to loot organizations for millions of dollars per attack. Released today and now in its sixth year, the 278-page Red Report gets its name from Picus-organized cybersecurity exercises that take the perspective of the attacker's team, otherwise known as the "red team."

A coding error, possibly introduced thanks to over-reliance on artificial intelligence (AI) vibe coding tools, has rendered an emergent strain of ransomware an acutely dangerous threat, according to researchers at Halcyon's Ransomware Research Center (RRC). The Sicarii ransomware-as-a-service (RaaS) operation emerged from the cyber criminal underground in December 2025, when it started advertising for affiliates on the dark web.

In 2025, the frequency of healthcare data breaches more than doubled. However, the number of patient records exposed has significantly decreased, indicating a shift in the data breach landscape, according to a new report from Fortified Health Security.

OCR continues to execute its enforcement mission under its statutory and regulatory authorities regarding civil rights, exercise of conscience, and health information privacy and security, and breach notification. OCR continues to investigate complaints filed, to conduct compliance reviews, and to review breaches of unsecured protected health information. OCR will be responsive to the HIPAA trends and compliance issues within OCR's jurisdiction that are affecting the public and the regulated industry.

Midway through a decade that is coming to be defined by the runaway acceleration of technological change, the threat of ransomware attacks seems to be dropping down the agenda in boardrooms around the world, with C-suite executives more concerned about growing risks arising from artificial intelligence (AI) vulnerabilities, cyber-enabled fraud and phishing attacks, disruption to supply chains, and exploitation of software vulnerabilities.

Trackers keeping an eye on ransomware leak sites logged more than 8,000 claimed victims worldwide in 2025, a rise of more than 50 percent compared to 2023. The counts come from outfits watching dark web shaming pages such as Ransomware.live and RansomLook.io, so they only include cases where crooks decided to post receipts. Plenty of victims, Emsisoft says, will have paid up, recovered, or kept quiet without ever appearing on a leak site.

US feds have dismantled a crypto laundering service that they say helped cybercrooks wash tens of millions of dollars in dirty digital cash, seizing its servers and unsealing charges against an alleged Russian operator. The FBI, working with cops in Europe and a grab bag of state and federal agencies, announced this week that it has taken down the infrastructure behind E-Note, an unlicensed virtual currency exchange accused of acting as a financial rinse cycle for ransomware crews, account takeover gangs, and other online criminals.

Hundreds of millions of computers worldwide are still running Windows 10, months after the one-time king of PC operating systems officially passed its end-of-support deadline. If you're responsible for one of those machines and you aren't ready to upgrade to Windows 11, you can sign up today for an Extended Security Updates (ESU) subscription -- consumers can get those updates free through October 2026, as I explain here: How to get free Windows 10 security patches on your PC - from now to October 2026.

In a post on its dark web leak site, seen by The Register, Everest said: "Files contain this information and much more: Binary segmentation modules, Source code & patches, RAM dumps & memory logs, AI models & weights, OEM internal tools & firmware, Test videos, Calibration & dual-camera data, Image datasets, Crash logs & debug reports, Evaluation & performance reports, HDR, fusion, post processing data, Test APKs, experimental apps, Scripts & automation, Small config binary calibration files."

Encryption rates in ransomware attacks on manufacturing companies have fallen sharply. Only 40 percent of attacks resulted in actual encryption, the lowest level in five years and a significant drop from 74 percent last year. However, attackers are compensating for this with a different tactic: extortion without encryption rose from 3 percent in 2024 to 10 percent in 2025. They are increasingly relying on stolen data as a means of pressure.

Among the benefits, tabletop exercises simulate a real-life attack so firms can put incident response plans to the test, including decision-making processes, communications and technical measures. When done well, tabletop exercises can expose blind spots and help response teams "build the muscle memory needed to act fast when the real thing hits", says Adam Harrison, managing director in the cyber security practice at FTI Consulting. So what types of tabletop exercises are available and how can you use them in your business?