Tag: ransomware as a service
New ransomware threat emerges in 2025
A new and unusually dangerous and sophisticated gang of cybercriminals, named BlackLock, has emerged as a major ransomware threat in 2025. Cybersecurity company Reliaquest observed a staggering 1,425 percent increase in the gang’s activities in the last quarter of 2024. Its ransomware is built to target Windows, VMWare ESXi, and Linux environments and is designed as a double-extortion attack, which involves not only locking the target organization’s critical data by encrypting it, but also by identifying sensitive information and threatening to expose it. “BlackLock’s rise has been both swift and strategic, targeting organizations across a wide range of sectors and geographies,” reports Reliaquest.
‘Hellcat’ is new breed of cybercriminal
A ransomware gang, Hellcat, that emerged in 2024 is being seen as representative of a new type of threat actor using off-the-shelf malware and innovative extortion techniques. According to cybersecurity company Cato Networks: “Hellcat’s emergence in 2024 marks a troubling shift in the landscape of cybercrime. By leveraging a ransomware-as-a-service (RaaS) model and utilizing double extortion tactics, Hellcat has not only increased the accessibility of ransomware but also heightened the psychological impact on its victims.”
AI enables ransomware boom
A new ransomware group, named Funksec, is the latest example of relatively inexperienced cybercriminals using AI to develop weaponized malware. The group claims that over 85 organizations fell victim to its ransomware attacks in December alone, potentially surpassing every other ransomware group in terms of victim numbers. According to Check Point Research: “FunkSec operators appear to use AI-assisted malware development which can enable even inexperienced actors to quickly produce and refine advanced tools…Presenting itself as a new Ransomware-as-a-Service (RaaS) operation, FunkSec appears to have no known connections to previously identified ransomware gangs.”
Ransomware alert for US critical infrastructure
The US Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) have jointly issued a stark warning. The Phobos ransomware-as-a-service (RaaS) model is now being widely used by threat actors of all kinds to attack a wide variety of critical infrastructure across America. “Since May 2019, Phobos ransomware targeted municipal and county governments, emergency services, education, public healthcare, and other critical infrastructure entities,” says the joint cybersecurity advisory document. Phobos RaaS is particularly dangerous as it is an off-the-shelf software that can be deployed by even relatively unskilled threat actors in conjunction with other open-source tools such as Smokeloader, Cobalt Strike, and Bloodhound. These tools are all widely accessible and easy to use in various operating environments, making Phobos the obvious go-to choice for a wide variety of threat actors.
BlackCat turns to ‘Munchkin’ to advance hacker operations – October 23rd
The BlackCat ransomware group has employed the use of a new tool, called Munchkin, making the Ransomware-as-a-Service (Raas) operation more attractive to potential affiliates. This is because Munchkin allows for the use of remote systems to deploy encryptors on network devices. After violating a device's security, the threat actors are able to install something called a VirtualBox, which enhances their ability to propagate a malicious payload across victim networks.