Published on: 2025-04-19 23:44:40
The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. ClickFix is a social engineering tactic where victims are tricked into executing dangerous PowerShell commands on their systems to supposedly fix an error or verify themselves, resulting in the installation of malware. Though this isn't the first time ClickFix has been linked to ransomware infections, confirmation about Interlock shows an
Keywords: clickfix interlock malicious ransomware sekoia
Find related items on AmazonPublished on: 2025-04-23 10:45:00
BlackJack3D/Getty Images 2024 delivered some good news and bad news in the area of cybercrime. Malware-based ransomware attacks dropped for the third year in a row. But instances of infostealer malware grew dramatically. Those findings come from IBM X-Force's "2025 Threat Intelligence Index" released Thursday. First, let's look at the good news. For the year, ransomware accounted for just 28% of malware incidents, the third annual decline in a row. This means a decrease in malware distributed
Keywords: attacks data infostealers malware ransomware
Find related items on AmazonPublished on: 2025-04-29 19:20:25
Kidney dialysis firm DaVita disclosed Monday it suffered a weekend ransomware attack that encrypted parts of its network and impacted some of its operations. DaVita is a major provider of kidney care services in the United States, operating over 2,600 outpatient treatment centers that provide dialysis to those suffering from kidney disease. It is a Fortune 500 organization with 76,000 employees in 12 countries and an annual revenue that surpasses $12.8 billion. The company disclosed today in a
Keywords: attack care davita patient ransomware
Find related items on AmazonPublished on: 2025-05-04 07:23:34
Sensata Technologies (known as Sensata) has suffered a ransomware attack last weekend that encrypted parts of the company network and disrupted operations. In an 8-K filing to the U.S. Securities and Exchange Commission (SEC), Sensata says that the attack occurred on Sunday, April 6, and involved data theft, too. “The incident has temporarily impacted Sensata’s operations, including shipping, receiving, manufacturing production, and various other support functions,” reads the notification. S
Keywords: attack company data ransomware sensata
Find related items on AmazonPublished on: 2025-05-07 19:47:23
A leak of 190,000 chat messages traded among members of the Black Basta ransomware group shows that it’s a highly structured and mostly efficient organization staffed by personnel with expertise in various specialities, including exploit development, infrastructure optimization, social engineering, and more. The trove of records was first posted to file-sharing site MEGA. The messages, which were sent from September 2023 to September 2024, were later posted to Telegram in February 2025. Exploit
Keywords: basta black leak messages ransomware
Find related items on AmazonPublished on: 2025-05-07 23:05:17
Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims' systems. The vulnerability, tracked as CVE-2025-29824, was patched during this month's Patch Tuesday and was only exploited in a limited number of attacks. CVE-2025-29824 is due to a use-after-free weakness that lets local attackers with low privileges gain SYSTEM privileges in low-complexity attacks that don't require user i
Keywords: attacks cve ransomexx ransomware windows
Find related items on AmazonPublished on: 2025-05-09 00:30:26
The dark web leak site of the Everest ransomware gang has apparently been hacked over the weekend by an unknown attacker and is now offline. The unknown attacker replaced the website's contents with the following sarcastic message: "Don't do crime CRIME IS BAD xoxo from Prague." The Everest operation has since taken down its leak site, which no longer loads and now displays an "Onion site not found" error. While it's unknown how the attacker gained access to Everest's website or if it was eve
Keywords: everest leak ransomware site unknown
Find related items on AmazonPublished on: 2025-05-11 20:40:21
A leak site used by the Everest ransomware gang was hacked and defaced this weekend, TechCrunch has learned. The leak site, which the ransomware gang uses to publish stolen files to extort its victims into paying a ransom demand, was replaced with a brief text note: “Don’t do crime CRIME IS BAD xoxo from Prague.” The site was still defaced at the time of writing. It’s not clear if the gang also experienced a data breach as a result of the hack. Image Credits:TechCrunch (screenshot) Everest i
Keywords: data gang including ransomware site
Find related items on AmazonPublished on: 2025-05-12 20:06:10
The Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to date theft and extortion-only attacks. As threat intelligence firm Group-IB revealed this week, the cybercrime group remained active despite announcing on November 17, 2024, that it was shutting down due to declining profitability and increased government scrutiny. Since then, Hunters International has launched a new extortion-only operation known as "World Leaks" on Janua
Keywords: extortion group hunters international ransomware
Find related items on AmazonPublished on: 2025-05-23 15:30:29
Sam's Club, an American warehouse supermarket chain owned by U.S. retail giant Walmart, is investigating claims of a Clop ransomware breach. The Walmart division operates over 600 warehouse clubs with millions of members across the United States and Puerto Rico and almost 200 additional locations in Mexico and China. Sam's Club has over 2.3 million employees and reported a total revenue of $84.3 billion for the fiscal year ending January 31, 2023. "We are aware of reports regarding a potenti
Keywords: breach clop club ransomware sam
Find related items on AmazonPublished on: 2025-06-05 03:31:28
A newly identified custom backdoor deployed in several recent ransomware attacks has been linked to at least one RansomHub ransomware-as-a-service (RaaS) operation affiliate. Symantec researchers who named this malware Betruger describe it as a "rare example of a multi-function backdoor" that was likely engineered for use in ransomware attacks. The malware's capabilities include a wide range of capabilities that overlap with features commonly found in malicious tools dropped before deploying
Keywords: data ransomhub ransomware service tools
Find related items on AmazonPublished on: 2025-06-06 02:54:42
Two malicious VSCode Marketplace extensions were found deploying in-development ransomware, exposing critical gaps in Microsoft's review process. The extensions, named "ahban.shiba" and "ahban.cychelloworld," were downloaded seven and eight times, respectively, before they were eventually removed from the store. It is notable that the extensions were uploaded onto the VSCode Marketplace on October 27, 2024 (ahban.cychelloworld) and February 17, 2025 (ahban.shiba), bypassing safety review proce
Keywords: ahban extensions microsoft ransomware vscode
Find related items on AmazonPublished on: 2025-06-11 02:48:00
In context: Akira is a dangerous, multiplatform ransomware threat that has been active since 2023. Available as a ransomware-as-a-service product to script kiddies and cybercriminals, the malware has targeted over 250 organizations and has earned up to $42 million for its unknown developers. Yohanes Nugroho, an Indonesian programmer who works on personal coding projects in his spare time, developed a "decryptor" for the Akira ransomware. The tool employs a novel approach to solve a complex math
Keywords: akira gpu nugroho ransomware rtx
Find related items on AmazonPublished on: 2025-06-11 10:11:00
ZDNET Federal authorities are warning individuals and organizations to watch out for a dangerous ransomware campaign that has recently added hundreds of victims to its count. Identifying the ransomware as Medusa, the FBI, CISA, and MS-the ISAC (Multi-State Information Sharing and Analysis Center) have issued a joint advisory with details on how these attacks have played out and how people can defend themselves against them. What is Medusa? First spotted in June 2021, Medusa is a ransomware-as
Keywords: attackers data medusa network ransomware
Find related items on AmazonPublished on: 2025-06-13 18:58:18
Security researchers have observed hackers linked to the notorious LockBit gang exploiting a pair of Fortinet firewall vulnerabilities to deploy ransomware on several company networks. In a report published last week, security researchers at Forescout Research said a group it’s tracking dubbed “Mora_001” is exploiting the Fortinet firewalls, which sit on the edge of a company’s network and act as digital gatekeepers, to break in and deploy a custom ransomware strain they call “SuperBlack.” One
Keywords: forescout fortinet mora_001 ransomware said
Find related items on AmazonPublished on: 2025-06-15 22:22:52
A dual Russian-Israeli national, suspected of being a key developer for the LockBit ransomware operation, has been extradited to the United States to face charges. Rostislav Panev, 51, was arrested in Israel last August, where police reportedly found incriminating evidence on his laptop. This included credentials for LockBit's internal control panel and a repository containing source code for LockBit encryptors and the gang's custom data theft tool, StealBit. In December, the U.S. Department o
Keywords: february lockbit panev ransomware wanted
Find related items on AmazonPublished on: 2025-06-15 22:08:25
In Brief Rostislav Panev, a 51-year-old dual Russian and Israeli national who is accused of being a key developer for the notorious LockBit ransomware gang, has been extradited from Israel to the United States, the Department of Justice announced on Thursday. Panev was arrested in Israel in December 2024, becoming the third person arrested for their role in LockBit. Since then, Panev had been awaiting extradition in Israel. Prosecutors allege Panev was a developer working for the LockBit rans
Keywords: gang israel lockbit panev ransomware
Find related items on AmazonPublished on: 2025-06-19 08:26:29
CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month. This was revealed in a joint advisory issued today in coordination with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). "As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries
Keywords: cisa medusa operations ransomware victims
Find related items on AmazonPublished on: 2025-06-21 05:02:17
A ransomware group called Hunters International has published some of the data it claims to have stolen from Tata Technologies, just over a month after the Indian company confirmed a ransomware attack that resulted in the suspension of some services. The leaked data, published on the gang’s dark web leak site — which TechCrunch has seen — includes personal details about some current and former employees at Tata Technologies, as well as confidential information, including purchase orders and the
Keywords: company international ransomware tata technologies
Find related items on AmazonPublished on: 2025-06-28 02:10:18
Microsoft says a North Korean hacking group tracked as Moonstone Sleet has deployed Qilin ransomware payloads in a limited number of recent attacks. "Since late February 2025, Microsoft has observed Moonstone Sleet, a North Korean state actor, deploying Qilin ransomware at a limited number of orgs," the company's threat intelligence experts said this week "Moonstone Sleet has previously exclusively deployed their own custom ransomware in their attacks, and this represents the first instance th
Keywords: korean moonstone north ransomware sleet
Find related items on AmazonPublished on: 2025-07-02 13:53:26
U.S. technology giant Broadcom is warning that a trio of VMware vulnerabilities are being actively exploited by malicious hackers to compromise the networks of its corporate customers. The three vulnerabilities — collectively dubbed “ESXicape” by one security researcher — affect VMware ESXi, Workstation, and Fusion, which are widely-used software hypervisor products that allow multiple virtual machines to be managed on a single server. Hypervisors are commonly used to reduce the need to take up
Keywords: broadcom hypervisor ransomware vmware vulnerabilities
Find related items on AmazonPublished on: 2025-07-02 17:36:55
The Toronto Zoo, the largest zoo in Canada, has provided more information about the data stolen during a ransomware attack in January 2024. In a final notification regarding the cyberattack, the Toronto Zoo said the resulting data breach impacts varying combinations of personal and financial information belonging to employees, former employees, volunteers, and donors. The exposed information includes transaction data such as impacted individuals' names, street address information, phone number
Keywords: akira data information ransomware zoo
Find related items on AmazonPublished on: 2025-07-03 15:47:42
New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks. In January, Zscaler discovered a Zloader malware sample that contained what appeared to be a new DNS tunneling feature. Further research by Walmart indicated that Zloader was dropping a new proxy malware called BackConnect that contained code re
Keywords: backconnect basta black cactus ransomware
Find related items on AmazonPublished on: 2025-07-04 20:04:54
The Hunters International ransomware gang has claimed responsibility for a January cyberattack attack on Tata Technologies, stating they stole 1.4TB of data from the company. Tata Technologies provides engineering and digital solutions for manufacturing industries worldwide. Founded in 1989 and based in Pune, it operates in 27 countries with over 12,500 employees, specializing in automotive, aerospace, and industrial sectors with product development and digital transformation services. The Ind
Keywords: hunters international ransomware tata technologies
Find related items on AmazonPublished on: 2025-07-09 03:20:31
The Qilin ransomware gang has claimed responsibility for the attack at Lee Enterprises that disrupted operations on February 3, leaking samples of data they claim was stolen from the company. The threat actors have now threatened to leak all the allegedly stolen data on March 5, 2025, unless a ransom demand is paid. Lee Enterprises is a US-based media company that owns and operates over 77 daily newspapers, 350 publications, digital media platforms, and marketing services. The company's primar
Keywords: data enterprises lee qilin ransomware
Find related items on AmazonPublished on: 2025-07-15 00:31:05
The Termite ransomware gang has claimed responsibility for breaching and stealing sensitive healthcare data belonging to Genea patients, one of Australia's largest fertility services providers. The IVF (in vitro fertilization) provider has been operating since 1986 (when it was known as Sydney IVF). It offers a wide range of services, including fertility treatments, tests, genetic services, preservation options, and donor programs, in 22 fertility clinics in New South Wales, South Australia, W
Keywords: data genea numbers ransomware termite
Find related items on AmazonPublished on: 2025-07-12 01:17:28
In December, roughly a dozen employees inside a manufacturing company received a tsunami of phishing messages that was so big they were unable to perform their day-to-day functions. A little over an hour later, the people behind the email flood had burrowed into the nether reaches of the company's network. This is a story about how such intrusions are occurring faster than ever before and the tactics that make this speed possible. The speed and precision of the attack—laid out in posts publishe
Keywords: attack breakout faster ransomware time
Find related items on AmazonPublished on: 2025-07-11 07:55:05
CISA and the FBI said attackers deploying Ghost ransomware have breached victims from multiple industry sectors across over 70 countries, including critical infrastructure organizations. Other industries impacted include healthcare, government, education, technology, manufacturing, and numerous small and medium-sized businesses. "Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware," CISA, the FBI, and the Mult
Keywords: 13379 2021 cve ghost ransomware
Find related items on AmazonPublished on: 2025-07-12 03:48:32
An unknown leaker has released what they claim to be an archive of internal Matrix chat logs belonging to the Black Basta ransomware operation. ExploitWhispers, the individual who previously uploaded the stolen messages to the MEGA file-sharing platform, which are now removed, has uploaded it to a dedicated Telegram channel. It's not yet clear if ExploitWhispers is a security researcher who gained access to the gang's internal chat server or a disgruntled member. While they never shared the r
Keywords: basta black chat internal ransomware
Find related items on AmazonPublished on: 2025-07-12 03:00:00
A previously undocumented ransomware payload named NailaoLocker has been spotted in attacks targeting European healthcare organizations between June and October 2024. The attacks exploited CVE-2024-24919, a Check Point Security Gateway vulnerability, to gain access to targeted networks and deploy the ShadowPad and PlugX malware, two families tightly associated with Chinese state-sponsored threat groups. Orange Cyberdefense CERT links the attacks to Chinese cyber-espionage tactics, though there
Keywords: attacks nailaolocker orange ransom ransomware
Find related items on AmazonGo K’awiil is a project by nerdhub.co that curates technology news from a variety of trusted sources. We built this site because, although news aggregation is incredibly useful, many platforms are cluttered with intrusive ads and heavy JavaScript that can make mobile browsing a hassle. By hand-selecting our favorite tech news outlets, we’ve created a cleaner, more mobile-friendly experience.
Your privacy is important to us. Go K’awiil does not use analytics tools such as Facebook Pixel or Google Analytics. The only tracking occurs through affiliate links to amazon.com, which are tagged with our Amazon affiliate code, helping us earn a small commission.
We are not currently offering ad space. However, if you’re interested in advertising with us, please get in touch at [email protected] and we’ll be happy to review your submission.