Ransomware.org

After reading recent reports of AI’s impact on cybercrime, one might assume that the world is about to enter an era of frightening, AI-powered ransomware attacks. As Trend Micro put it in its November 2025 report, The AI-Fication of Cyberthreats: “The tools, tactics, and procedures that once required coordinated human effort can now be executed […]

The post Ransomware doesn’t need AI when simple weaknesses leave the door standing ajar appeared first on Ransomware.org.

Between October and November 2025, one of the biggest cybercrime operations in Interpol history saw the arrest of 574 people suspected of business email compromise (BEC), digital extortion, and ransomware. Despite its scale, the operation gained almost no attention in the US and UK because it happened across 19 African countries, principally Ghana and Nigeria. […]

The post Is Africa the next ransomware hotspot? appeared first on Ransomware.org.

There’s no escaping AI’s tightening grip on the technology industry, and it turns out that ransomware criminals are just as susceptible to the reality-bending excitement as anyone else. According to an analysis of 2,800 ransomware incidents from 2023-2024 carried out by Safe Security and MIT Sloan, 80% utilized what is termed ‘adversarial AI’ in one […]

The post The era of AI ransomware is bad news for everyone – including ransomware criminals appeared first on Ransomware.org.

It’s nearly 20 years since I first encountered ransomware as the security editor of an online computer magazine, although at the time I had no idea what it was and the term had not yet been coined to describe it. A reader emailed me to describe how the main computer he used as part of […]

The post How ransomware turned from a private misery into a national emergency appeared first on Ransomware.org.

More than three-in-ten ransomware victims are being hit multiple times, thanks to ineffective defenses and security fragmentation. According to Barracuda Networks’ Ransomware Insights Report, 57% of organizations fell victim to a successful ransomware attack in the last 12 months, with 31% of victims affected more than once. A ransom was paid in 32% of cases, […]

The post Nearly one-third of ransomware victims are hit multiple times, even after paying hackers appeared first on Ransomware.org.

The Interlock ransomware gang is aggressively targeting businesses and critical infrastructure in North America and Europe, according to a new warning from the US Cybersecurity and Infrastructure Security Agency (CISA). stepping up its attacks and changing tactics. The agency issued an advisory describing how Interlock picks its victims on the basis of opportunity, carrying out […]

The post Interlock ransomware gang is ramping up activity, CISA warns appeared first on Ransomware.org.

Nearly half of companies paid a ransom to get their data back last year, according to new research, but they’re taking a hard line with hackers to strike fair deals. In its latest State of Ransomware report, Sophos said this was the second highest rate of ransom payments in six years. However, more than half […]

The post Ransomware victims are getting better at haggling with hackers appeared first on Ransomware.org.

Hundreds of servers have been taken down as part of an international law enforcement operation against ransomware groups. Coordinated by Europol and Eurojust, the action saw key infrastructure dismantled over the last week, with 300 servers taken down, 650 domains neutralized, and nearly two dozen international arrest warrants issued. In a statement confirming the campaign, […]

The post It’s been a bad week for ransomware operators appeared first on Ransomware.org.

Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away. According to the annual report from the FBI’s Internet Crime Complaint Center (IC3), ransomware was the biggest threat to critical infrastructure last year, with complaints up 9%. More […]

The post Ransomware attacks are rising — but quiet payouts could mean there’s more than actually reported appeared first on Ransomware.org.

February 2025 was the worst month on record for the number of ransomware attacks, according to new research from Bitdefender. Analysis from the security company shows the number of ransomware attacks reached 962 last month, marking a significant increase on the year prior in which 425 attacks were recorded. Of those, 335 were claimed by […]

The post February was the worst month on record for ransomware attacks – and one threat group had a field day appeared first on Ransomware.org.

Four Russian nationals have been arrested for their alleged involvement in the 8Base ransomware group after a joint police operation by 14 countries. The suspects were arrested in Phuket, Thailand, and charged with a number of offenses, potentially carrying decades in prison. At the same time, 27 servers linked to the criminal network were taken […]

The post 8Base ransomware members snared in global police crackdown appeared first on Ransomware.org.

The UK government is considering banning public organizations from paying ransomware demands as it seeks to strike a “significant blow” to cyber criminal operating models. The consultation follows a series of serious ransomware incidents at NHS bodies, the British Library, Royal Mail and more, that have caused severe real world disruption and cost millions in recovery costs. Consultation documents from government officials noted […]

The post UK government officials consider banning ransomware payments appeared first on Ransomware.org.

His name is Guan Tianfeng and in December 2024 the US State Department’s Rewards for Justice campaign placed a reward of up to $10 million for anyone offering information on his whereabouts. Guan Tianfeng, it is alleged, masterminded an April 2020 attack on Sophos XG firewalls using an exploit for a zero-day vulnerability later hastily […]

The post China accused of hiding nation state attack on firewalls behind ‘Ragnarok’ ransomware appeared first on Ransomware.org.

When ransomware strikes, the first question every security team asks themselves is how the attackers got inside what was supposed to be a well-defended network. These days, the question is asked within minutes of the attack being discovered, and for good reason. Without understanding the weakness that led to an attack, resolving it is a […]

The post VPN weaknesses fuel surge in ransomware attacks appeared first on Ransomware.org.

Ransomware’s history is littered with threat actors that rise and fall but every now and then a new name appears that grabs people’s attention for the wrong reasons. RansomHub, a ransomware-as-a-service (RaaS) platform which seems to have successfully recruited affiliates from the downed BlackCat and Lockbit groups during 2024, is the latest example of this […]

The post Ransomware borrows industry tools to target corporate EDR  appeared first on Ransomware.org.

When ransomware visits your network, resolve to build it back better. And if you’re tempted to pay the ransom, don’t. That money is better spent on new defenses to prevent a repeat incident. These are some of the takeaways from a remarkable British Library report, Learning Lessons From The Cyberattack, that analyzes the paralyzing ransomware […]

The post 10 Lessons from the British Library Ransomware Attack appeared first on Ransomware.org.

Imagine an everyday ransomware attack on a U.S. city that results in sensitive data being leaked weeks later when the large ransom demanded is not paid. Now imagine that the mayor of that city denies that the leaked data was as bad as it appeared, asserting in a press conference that the stolen data was […]

The post Researcher sued by city for disclosing severity of ransomware attack appeared first on Ransomware.org.

The precise origins of today’s ransomware are still up for debate but there is no doubt that a piece of malware called Reveton, which first emerged in 2012, was an important moment. The world has a chance to re-assess this malware’s significance with the news that its alleged creator, Maksim Silnikau, was arrested in Spain […]

The post Police Nab Alleged Ransomware Pioneer After Decade-long Pursuit appeared first on Ransomware.org.

Around a decade ago, the bad people who make ransomware had an idea that proved so successful it helped fuel a crime boom that still haunts us to this day: hide the technical complexity of ransomware behind simple web platforms so that any criminal can launch attacks. Better known as ransomware-as-a-service (RaaS), after a slow […]

The post Is Ransomware-as-a-Service Now the Extortion Industry’s Achilles’ Heel? appeared first on Ransomware.org.

Cybercriminals, it is widely observed, have a fondness for weekends. This is not by chance—at weekends organizations are short-staffed, making this the best time to launch a cyberattack. It’s a pattern that played out in a ransomware attack on the Romanian health system on Sunday, Feb. 11, that sent some of the country’s most important […]

The post Romanian Healthcare System Laid Low by Attack on Shared Software Platform appeared first on Ransomware.org.