BianLian ransomware
-
Europol says it took down First VPN in cybercrime crackdown
European authorities shut down First VPN, a service used by cybercriminals to hide activity, and arrested the alleged administrator in Ukraine, Europol said. Officials also seized servers and domains and identified thousands of users linked to crime.
-
Microsoft disrupts malware-signing service tied to ransomware groups
Microsoft said it disrupted a malware-signing service that abused its Artifact Signing platform to issue more than 1,000 fraudulent certificates used by ransomware gangs and other cybercriminals.
-
Instructure reaches ransom agreement after Canvas data breach
Instructure said it reached an agreement with an unauthorized actor after a Canvas breach that exposed data tied to thousands of schools and universities, including about 275 million records. The company said stolen data was returned and no customers will be separately extorted.
-
VECT 2.0 ransomware flaw can make files unrecoverable, researchers say
Researchers say VECT 2.0 ransomware can permanently destroy files larger than 131,072 bytes on Windows, Linux and ESXi systems, making recovery impossible even for victims who pay. The group has only two listed victims so far.
-
Medtronic confirms network breach after hackers claim theft of 9 million records
Medtronic said hackers breached corporate IT systems and may have accessed personal data after ShinyHunters claimed theft of more than 9 million records and terabytes of internal data.
-
SystemBC C2 server tied to The Gentlemen exposes 1,570 victims
Check Point Research said a SystemBC command-and-control server linked to The Gentlemen ransomware operation exposed more than 1,570 victims worldwide, underscoring how proxy malware can support larger intrusion campaigns.
-
Dutch healthcare software vendor ChipSoft hit by ransomware attack
Dutch healthcare software vendor ChipSoft was hit by a ransomware attack on April 7, knocking its website offline and forcing some hospitals to take systems offline. The company serves about 80 percent of hospitals in the Netherlands.
-
Qilin and Warlock ransomware groups use vulnerable drivers to disable security tools
Qilin and Warlock ransomware operators have used vulnerable drivers to disable security tools on compromised systems, according to a technical analysis by Cisco Talos and Trend Micro. The findings highlight growing use of BYOVD tactics and in-memory evasion.
-
Germany identifies two alleged REvil leaders behind 130 ransomware attacks
Germany’s Federal Criminal Police Office says it has identified two alleged REvil figures tied to 130 ransomware attacks in the country, with more than €35.4 million in reported damage.
-
Google Drive ransomware detection enabled by default for paying users
Google said its AI-powered Google Drive ransomware detection is now generally available and on by default for paying users, with sync pausing, alerts and file restoration available after an attack is detected.
