Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom

The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks witnessing a 42% increase between 2023 and 2024. In the first two months of 2025 alone, the group has claimed over 40 attacks, according to...

FBI Warns of Data Extortion Scam Targeting Corporate Executives

The Federal Bureau of Investigation FBI Internet Crime Complaint Center IC3 has released an alert warning of a scam involving criminal actors masquerading as the “BianLian Group.” The cyber criminals target corporate executives by sending extortion letters threatening to release victims’ sensitiv...

Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023

Ransomware attacks netted cybercrime groups a total of $813.5 million in 2024, a decline from $1.25 billion in 2023. The total amount extorted during the first half of 2024 stood at $459.8 million, blockchain intelligence firm Chainalysis said, adding payment activity slumped after July 2024 by...

Canadian Charged in $65M KyberSwap, Indexed Finance DeFi Hack

Canadian man charged in $65 million DeFi hack. Exploited KyberSwap, Indexed Finance smart contracts, laundered funds, and attempted extortion. Faces 20 years...

How Interlock Ransomware Infects Healthcare Organizations

Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure th...

AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics

Cybersecurity researchers have shed light on a nascent artificial intelligence AI assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date. "The group uses double extortion tactics, combining data theft with encryption to pressure...

Dental group lied through teeth about data breach, fined $350,000

A US chain of dental offices known as Westend Dental LLC denied a 2020 ransomware attack and its associated data breach, instead telling their customers that data was lost due to an “accidentally formatted hard drive.” Unfortunately for the organization, the truth was found out. Westend Dental...

Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts

A Brazilian citizen has been charged in the United States for allegedly threatening to release data stolen by hacking into a company's network in March 2020. Junior Barros De Oliveira , 29, of Curitiba, Brazil has been charged with four counts of extortionate threats involving information obtaine...

Securing Cloud Environments Against Potential Extortion Threats

Introduction With the growing reliance on cloud infrastructure, organizations must be vigilant against potential extortion threats targeting misconfigurations and weak access controls. Unfortunately, extortion threats are a huge problem. According to the Verizon 2024 Data Breach Investigations...

2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends

Now that we’ve reached the end of another year, you may be looking around the cybersecurity infosphere and seeing a glut of posts offering “hot takes” on the 2024 threat landscape and predictions about what’s coming next. At Rapid7, we don’t truck in hot takes, but rather, cold hard facts. Stayin...

DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years

The U.S. Department of Justice DoJ has indicted 14 nationals belonging to the Democratic People's Republic of Korea DPRK or North Korea for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity theft by illegally seeking...

U.S. Offered $10M for Hacker Just Arrested by Russia

In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as "Wazawaka ," a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 millio...

No company too small for Phobos ransomware gang, indictment reveals

The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world. The government’s indictmen...

Hacker in Snowflake Extortions May Be a U.S. Soldier

Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake , but a third suspect -- a prolific hacker known as Kiberphant0m -- remains at large and continues to publicly extort victims. However, this person's...

CISA and Partners Release Update to BianLian Ransomware Cybersecurity Advisory

Today, CISA, the Federal Bureau of Investigation FBI, and the Australian Signals Directorate’s Australian Cyber Security Centre ASD’s ACSC released updates to StopRansomware: BianLian Ransomware Group on observed tactics, techniques, and procedures TTPs and indicators of compromise attributed to...

Russian Man Extradited to US, Face Charges in Phobos Ransomware Operation

Russian national Evgenii Ptitsyn, linked to Phobos ransomware, faces U.S. charges for extortion and hacking, with over $16M…...

New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems

Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus. "Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The...

Unwrapping the emerging Interlock ransomware attack

Cisco Talos Incident Response Talos IR recently observed an attacker conducting big-game hunting and double extortion attacks using the relatively new Interlock ransomware. Our analysis uncovered that the attacker used multiple components in the delivery chain including a Remote Access Tool RAT...

Canadian Suspect Arrested Over Snowflake Customer Breach and Extortion Attacks

Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year. The individual in question, Alexander "Connor" Moucka aka Judische and Waifu, was...

Talos IR trends Q3 2024: Identity-based operations loom large

Threat actors are increasingly conducting identity-based attacks across a range of operations that are proving highly effective, with credential theft being the main goal in a quarter of incident response engagements. These attacks were primarily facilitated by living-off-the-land binaries LoLBin...