Sophos has reported that almost half of companies targeted by ransomware attacks paid to regain access to their data, with the median payment amounting to $1 million. Sophos reports found that 46 percent of companies paid ransoms in 2025, the second highest rate in six years.
DISA Global Solutions, Inc., a provider of employment screening services, confirmed a data breach impacting over 3.3 million individuals.
The breach, which occurred between February 9 and April 22, 2024, granted an unauthorized third party access to names, Social Security numbers, driver’s license details, financial account information, and other sensitive data. While forensics could not confirm the exact extent of the stolen data, the exposure raises concerns over identity theft risks for affected individuals.
Ransomware attacks on the operational technology (OT) and industrial control systems (ICS) that run industrial facilities almost doubled in 2024. According to Washington DC-based industrial cybersecurity company Dragos, ransomware attacks on industrial organizations in 2024 increased by a staggering 87 percent over the previous year.
The main industries targeted were: electricity and water; industrial manufacturing; telecommunications; oil and gas; food and beverage; chemical manufacturing; mining, transportation, and logistics. Manufacturing, which accounted for 69 percent of all ransomware attacks targeting 1,171 manufacturing entities, was by far the worst hit.
A Chinese national, Guan Tianfeng, has been accused of involvement in the hacking of 81,000 firewall devices all over the world in 2020. Some of the compromised devices were protecting systems running US critical infrastructure and, had the attacks gone undetected, they could have had potentially deadly consequences. The US Department of State’s Rewards for Justice (RFJ) program has since announced a reward of up to $10 million for information leading to the arrest of Guan and his alleged co-conspirators.
“The defendant and his conspirators compromised tens of thousands of firewalls and then continued to hold at risk these devices, which protect computers in the United States and around the world,” said Assistant Attorney General for National Security Matthew G. Olsen.
Cox Communications fixed an authorization bypass vulnerability that could have enabled threat actors to abuse backend APIs to reset millions of modems and steal customer data.
Discovered by Sam Curry, the exploit gave a similar set of permissions as the ISP tech support.
Organized cybercriminals continue to give artificial intelligence (AI) the cold shoulder. New research from US telecoms conglomerate Verizon confirms a report in November from cybersecurity firm Sophos revealing that cybercriminals judged AI to be “overrated, overhyped and redundant.”
According to Verizon’s 2024 Data Breach Investigations Report: “We did keep an eye out for any indications of the use of the emerging field of generative artificial intelligence (GenAI) in attacks and the potential effects of those technologies, but nothing materialized in the incident data we collected globally…The number of mentions of GenAI terms alongside traditional attack types and vectors such as “phishing,” “malware,” “vulnerability,” and “ransomware” was shockingly low, barely breaching 100 cumulative mentions over the past two years.”
Cyberint released a report that discloses the 22% drop in ransomware cases from Q4 2023 to Q1 2024, or from 1,309 down to 1,048 cases.
The ‘Q1 Ransomware Report’ credits the decrease in ransomware attacks to a major uptick in law enforcement crackdowns on cyber criminal gangs, with notable major actions against LockBit and ALPHV.
Google announced that the Gemini AI chatbot will be restricted to answering any global election-related questions to avoid any potential missteps.
Users have found political questions toward Gemini to result in the answer “I’m still learning how to answer this question. In the meantime, try Google Search.”
‘Pig Butchering’, a new and particularly mean and ruthless form of cryptocurrency fraud that originated in China, has evolved into a global scourge.
Sha zhu pan, which translates as “pig-butchering”, uses sophisticated fraudulent decentralized finance (DeFi) applications to bypass most of the defenses provided by mobile device vendors. WhatsApp is the preferred platform for targets outside China; Telegram is also used, as is Skype.
According to cybersecurity firm Sophos: “Originating in China at the beginning of the COVID pandemic, ‘pig butchering’ scams have expanded globally ever since, becoming a multi-billion-dollar fraud phenomenon.”
The British Library, which houses about 14 million books plus manuscripts and items dating back to 2000 BC, was forced offline in October after refusing to pay a £600,000 ransomware demand.
According to The Financial Times, the digital destruction caused by the “deep and extensive” ransomware attack means that the world-renowned library will now be forced to pay ten times that sum to rebuild its online services at a cost of £6 million to £7 million, taking it offline for up to a year. The British Library breach is further evidence of the devastating speed of the latest generation of ransomware attacks.
Cybersecurity firm Sophos’s State of Ransomware 2023 report says that threat actors now succeed in encrypting data in 76 percent of ransomware attacks, up from 65 percent in 2022. According to Sophos, there has also been a 62 percent year-on-year rise in intentional remote encryption attacks since 2022
Cybercrime, which has become a multi-trillion-dollar industry over recent decades, became increasingly sophisticated during 2023, with criminal groups now adopting many of the business practices used by legitimate enterprises. According to a new report from cybersecurity firm, Sophos, leading ransomware gangs now increasingly employ their own internal HR and PR departments.
Far from shying away from the media, as criminals always have in the past, some ransomware gangs have been swift to seize the opportunities it affords them. Some regularly issue press releases and take great pains to forge relationships with individual journalists using the same PR methods as those employed by legitimate corporations. Threat actors also offer Frequently Asked Questions (FAQs) and answers for journalists visiting their leak sites, encouraging reporters to get in touch, give in-depth interviews, and recruit writers, reports Sophos.
According to Sophos’ latest report, 62% of the most active ransomware groups in the world deliberately enable remote encryption for their attacks.
Sophos’ report entitled “CryptoGuard: An Asymmetric Approach to the Ransomware Battle,” gathered the data based on Sophos’ detected and halted ransomware attacks in 2023. The report further stated that remote encryption is used as a tactic for effective, widespread ransomware attacks within organizations, aiming to steal as much sensitive information as possible.
The verdict on artificial intelligence (AI) from the real experts is finally in; professional cybercriminal fraternities have judged AI to be “overrated, overhyped and redundant,” according to fresh research from cybersecurity firm Sophos.
It has, hitherto, been accepted wisdom in the cybersecurity industry that cybercriminals, free from any regulatory authority or moral scruples, were among the first to harness the awesome power of AI to create bespoke and virtually unstoppable malware. However, having infiltrated the Dark Web forums where top professional cybercriminals discuss their trade, Sophos reports that the cybercrime sector has thoroughly tested the capabilities of AI and found it wanting.
ThreatX revealed in their latest research that 97% of consumers expect more cyberattacks this coming year.
The ThreatX research also indicates that 69% of consumers predict these cyberattacks to become more complex, while only 13% believe they will be protected from cyberattacks.
Editorial Team
