#ransomware

#ransomware

Cybercrime fighters in the US, UK, and Australia have imposed sanctions on several Russia-linked entities they claim provide hosting services to ransomware gangs Lockbit, BlackSuit, and Play. The sanctions target an organization called "Media Land," an entity that the US Department of Treasury describes as a provider of hosting services to "criminal marketplaces and ransomware actors" and which allowed its infrastructure to be used for "multiple distributed denial-of-service (DDOS) attacks against U.S. victim companies and critical infrastructure."

Ransomware doesn't knock on the front door. It sneaks in quietly, and by the time you notice, the damage is already done. Backups, replication, and cloud storage help recover from ransomware, but when it strikes, these products may not be enough. You copy your data and ensure copies are recoverable when needed. Replication is often viewed as the gold standard of protection. It is fast, efficient, and seems like an easy answer. Two common types of replication are in use today.

In a statement published this week, Synnovis said the investigation "took more than a year to complete because the compromised data was unstructured, incomplete and fragmented, and often very difficult to understand." It added that specialist incident response teams had to use "highly specialized platforms and bespoke processes" to work through terabytes of jumbled information and identify which healthcare providers' patients were affected.

Martin had apparently seen how this system worked in practice through his job, and he approached a pair of other people to help him make some easy cash. One of these people was allegedly Ryan Goldberg of Watkinsville, Georgia, who worked as an incident manager at the cybersecurity firm Sygnia. Goldberg told the FBI that Martin had recruited him to "try and ransom some companies."

Imagine this: Sarah from accounting gets what looks like a routine password reset email from your organization's cloud provider. She clicks the link, types in her credentials, and goes back to her spreadsheet. But unknown to her, she's just made a big mistake. Sarah just accidentally handed over her login details to cybercriminals who are laughing all the way to their dark web marketplace, where they'll sell her credentials for about $15. Not much as a one-off, but a serious money-making operation when scaled up.

"Sanctions will not deter all malicious cyber activity," he said. "What they can do is complicate operations, raise costs, disrupt enabling infrastructure and signal collective resolve." Saiz explained that sanctions can deter adversaries by imposing friction, restricting access to various resources - both financial and technical - and making threat actor networks publicly toxic, such as the UK's National Crime Agency (NCA) did to LockBit with some success. However, he warned, cyber sanctions do not deter every threat actor and their practical impact varies wildly.

In the past year, the rapid democratization of AI has opened the door for a new class of haunting threats. Malware creation, once a domain requiring deep expertise and significant time, can now be automated in mere seconds. It's no longer about who has the most sophisticated tools, but who can leverage AI the fastest - and the current advantage favors the bad actors. It's like a haunted house gone wrong, and the monsters are in control.

Typically, when ransomware gets into a Windows machine, it first scans the cached memory, registry keys, file paths, and running processes to see whether the system is already infected, running on a malware analyst's computer, or trying to run in the sandboxed environment of a virtualized machine. If it sees any of these signs, it gives up, but if not, the ransomware sends a message back to the cybercriminals' servers

In what officials described as a call to arms, national security officials and ministers are urging all organisations, from the smallest businesses to the largest employers, to draw up contingency plans for the eventuality that your IT infrastructure [is] crippled tomorrow and all your screens [go] blank. The NCSC, which is part of GCHQ, said highly sophisticated China, capable and irresponsible Russia, Iran and North Korea were the main state threats, in its annual review published on Tuesday.

Dozens of Orgs Impacted by Exploitation of Oracle EBS Flaw - Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle's E-Business Suite (EBS) software since August 9, 2025, according to Google Threat Intelligence Group (GTIG) and Mandiant. The activity, which bears some hallmarks associated with the Cl0p ransomware crew, is assessed to have fashioned together multiple distinct vulnerabilities, including a zero-day flaw tracked as CVE-2025-61882 (CVSS score: 9.8), to breach target networks and exfiltrate sensitive data.

Salesforce Inc. told customers Tuesday that it won't pay a ransom demand from a hacker who claimed to have stolen a large amount of client data and threatened to publish it, according to an email seen by Bloomberg News. The company said in a security notification that it had received "credible threat intelligence" indicating that a hacking group, known as ShinyHunters, was planning to share information stolen during a security incident earlier in the year involving a number of its customers, according to the email.

In a very aggressive - and disgusting - attempt to extort a ransom payment from Kido, the criminals published profiles of 10 children, including photos, names, and home addresses, along with their parents' contact details and in some cases places of work, threatening to expose more if the ransom demand wasn't met. A new crime crew calling itself the Radiant Group claimed responsibility for the attack, and posted the preschool's name, along with its pupils' profiles, as the first leak on its dark web site. The ransomware gang later deleted the kids' and parents' data, apparently under pressure from other criminals - but not before some of the parents reported receiving threatening calls.