ransomware

Subscribe to ransomware via RSS

Nevada suffered a ransomware attack in August 2025 that caused a significant disruption in services. The attackers deleted the state’s backups, encrypted virtual machines, and deployed ransomware that affected 60 state agencies, including the Departments of Health and Human Services, Public Safety, and Motor Vehicles.

Despite the significance of the attack,  Nevada refused to pay

Although SonicWall has provided a patch for a vulnerability for its VPN affecting its Gen5, Gen6, and Gen7 firewall appliances (which allowed threat actors unauthorized access to SonicWall appliances), Rapid7 has reported that “an Akira ransomware campaign [recently] kicked off targeting SonicWall devices.” SonicWall has provided an advisory to customers related to the campaign, which

On August 14, 2025, the Department of Justice announced that it unsealed six warrants “authorizing the seizure of over $2.8 million in cryptocurrency, $70,000 in cash, and a luxury vehicle.” According to the press release, “all of the cryptocurrency was seized from a cryptocurrency wallet controlled by Ianis Aleksandrovich Antropenko, who is charged by indictment

In this line of work, I am often asked if law enforcement is ever successful in finding and punishing the threat actors who have wreaked havoc on U.S. businesses and stolen millions of dollars in ransomware attacks. I am so pleased to report that—although few and far between, and very difficult to accomplish—there are wins

On March 12, 2025, a joint cybersecurity advisory was issued by the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Multi-State Information Sharing and Analysis Center to advise companies about the tactics, techniques and procedures (TTPs), and indicators of compromise (IOCs) to protect themselves against Medusa ransomware.

According to the advisory:

Unfortunately, I’ve had unpleasant dealings with the Phobos ransomware group. My interactions with Phobos have been fodder for a good story when I educate client employees on recent cyber-attacks to prevent them from becoming victims. The story highlights how these ransomware groups, including Phobos, are sophisticated criminal organizations with managerial hierarchy. They use common slang

The city of Columbus, Ohio, announced on May 29, 2024, that a ransomware attack forced its systems offline. According to its notice, the attack was perpetrated by “an established, sophisticated threat actor operating overseas,” and that it was working with law enforcement to investigate the incident.  The culprit behind the ransomware attack is reported to

Unit 42 recently reported that it has identified “Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People’s Army, as a key player in a recent ransomware incident.” Its investigation indicates “with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with

On October 22, 2024, Microsoft issued a threat trend research report entitled “US Healthcare at risk: Strengthening resilience against ransomware attacks.” In it, Microsoft declares that ransomware attacks against the healthcare sector are “emerging as one of the most significant” cybersecurity threats to healthcare organizations. The attack surface of hospitals “grows more complex” with digital