RansomHub Went Dark April 1; Affiliates Fled to Qilin, DragonForce Claimed Control

Cybersecurity researchers have revealed that RansomHub's online infrastructure has "inexplicably" gone offline as of April 1, 2025, prompting concerns among affiliates of the ransomware-as-a-service RaaS operation. Singaporean cybersecurity company Group-IB said that this may have caused affiliat...

The New Ransomware Groups Shaking Up 2025

In 2024, global ransomware attacks hit 5,414, an 11% increase from 2023. After a slow start, attacks spiked in Q2 and surged in Q4, with 1,827 incidents 33% of the year's total. Law enforcement actions against major groups like LockBit caused fragmentation, leading to more competition and a rise ...

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

UnitedHealth says it now estimates that the data breach on its subsidiary Change Healthcare affected 190 million people, nearly doubling its previous estimate from October. In May, UnitedHealth CEO Andrew Witty estimated that the ransomware attack compromised the data of a third of US individuals...

IT threat evolution in Q3 2024. Non-mobile statistics

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data...

Change Healthcare Breach Hits 100M Americans

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. Image: Tamer Tuncay,...

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections

Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions...

RansomHub Ransomware Gang Leaks 487GB of Alleged Kawasaki Europe Data

RansomHub ransomware group leaks alleged 487 GB of sensitive data stolen from Kawasaki Motors Europe KME, following a…...

CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub

The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and medium-sized businesses SMBs in Europe, Asia, Africa, and South America, while also likely working as an affiliate for RansomHub. "CosmicBeetle replaced its previously...

RansomHub Claims Planned Parenthood Hack, Steals 93GB of Sensitive Data

RansomHub claims to have breached Intermountain Planned Parenthood, stealing 93GB of data. The healthcare provider is investigating the…...

Planned Parenthood partly offline after ransomware attack

In late August, Intermountain Planned Parenthood of Montana suffered a cyberattack which is still under investigation. The attack has been claimed by a ransomware group. Intermountain Planned Parenthood Inc., doing business as Planned Parenthood Of Montana, is a nonprofit organization that provid...

RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors

Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said. The victims span various sectors, including water and wastewater, information technology, government services and...

RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks

A cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint detection and response EDR software on compromised hosts, joining the likes of other similar programs like AuKill aka AvNeutralizer and Terminator. The EDR-killing utility h...

Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks

The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into its arsenal, Microsoft has revealed. Scattered Spider is the designation given to a threat actor that's known for its sophisticated social engineering schemes to breach...

RansomHub A Rebranded Menace Exploiting the ZeroLogon Vulnerability

...

Rebranded Knight Ransomware Targeting Healthcare and Businesses Worldwide

An analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of Knight ransomware, itself an evolution of another ransomware known as Cyclops. Knight aka Cyclops 2.0 ransomware first arrived in May 2023, employing double extortion tactics to...

New ransomware group demands Change Healthcare ransom

The Change Healthcare ransomware attack has taken a third cruel twist. A new ransomware group, RansomHub, has listed the organisation as a victim on its dark web leak site, saying it has 4 TB of "highly selective data," which relates to "all Change Health clients that have sensitive data being...

New ransomware group demands Change Healthcare ransom

The Change Healthcare ransomware attack has taken a third cruel twist. A new ransomware group, RansomHub, has listed the organisation as a victim on its dark web leak site, saying it has 4 TB of "highly selective data," which relates to "all Change Health clients that have sensitive data being...