ransomware
Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison
A Latvian national extradited to the United States was sentenced to 8.5 years in prison for his “cold case” negotiator role in the Russian Karakurt ransomware group. 35-year-old Deniss Zolotarjovs (Денисс Золотарёвс) of Moscow, Russia, was arrested in Georgia, Eastern Europe, in December 2023, and pleaded guilty in July 2025 to conspiracy to commit wire […]
Critrical cPanel flaw mass-exploited in “Sorry” ransomware attacks
A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in “Sorry” ransomware attacks. This week, an emergency update for WHM and cPanel was released to fix a critical authentication bypass flaw that allows attackers to access control panels. WHM and cPanel are Linux-based web hosting control panels for server […]
US ransomware negotiators get 4 years in prison over BlackCat attacks
Two former employees of cybersecurity incident response companies Sygnia and DigitalMint were sentenced to four years in prison each for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks. 40-year-old Ryan Clifford Goldberg (a former Sygnia incident response manager) and 36-year-old Kevin Tyler Martin (a DigitalMint ransomware negotiator) were charged in November and pleaded guilty in December to conspiracy to […]
Broken VECT 2.0 ransomware acts as a data wiper for large files
Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them. VECT has been advertised on one of the latest BreachForums iterations, inviting registered users to become affiliates, and distributing access keys via private messages to those […]
Qilin Ransomware Uses Malicious DLL to Kill Almost Every Vendor’s EDR Solutions
Qilin ransomware group is deploying a sophisticated, multi-stage infection chain via a malicious msimg32.dll that can disable over 300 endpoint detection and response (EDR) drivers from virtually every major security vendor. As organizations increasingly rely on EDR solutions, which offer far greater behavioral visibility than legacy antivirus, threat actors have adapted by weaponizing EDR killers as a […]
Trigona ransomware attacks use custom exfiltration tool to steal data
Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more efficiently. The utility was emplayed in attacks in March that were attributed to a gang affiliate, likely in an effort to avoid publicly available tools, such as Rclone and MegaSync, that typically trigger security solutions. […]
Kyber ransomware gang toys with post-quantum encryption on Windows
A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum encryption. Cybersecurity firm Rapid7 retrieved and analyzed two distinct Kyber variants in March 2026 during an incident response. Both variants were deployed on the same network, with one targeting VMware ESXi and the other […]
Former ransomware negotiator pleads guilty to BlackCat attacks
41-year-old Angelo Martino, a former employee of cybersecurity incident response company DigitalMint, has pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023. Together with two other Sygnia and DigitalMint ransomware negotiators (33-year-old Ryan Clifford Goldberg and 28-year-old Kevin Tyler Martin), Martino was charged with conspiracy to interfere with interstate commerce by extortion, interference […]
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate. The Gentlemen ransomware-as-a-service (RaaS) operation emerged around mid-2025 and provides a Go-based locker that can encrypt Windows, Linux, NAS, and BSD systems, and a […]
Payouts King ransomware uses QEMU VMs to bypass endpoint security
The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. QEMU is an open-source CPU emulator and system virtualization tool that allows users to run operating systems on a host computer as virtual machines (VMs). Since security solutions on […]