Who Runs the Ransomware Group ‘The Gentlemen?’
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hacker...
Ransomware
20 articles
Infostealers Turn Millions of Devices Into Credential Theft Machines
As attackers increasingly favor stolen credentials over exploits, infostealers have become a primary source of access for ransomware and other cybercrime ope...
Why schools remain one of cybercriminals’ favourite targets
Schools on both sides of the Atlantic have been revealed in recent days to have been hit by hackers, reminding all of us that ransomware gangs see educationa...
Hackers Use ClickFix Chain to Deploy MLTBackdoor Malware
A sophisticated new backdoor family, tracked as MLTBackdoor, that operators are deploying through a multi-stage ClickFix infection chain to establish foothol...
Check Point warns of ransomware-linked attacks exploiting outdated VPN protocol
Check Point has issued emergency hotfixes for a pair of vulnerabilities affecting VPN deployments that still use the deprecated Internet Key Exchange version...
Silent Ransom Group Uses DNS Fast Flux in Attacks
Focusing on hacking law firms in the US, the ransomware group relies on fast flux to hide its C&C infrastructure. The post Silent Ransom Group Uses DNS Fast ...
Pro-Russian hacker group launches 'Patriotic Online Games' campaign targeting European organizations
The group is leveraging Telegram to enlist "patriotic volunteers," offering cryptocurrency rewards for participating in various cyber activities, including D...
AI tools becoming hot commodities on ransomware marketplaces
Sales of AI-based tools is accelerating within underground ransomware marketplaces, lowering the barrier to entry for new actors in the process. An analysis ...
VECT 2.0 Ransomware Breaks Files Beyond Its Own Recovery
VECT 2.0 ransomware can leave victims with files that even the attacker’s own decryptor cannot reliably restore.
U.S. sanctions Iran's largest crypto exchange Nobitex for facilitating terrorism financing
Nobitex is accused of processing over 50% of Iranian digital asset inflows in 2025 and enabling transactions connected to the Islamic Revolutionary Guard Cor...
Payouts King Ransomware Bypasses EDR via Obfuscation and Direct Syscalls
Payouts King ransomware has emerged as a notable post-BlackBasta threat, leveraging advanced obfuscation and direct system calls to evade endpoint detection ...
The U.S. sanctions Nobitex crypto exchange used by ransomware
The U.S.
AI accelerates development of ransomware toolkit with EDR evasion capabilities
The toolkit, discovered by Sophos, includes features such as Cobalt Strike profiles to disguise beacon traffic, a Telegram bot API for command and control, P...
Gentlemen Ransomware Exploits Fortinet Flaws, AI, and Custom C2 Tools
A newly analyzed leak tied to The Gentlemen ransomware group reveals how modern ransomware operations are evolving in structure and tooling while relying on ...
A small Slovenian team handles 6,000 cyber incidents a year
Online fraud complaints, ransomware cases, and phishing tips reach Slovenia’s national cyber response center in steady volume, and a team of around a dozen a...
AI-built ransomware toolkit automates EDR evasion, AD discovery
A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR)...
Ransomware leak posts show weekday peak, October spikes
The data analyzed by the Ransomnews Research Team indicates that ransomware operations largely follow a business week, with significantly fewer posts on Sund...
Digital Intelligence Lab launches observatory to connect cyber events with geopolitical context
The DIL Observatory maps cyber incidents, including ransomware attacks, data breaches, and cyber militia activity, alongside their geopolitical and social co...
Ransomware Operators Keep Business Hours. The Data Proves It
16,699 ransomware leak posts over 2 years show 84% drop Monday–Friday, peak at European afternoon hours. October spikes yearly.
Ransomware Operators Keep Business Hours. The Data Proves It
16,699 ransomware leak posts over 2 years show 84% drop Monday–Friday, peak at European afternoon hours. October spikes yearly.