-
RansomHouse upgrades encryption with multi-layered data processing
The RansomHouse ransomware-as-a-service (RaaS) has recently upgraded its encryptor, switching from a relatively simple single-phase linear technique to a more complex, multi-layered method.
- December 20, 2025
- 10:23 AM
0
-
CyberVolk’s ransomware debut stumbles on cryptography weakness
The pro-Russia hacktivist group CyberVolk launched a ransomware-as-a-service (RaaS) called VolkLocker that suffered from serious implementation flaws, allowing victims to potentially decrypt files for free.
- December 13, 2025
- 10:11 AM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Meet ShinySp1d3r: New Ransomware-as-a-Service created by ShinyHunters
An in-development build of the upcoming ShinySp1d3r ransomware-as-a-service platform has surfaced, offering a preview of the upcoming extortion operation.
- November 19, 2025
- 08:01 AM
- 0
-
Ransomware profits drop as victims stop paying hackers
The number of victims paying ransomware threat actors has reached a new low, with just 23% of the breached companies giving in to attackers' demands.
- October 27, 2025
- 03:22 PM
- 1
-
Malware devs abuse Anthropic’s Claude AI to build ransomware
Anthropic's Claude Code large language model has been abused by threat actors who used it in data extortion campaigns and to develop ransomware packages.
- August 28, 2025
- 01:08 PM
- 0
-
New VanHelsing ransomware targets Windows, ARM, ESXi systems
A new multi-platform ransomware-as-a-service (RaaS) operation named VanHelsing has emerged, targeting Windows, Linux, BSD, ARM, and ESXi systems.
- March 24, 2025
- 03:43 PM
- 0
-
Linux version of new Cicada ransomware targets VMware ESXi servers
A new ransomware-as-a-service (RaaS) operation named Cicada3301 has already listed 19 victims on its extortion portal, as it quickly attacked companies worldwide.
- September 01, 2024
- 10:14 AM
- 0
-
New Eldorado ransomware targets Windows, VMware ESXi VMs
A new ransomware-as-a-service (RaaS) called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows.
- July 05, 2024
- 11:56 AM
- 3
-
Ransomware as a Service and the Strange Economics of the Dark Web
Ransomware is quickly changing in 2024, with massive disruptions and large gangs shutting down. Learn from Flare how affiliate competition is changing in 2024, and what might come next.
- March 27, 2024
- 10:02 AM
- 1
-
Ransomware payments reached record $1.1 billion in 2023
Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs.
- February 07, 2024
- 09:00 AM
- 1
-
Cybersecurity firm Sophos impersonated by new SophosEncrypt ransomware
Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt, with the threat actors using the company name for their operation.
- July 18, 2023
- 04:47 PM
- 0
-
Ransomware gang apologizes, gives SickKids hospital free decryptor
The LockBit ransomware gang has released a free decryptor for the Hospital for Sick Children (SickKids), saying one of its members violated rules by attacking the healthcare organization.
- January 01, 2023
- 02:00 PM
- 8
-
Ransomware detection with Wazuh SIEM and XDR platform
Wazuh is a free, open source SIEM/XDR solution with more than 10 million annual downloads. Learn more about how Wazuh can help protect your organization against the ever-evolving tactics of ransomware.
- November 29, 2022
- 10:05 AM
- 0
-
Dozens of ransomware variants used in 722 attacks over 3 months
The ransomware space was very active in the last quarter of 2021, with threat analysts observing 722 distinct attacks deploying 34 different variants.
- March 15, 2022
- 05:40 PM
- 0
-
ALPHV BlackCat - This year's most sophisticated ransomware
The new ALPHV ransomware operation, aka BlackCat, launched last month and could be the most sophisticated ransomware of the year, with a highly-customizable feature set allowing for attacks on a wide range of corporate environments.
- December 09, 2021
- 04:47 PM
- 0
-
Translated Conti ransomware playbook gives insight into attacks
Almost a month after a disgruntled Conti affiliate leaked the gang's attack playbook, security researchers shared a translated variant that clarifies on any misinterpretation caused by automated translation.
- September 02, 2021
- 05:10 PM
- 0
-
Angry Conti ransomware affiliate leaks gang's attack playbook
A disgruntled Conti affiliate has leaked the gang's training material when conducting attacks, including information about one of the ransomware's operators.
- August 05, 2021
- 02:29 PM
- 1
-
Paradise Ransomware source code released on a hacking forum
The complete source code for the Paradise Ransomware has been released on a hacking forum allowing any would-be cyber criminal to develop their own customized ransomware operation.
- June 15, 2021
- 11:56 AM
- 7
-
DarkSide ransomware is creating a secure data leak service in Iran
The DarkSide Ransomware operation claims they are creating a distributed storage system in Iran to store and leak data stolen from victims. To show they mean business, the ransomware gang has deposited $320 thousand on a hacker forum.
- November 13, 2020
- 03:00 AM
- 0
-
REvil ransomware deposits $1 million in hacker recruitment drive
The REvil Ransomware (Sodinokibi) operation has deposited $1 million in bitcoins on a Russian-speaking hacker forum to prove to potential affiliates that they mean business.
- September 28, 2020
- 01:30 AM
- 0
0
- 1
- 2
