ransomware

Ransomware remains one of the most destructive cyber threats in 2025, with operations generating $1.5 billion in revenue — a 20% increase from 2024 — through attacks that encrypt data and demand payment (Chainalysis, November 2025 Crypto Crime Report). However, AI has emerged as a transformative...

Ransomware operations have matured into a highly industrialized cybercrime ecosystem in 2025, leveraging Ransomware-as-a-Service (RaaS) models to generate an estimated $1.5 billion in annual revenue — a 20% increase from 2024 (Chainalysis, November 2025 Crypto Crime Report). These operations...

Ransomware is one of the most dangerous types of malware, designed to block access to victims' files or systems in order to extort money. Unlike traditional viruses, which can simply damage data, ransomware uses cryptography to encrypt files, making them inaccessible without a special key. It's...

• As you know, ransomware has become an inevitable, “background” reality for many companies around the world — and successful attacks and multi-million ransoms only fuel this sector. • Ransomware distribution schemes vary: some choose very unique methods, while others stick to standard options...

Attackers strike at the heart of critical infrastructure. A new group has appeared on the horizon of cyberspace, Interlock, which has developed a ransomware that targets FreeBSD servers. Launched at the end of September 2024, this campaign has already claimed to attack six companies and publish...

ESET Reveals the Dangerous Tandem of MDeployer and MS4Killer. Researchers from ESET have discovered a new piece of malware created by the Embargo group to deploy the ransomware of the same name. The programs are written in the Rust language, which allows Embargo developers to create universal...

Windows event logs know a lot more than you might think. Experts from JPCERT conducted a study that allows you to identify ransomware attacks based on the analysis of Windows event logs. As a rule, one of the most difficult tasks in detecting such attacks is to identify the vector of...

Simple steps to protect files from ransomware. Ransomware-type malware is a serious threat. It encrypts files on the computer, blocking access to them until the victim pays the demanded ransom. Files become hostages, and if it is not possible to cope with the attack by other methods, the user...

Legal traffic becomes the perfect cover for attacks. Security researchers at modePUSH recently discovered that ransomware groups such as BianLian and Rhysida are actively using Microsoft Azure Storage Explorer and AzCopy tools to steal data from compromised networks and then store it in Azure...

Hackers claim to have stolen 487 GB of corporate data. Kawasaki Motors Europe is recovering from a cyberattack organized by the RansomHub ransomware group. The incident caused outages, however, according to company representatives, at the moment active restoration continues, and 90% of the...

Attackers now use legitimate tools to disable protection and steal data. The Malwarebytes team has discovered that the RansomHub ransomware group is using the legitimate TDSSKiller tool to disable the EDR tools on the device. In addition to TDSSKiller, cybercriminals also use LaZagne to collect...

How the virus manages to erase everything while the system is defenseless. Experts have discovered two kinds of files of the main component of the Akira Ransomware: a smaller one (573 KiB) and a larger one (1.005 KiB). Both files are compiled using MSVC and do not contain obfuscation...

Quantum resilience and lightning-fast proliferation are qualitatively changing the cyber threat landscape. The Indian hacking group CyberVolk, originally known by the name GLORIAMIST India, began operations in March 2024 and has since become one of the notable cybercriminal organizations. The...

Since its inception, the group has attacked over two hundred victims. The ransomware-linked hacker group RansomHub has encrypted and stolen data from more than 210 victims since its inception in February 2024, according to US authorities. Among those affected are organizations from various...

The emergence of a new group raises more and more questions about its origin. Truesec experts spoke about the new cybercriminal group Cicada3301, which, working on the RaaS model, has already attacked 19 victims around the world and puzzled security researchers. The name Cicada3301 is borrowed...

How have tech giants strategies changed recently? Victims of ransomware attacks paid out more than $ 459 million to attackers in the first half of 2024, according to a new report. This shocking figure highlights the growing cybersecurity crisis affecting organizations of all types, from large...

Cybercriminals attack the company's reputation by playing noble avengers. According to Sophos, cybercriminals are constantly improving their methods of exerting pressure on victims. Over the past 3 years, the tactics of ransomware operators have changed significantly, and the threats are...

The company reported the loss to the U.S. Securities and Exchange Commission. The American technology company Keytronic reported significant losses as a result of a ransomware attack that occurred in May of this year. In its filing with the U.S. Securities and Exchange Commission (SEC) on...

The focus of cybercriminals is gradually shifting to more solvent victims. Zscaler, a cloud security company, found that hackers from the Dark Angels group received a record $ 75 million cash ransom this year. The name of the affected organization was not disclosed, but it is known that this is...

An analysis of trends and tactics showed how attackers have changed the cybersecurity landscape. Ransomware has become one of the main cyber threats in 2023. NSHC specialists analyzed the attacks and identified many interesting trends and features. During the year, 304 attacks were recorded...