West Pharmaceutical warns of ransomware attack impacting business operations
West Pharmaceutical Services filed a report with the Securities and Exchange Commission (SEC) on Monday evening warning customers that a hacker breached the ...
Ransomware
20 articles
West Pharmaceutical Services Hit by Disruptive Ransomware Attack
The company took systems offline globally after hackers exfiltrated data and deployed file-encrypting ransomware. The post West Pharmaceutical Services Hit b...
State of ransomware in 2026
Kaspersky researchers are sharing insights into the main ransomware trends for 2026: EDR killers on the rise, switching from data encryption to data leaks, a...
UK water company allowed hackers to lurk undetected for nearly two years, regulator finds
The Information Commissioner's Office (ICO) fined South Staffordshire Water £963,900 ($1.3 million) on Monday over an attack by the Cl0p ransomware group tha...
Windows CreateFileW API Flaw Could Let Attackers Lock SMB Files at Scale
The multi-billion-dollar ransomware defence industry operates on a fundamental assumption: to cause catastrophic operational damage, malicious actors must wr...
Ransomware Group Takes Credit for Trellix Hack
RansomHouse has published several screenshots to demonstrate access to internal Trellix services. The post Ransomware Group Takes Credit for Trellix Hack app...
Iranian government hackers using Chaos ransomware as cover, researchers say
Incident responders from cybersecurity firm Rapid7 published a report about a recent intrusion that initially appeared to be a Chaos ransomware attack but wa...
Iranian threat group used Chaos ransomware as a ‘false flag,’ researchers say
The purported ransomware attack did not encrypt files and used infrastructure tied to MuddyWater.
Why Outdated Maintenance Software Is a Growing Ransomware Risk
Outdated maintenance software increases ransomware risk by exposing weak access controls, unpatched systems, and critical operational data to attackers.
Cybercriminals Exploit Microsoft Teams to Phish Login Credentials and Bypass MFA
Iranian state-sponsored threat actors linked to MuddyWater (Seedworm) have been caught hiding behind the Chaos ransomware brand to conduct sophisticated espi...
Iranian state-backed spies pose as ransomware slingers in false flag attacks
An Iranian state-sponsored espionage group is pretending to be a regular ransomware gang in a new wave of ransomware attacks targeting enterprises. APT group...
Iranian cyber espionage disguised as a Chaos Ransomware attack
Iran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing, credential theft, data exfiltration, and extortion without en...
Why ransomware attacks succeed even when backups exist
Backups don't fail because they're missing, they fail because attackers destroy them first. Acronis explains how ransomware targets backup systems before enc...
MuddyWater hackers use Chaos ransomware as a decoy in attacks
The MuddyWater Iranian hackers disguised their operations as a Chaos ransomware attack, relying on Microsoft Teams social engineering to gain access and esta...
Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware
Executive summary In early 2026, a sophisticated intrusion initially appearing to be a standard Chaos ransomware attack was assessed to be consistent with a ...
MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack i...
Iranian APT Intrusion Masquerades as Chaos Ransomware Attack
Likely perpetrated by MuddyWater, the attack combined social engineering, persistence, credential harvesting, and data theft. The post Iranian APT Intrusion ...
Iran-Linked APT Posed as Chaos Ransomware Member in Espionage Campaign
Rapid7 reveals an Iranian false flag operation masquerading as a Chaos ransomware attack
Threat Activity Enablers: The Backbone of Today’s Threat Landscape
Behind every ransomware demand, botnet, or threat activity group is a server sitting in a data center.
U.S. court sentences Karakurt ransomware negotiator to 8.5 years
Deniss Zolotarjovs was sentenced to 8.5 years in the U.