Tag: Ransomware
Ransomware group offers cyber gangs legal advice
A new cybercriminal group, Qilin, is rapidly establishing dominance in the murky world of ransomware by providing not just ransomware-as-a-service (RaaS) but a full soup-to-nuts cybercrime service .In addition to the malware, Qilin also provides a full suite of legal guidance for criminals together with operational and storage features. According cybersecurity company, Cybereason, Qilin is positioning itself not just as a ransomware group, but as a full cybercrime service.
Teenage hackers run rings around cyber-defenses
The recent UK retail cyberattacks that impacted Marks & Spencer and the Co-Op supermarket chain are only the tip of a very large iceberg that now threatens organizations on both sides of the Atlantic. Although media reports have attributed the attacks to a group named “Scattered Spider,” the actual threat is far bigger. For a start, there is no criminal group that actually calls itself “Scattered Spider”, which is just a made-up name attributed by cybersecurity researchers. These attacks and many others in the US and the UK are now known to be the work of a vast sprawling network of hackers, some as young as 14, spread across the US and the UK. They call themselves “the Community”, or “the Com” for short, and are essentially a vast teenage subculture of criminal hackers.
Victoria’s Secret Shuts Down U.S. Website Amid Security Incident – May 29th
In today's daily roundup - Victoria's Secret website faces a security breach, SentinelOne experienced a global service disruption affecting customer-facing services, and Chinese state-sponsored group APT41 is using Google Calendar to embed malware on compromised devices
Stealth spyware strikes healthcare sector
Following an investigation by the Federal Bureau of Investigation (FBI), a pharmacist at the University of Maryland Medical Center, Dr. Matthew Bathula, is accused of allegedly carrying out a decade-long campaign of cyber-voyeurism. According to local newspaper, the Baltimore Banner, Bathula allegedly watched the women colleagues in real-time, including one while she was home breastfeeding, undressing, and having sex with her husband. Six of the women are suing the hospital for negligence.
UK defence ministry ‘loses’ 269 phones
The UK Ministry of Defence (MoD) has egg all over its face following its admission that over 269 of its phones went missing between January 1 and February 27. This is a record number, even for the MoD, which lost 262 phones in total in 2023 and 2024. The astonishing total of how many phones were recorded as lost, misplaced or stolen in the first two months of this year only came to light in response to a question asked in the UK parliament by the shadow defence secretary, James Cartlidge. The fact that a security-conscious organization such as the MoD could lose track of so many devices only evidences the increasing overlap between cybersecurity and physical security. Once a device such as a smartphone is in the hands of a threat actor, it can provide a portal to enable all kinds of cyber-attacks.
Elon Musk Blames ‘Massive Cyberattack’ for Widespread X Outage – March 10th
Social media platform X suffered a major outage on March 10, with tens of thousands of users unable to access the site. Owner Elon Musk blamed the disruption on a "massive cyberattack," suggesting that a well-funded group or nation-state may have been involved. The outage, which peaked around 10 a.m. EST, affected both the X app and website, with intermittent service disruptions continuing throughout the day. As frustrated users flocked to alternative platforms like Threads and Bluesky, concerns grew over the security of X’s infrastructure.
Lee Enterprises Investigating Ransomware Claim, Data Leak Threat – March 3rd
Lee Enterprises is investigating a claim from the Qilin ransomware group, which alleges it stole 350GB of data from the newspaper chain’s network in an early February attack. According to SentinelOne researchers, Qilin has threatened to begin leaking data on March 5, though the specific ransom demand remains unknown. A Lee Enterprises spokesperson confirmed awareness of the claims but provided no further details on the investigation.
DragonForce Ransomware Hits Saudi Firm, 6TB of Data Leaked – February 27th
A Riyadh-based real estate and construction company has fallen victim to a ransomware attack by DragonForce, resulting in the theft of 6TB of sensitive data. The attackers initially set a February 27 ransom deadline, one day before the start of Ramadan, but upon non-compliance, published the stolen data on a dedicated leak site (DLS). DragonForce operates as a Ransomware-as-a-Service (RaaS) group, equipping cybercriminals with attack tools in exchange for a share of ransom payments. Their leak platform also employs advanced CAPTCHA mechanisms to evade security firms.
Ransomware attacks on industrial systems double in one year
Ransomware attacks on the operational technology (OT) and industrial control systems (ICS) that run industrial facilities almost doubled in 2024. According to Washington DC-based industrial cybersecurity company Dragos, ransomware attacks on industrial organizations in 2024 increased by a staggering 87 percent over the previous year. The main industries targeted were: electricity and water; industrial manufacturing; telecommunications; oil and gas; food and beverage; chemical manufacturing; mining, transportation, and logistics. Manufacturing, which accounted for 69 percent of all ransomware attacks targeting 1,171 manufacturing entities, was by far the worst hit.
New ransomware threat emerges in 2025
A new and unusually dangerous and sophisticated gang of cybercriminals, named BlackLock, has emerged as a major ransomware threat in 2025. Cybersecurity company Reliaquest observed a staggering 1,425 percent increase in the gang’s activities in the last quarter of 2024. Its ransomware is built to target Windows, VMWare ESXi, and Linux environments and is designed as a double-extortion attack, which involves not only locking the target organization’s critical data by encrypting it, but also by identifying sensitive information and threatening to expose it. “BlackLock’s rise has been both swift and strategic, targeting organizations across a wide range of sectors and geographies,” reports Reliaquest.
Healthcare cyber-attacks now “a national security threat”
Search engine giant's Google Threat Intelligence Group reports that cybercriminal and state-backed cyber-attacks on the healthcare sector in countries such as the US and UK have escalated to a level where they are actually costing lives. “Healthcare's share of posts on data leak sites has doubled over the past three years, even as the number of data leak sites tracked by Google Threat Intelligence Group has increased by nearly 50% year over year. The impact of these attacks means that they must be taken seriously as a national security threat, no matter the motivation of the actors behind it,” says Google.
‘Dark Unicorns’ target US healthcare
Ransomware attacks on the healthcare sector have risen by a third in 2024 with the US the prime target. Cybersecurity company Black Kite reports 374 incidents in the past year, a 32.16 percent rise in the number of attacks on the industry over 2023. Healthcare is now among the top targets for ransomware, surpassed only by manufacturing and professional services. The rapid rise in ransomware attacks on the healthcare sector is the result of increasing ruthlessness on the part of ransomware gangs. Until relatively recently, some sectors, such as healthcare and education, were considered off-limits. According to Black Kite, if an affiliated criminal gang attacked a healthcare organization, the core ransomware group would frequently step in, apologizing to the victim organization -sometimes even decrypting the ransomed data for free.