36 matches found
ShinyHunters Hackers Threaten 400 Firms Over Stolen Salesforce Data
ShinyHunters claims to have stolen data from 400 firms via Salesforce portals and is threatening to leak the information unless ransom demands are paid...
New Ransomware Charon Uses Earth Baxia APT Techniques To Target Enterprises
We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands...
New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises
We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands...
Inside the Ransomware Economy in 2025: Q2 Trends & Key Insights You Need to Know
Building on insights from Rapid7’s Q1 and Q2 2025 ransomware trend reports, it’s clear that the ransomware economy continues to evolve – and not just in volume, but also in business maturity. As threat actors shift tactics, tools, and partnerships, defenders face a complex landscape shaped by...
FBI Warns of Silent Ransom Group Targeting Law Firms via Scam Calls
FBI warns law firms: Silent Ransom Group uses phishing emails and fake IT calls to steal data, demanding ransom to prevent public leaks. The agency is also urges victims to share ransom evidence...
LockBit Leak Shows Affiliates Use Pressure Tactics, Rarely Get Paid
Weeks after LockBit ransomware breach, leaked data reveals how affiliates generate ransomware, set ransom demands, and often walk away unpaid...
LLMs Unlock New Paths to Monetizing Exploits
We argue that Large language models LLMs will soon alter the economics of cyberattacks. Instead of attacking the most commonly used software and monetizing exploits by targeting the lowest common denominator among victims, LLMs enable adversaries to launch tailored attacks on a user-by-user basis...
Xoxo to Prague
Welcome to this week's edition of the Threat Source newsletter. I haven't been to Prague in a while, which is a pity. It's a wonderful city -- great people, amazing food. I've visited customers there, held team meetings at the local office shoutout to Petr! and spent some memorable summer days of...
Scammers Pose as Cl0p Ransomware to Send Fake Extortion Letters
Scammers are sending fake extortion and ransom demands while posing as ransomware gangs, including the notorious Cl0p ransomware.…...
AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics
Cybersecurity researchers have shed light on a nascent artificial intelligence AI assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date. "The group uses double extortion tactics, combining data theft with encryption to pressure...
Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion
The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims who are unwilling to agree to their demands. "As part of their multi-extortion strategy,...
LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants
The leak of the LockBit 3.0 ransomware builder last year has led to threat actors abusing the tool to spawn new variants. Russian cybersecurity company Kaspersky said it detected a ransomware intrusion that deployed a version of LockBit but with a markedly different ransom demand procedure. "The...
MOVEit discloses THIRD critical vulnerability
In chess, the threefold repetition rule states that a player may claim a draw if the same position occurs three times during the game. Whether this means that customers of the popular file transfer utility MOVEit Transfer can ask for their money back remains to be seen, but we do hope it signals...
20-Year-Old Russian LockBit Ransomware Affiliate Arrested in Arizona
The U.S. Department of Justice DoJ on Thursday unveiled charges against a Russian national for his alleged involvement in deploying LockBit ransomware to targets in the U.S., Asia, Europe, and Africa. Ruslan Magomedovich Astamirov, 20, of Chechen Republic has been accused of perpetrating at least...
LockBit ransomware attacks Essendant
The LockBit ransomware group is claiming responsibility for taking down a US-based distributor of office products called Essendant. This attack, which is said to have begun on or around March 6, created severe ramifications for the organisation, disrupting freight carrier pickups, online orders,...
Fodcha DDoS Botnet Resurfaces with New Capabilities
The threat actor behind the Fodcha distributed denial-of-service DDoS botnet has resurfaced with new capabilities, researchers reveal. This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange for stopping the DDoS attack against a target,...
BlackCat Ransomware group implements quadruple extortion
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary The BlackCat ransomware group performs quadruple extortion techniques to pressurize victims in order to pay ransom. Recently, the ransomware group has raised its stakes up to $2.5M in demands...
Karakurt extortion group: Threat profile
The FBI Federal Bureau of Investigation, together with CISA Cybersecurity and Infrastructure Security Agency and other federal agencies, recently released a joint cybersecurity advisory CSA about the Karakurt data extortion group also known as Karakurt Team and Karakurt Lair. Like RansomHouse,...
It’s business as usual for REvil ransomware
After the FBS arrested 14 of its members in January, and a subsequent lull in action, the REvil ransomware gang appears to be back. We say "appears" because its still unclear whether the groups operations have indeed restarted. To the trained eye, REvils movements seem out of sorts. When REvils o...
LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong
Law enforcement, C-suite executives and the cybersecurity community at-large have been laser-focused on stopping the expensive and disruptive barrage of ransomware attacks — and it appears to be working, at least to some extent. Nonetheless, recent moves from the LockBit 2.0 and BlackCat gangs,...