All CosmicBytez Labs articles tagged #Ransomware, across news, security advisories, how-to guides, and projects.
A composite case study of a typical 2026 ransomware incident hitting a Canadian agricultural business — from the first phishing email through full encryption, six days later. Names changed, sequence accurate.
Small accounting firms in rural Alberta have become primary ransomware targets in 2025–2026. The reasons are structural: high-value data, weak security budgets, and tax-deadline timing pressure. Here's what to ask your accountant before it's your data caught in the crossfire.
The five most common things rural Alberta business owners believe about ransomware that are wrong, expensive, and entirely fixable.
A threat actor has deployed an AI-generated ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response solutions, marking a new escalation in AI-assisted cybercrime.
Cyber insurance stopped being optional for Canadian small businesses in 2024. By 2026 it's table-stakes — but most owners are walking into renewal without understanding what their carrier is actually asking. Here's what's changed.
FBI warns the Silent Ransom Group is targeting law firms by physically arriving on-site and social-engineering access to sensitive client databases.
Microsoft patches a CVSS 8.8 SharePoint RCE; the Megalodon campaign poisons 5,561 GitHub repos in six hours; 7-Eleven's ShinyHunters breach hits 185,000; and a.
The FBI and international partners have disrupted First VPN, a criminal VPN service used by dozens of ransomware groups for network reconnaissance and...
International authorities have disrupted a criminal VPN service called First VPN that was used by more than 25 ransomware groups to conceal network...
The 2026 Verizon Data Breach Investigations Report highlights how evolving social engineering tactics are making the healthcare sector more vulnerable,...
European law enforcement has taken down First VPN, a privacy service that had been openly advertised on Russian-language cybercrime forums as a tool for...
International law enforcement has dismantled 'First VPN,' a criminal VPN service marketed on Russian-speaking cybercrime forums and used to facilitate...
Threat actors brute-forced credentials and bypassed multi-factor authentication on SonicWall Gen6 SSL-VPN appliances to deploy ransomware tools,...
A Microsoft Exchange zero-day is being exploited with no patch in sight; Verizon DBIR 2026 marks a landmark shift — vulnerability exploitation now...
Microsoft has disrupted a malware-signing-as-a-service operation that exploited the company's Artifact Signing service to produce fraudulent code-signing...
Verizon's 2026 Data Breach Investigations Report reveals a landmark shift: vulnerability exploitation has surpassed credential abuse as the leading breach...
Multiple healthcare data breaches impacting hundreds of thousands to millions of individuals have been added to the HHS breach tracker, continuing a...
A Nitrogen ransomware attack on Foxconn's North American facilities is one of more than 600 hits on manufacturers so far in 2026, as ransomware gangs...
The non-bank lender discovered a ransomware attack nearly one year ago but only recently completed its investigation, notifying over 123,000 individuals...
Foxconn, the world's largest electronics manufacturer, confirmed a cyberattack on its North American factories claimed by the Nitrogen ransomware gang,...
Electronics manufacturing giant Foxconn has confirmed a cyberattack on its North American operations after the Nitrogen ransomware group claimed...
The House Committee on Homeland Security has demanded a briefing from Instructure, the company behind the Canvas LMS platform, after a ransomware attack...
An OPSEC failure provides a rare window into the inner workings of The Gentlemen ransomware-as-a-service group, exposing their affiliate model, TTPs, and...
Educational technology company Instructure, parent of Canvas LMS, has reached an undisclosed 'agreement' with the ShinyHunters extortion group after a...
The UK's Information Commissioner's Office has fined South Staffordshire Water Plc and its parent company £963,900 ($1.3 million) after a cyberattack...
West Pharmaceutical Services, a global manufacturer of drug delivery systems and packaging, has taken systems offline worldwide after hackers exfiltrated...
West Pharmaceutical Services filed an SEC disclosure warning that hackers breached the company on May 4, stole data, and encrypted systems — forcing a...
Google confirms the first AI-generated zero-day in the wild; TeamPCP's Mini Shai-Hulud worm hits TanStack, Mistral AI, and Guardrails AI; Instructure pays...
The UK's Information Commissioner's Office fined South Staffordshire Water nearly £1 million after the Cl0p ransomware group maintained undetected access...
A data extortion attack against Canvas LMS defaced login pages with a ransom demand, disrupting classes and coursework at school districts and...
The RansomHouse threat group has claimed responsibility for the Trellix source code repository breach disclosed last week, leaking a set of proof images...
A newly disclosed critical vulnerability in cPanel and WHM tracked as CVE-2026-41940 is being mass-exploited by ransomware actors to breach web hosting...
Two cybersecurity incident responders who abused their trusted positions to secretly carry out ransomware attacks against the organizations they were...
Two former cybersecurity incident responders from Sygnia and DigitalMint were each sentenced to four years in federal prison for leveraging their trusted...
Ryan Goldberg and Kevin Martin, who worked as incident responders, were sentenced to four years in federal prison after using their trusted access to...
Healthcare organization took nearly one year to publicly disclose a data breach after being targeted by Inc Ransom ransomware, with approximately 170,000...
The emerging Vect 2.0 ransomware — deployed against TeamPCP supply chain attack victims — permanently destroys files larger than 131KB due to a critical...
Threat hunters warn that VECT 2.0 ransomware contains a critical flaw in its encryption implementation that acts more like a wiper for files over 131KB...
Researchers have found that VECT 2.0 ransomware contains a critical flaw in its nonce handling that causes encryption to permanently destroy large files...
When rival ransomware groups 0APT and KryBit turned on each other, they exposed infrastructure details, operational data, victim lists, and internal...
ShinyHunters hits Medtronic and ADT in the same week, exposing millions of records; a critical one-push RCE lands in GitHub; LiteLLM's pre-auth SQL...
CISA has added four actively exploited vulnerabilities affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X routers to its Known...
Recently observed Trigona ransomware attacks are using a bespoke command-line exfiltration tool to steal data from compromised environments faster and...
Angelo Martino, 41, a former employee of cybersecurity incident response firm DigitalMint, has pleaded guilty to targeting U.S. companies with BlackCat...
A new ransomware operation called Kyber is targeting Windows systems and VMware ESXi endpoints, with one variant implementing Kyber1024 post-quantum...
Angelo Martino, a former ransomware payment negotiator for DigitalMint, has pleaded guilty to helping accomplish extort $75.3 million in ransom from five...
A critical RCE flaw in BeyondTrust Bomgar remote monitoring and management software is being actively exploited to spread ransomware and compromise...
Vercel confirms breach through a compromised third-party AI coding tool; North Korean hackers attributed to a $290 million crypto theft; 6,400 Apache...
Backups protect your data, but they don't keep your business running during downtime. Understanding the difference between backup and BCDR is critical as...
Researchers have discovered a SystemBC proxy botnet of over 1,570 compromised hosts linked to Gentlemen ransomware operations. The gang's affiliate is...
A ransomware campaign operating since at least 2019 has persistently targeted Turkish home users and small-to-medium businesses, largely evading major...
NAKIVO Backup & Replication v11.2 is generally available, bringing immutable backup enhancements for ransomware defense, faster replication performance,...
The Payouts King ransomware group is deploying the QEMU open-source emulator as a covert reverse SSH backdoor, spinning up hidden virtual machines on...
More than 18 months after a ransomware attack crippled hospitals in South East London, at least one NHS trust is still operating without fully restored...
A weekly roundup of notable cybersecurity stories: Iran-linked hackers wipe 200,000 Stryker devices, the BlueHammer Windows zero-day PoC goes public,...
A ransomware attack on Dutch healthcare software vendor ChipSoft has forced hospitals and patients across the Netherlands offline, disrupting the HiX...
Dutch healthcare software vendor ChipSoft has been struck by a ransomware attack, forcing the company to take its website and digital patient services...
The FBI received over 1 million complaints of malicious activity in 2025, with investment scams, business email compromise, and tech support fraud causing...
A China-based threat cluster designated Storm-1175 has been linked to high-velocity ransomware attacks deploying Medusa payloads using chained zero-day...
SecurityWeek reports that the Medusa ransomware group has developed a dangerous capability: rapidly weaponizing newly disclosed vulnerabilities —...
Microsoft has raised the alarm over Medusa ransomware's unprecedented operational speed, with the group now exploiting zero-day vulnerabilities before...
Microsoft says the financially motivated cybercrime group Storm-1175, linked to China, has exploited N-day and zero-day vulnerabilities in high-velocity...
Storm-1175 runs sub-24-hour Medusa ransomware campaigns using zero-days; the FBI IC3 reports a record $21 billion in US cybercrime losses for 2025; North...
Germany's Federal Criminal Police Office has publicly unmasked the real identity of "UNKN," the primary operator behind the now-defunct REvil and GandCrab...
Germany's Federal Police have publicly named two Russian nationals as the leaders of the GandCrab and REvil ransomware operations, linking them to at...
Microsoft warns that Medusa ransomware operators are exploiting zero-day vulnerabilities approximately one week before public disclosure, enabling the...
Microsoft has formally attributed Medusa ransomware zero-day attacks to Storm-1175, a China-based financially motivated cybercriminal group that has...
German authorities have publicly identified the elusive "UNKN," the operator behind the GandCrab and REvil ransomware groups, as 31-year-old Russian...
Modern ransomware has evolved far beyond simple file encryption. Multi-extortion tactics — combining encryption, data theft, and public leak threats —...
The Qilin ransomware group has claimed responsibility for an attack against German political party Die Linke, forcing an IT systems outage and threatening...
This week's security stories you may have missed: a ChatGPT conversation data leak, a new Android rootkit on Google Play, a municipal water facility taken...
Google has announced that its AI-powered ransomware detection feature for Google Drive has reached general availability and is now enabled by default for...
Iranian APT groups are increasingly blurring the lines between state-sponsored cyber espionage and financially motivated cybercrime, deploying destructive...
A new underground platform called Leak Bazaar positions itself as a data-processing business, offering to monetize stolen records on behalf of ransomware...
A new report reveals how industrialized credential theft has become the common thread connecting ransomware campaigns, SaaS platform breaches, and...
The Axios npm library was weaponized to deliver a cross-platform RAT; Anthropic accidentally leaked Claude Code's CLI source in an npm package; Google...
A ransomware attack on March 19 paralyzed Foster City's government systems for over six days, forcing officials to declare a state of emergency while...
Pro-Ukrainian hacktivist group Bearlyfy has conducted over 70 cyberattacks against Russian companies since January 2025, recently deploying a custom...
The European Commission confirms a 350 GB AWS breach; the DarkSword iOS exploit chain goes public on GitHub threatening hundreds of millions of iPhones;...
The pro-Ukrainian hacktivist group Bearlyfy has conducted over 70 cyberattacks against Russian businesses in the past year and is escalating operations...
This week: Russian authorities detain the alleged LeakBase admin weeks after the FBI-led global crackdown on the 147,000-subscriber stolen-data...
Ilya Angelov, co-leader of the TA551/Mario Kart cybercrime group, was sentenced to two years in prison for operating a phishing botnet that sent 700,000...
This week: the DarkSword iOS exploit chain published on GitHub threatens to democratize nation-state-grade iPhone hacking; CanisterWorm turns the Trivy...
Aleksei Volkov, a Russian initial access broker who sold unauthorized access to U.S. companies for the Yanluowang ransomware group, has been sentenced to...
The Qilin ransomware-as-a-service group has listed Malaysia Airlines on its leak site, claiming access to passenger records, personnel files, and...
Former incident responder Ryan Goldberg and ransomware negotiator Kevin Martin admitted to running ALPHV/BlackCat ransomware operations against five US...
CVE-2026-20131, a maximum-severity CVSS 10.0 insecure deserialization flaw in Cisco Firepower Management Center, was exploited by Interlock ransomware as...
Plano-based fintech vendor Marquis disclosed that a ransomware attack exploiting a SonicWall firewall vulnerability compromised Social Security numbers,...
CISA added actively exploited Zimbra Collaboration Suite and Microsoft SharePoint vulnerabilities to its Known Exploited Vulnerabilities catalog on March...
Texas fintech Marquis Software Solutions has confirmed a ransomware attack in August 2025 exposed data of 672,000+ individuals and disrupted operations at...
The Interlock ransomware gang has been actively exploiting a CVSS 10.0 insecure deserialization flaw in Cisco Secure Firewall Management Center since late...
The LeakNet ransomware gang is using ClickFix social engineering for initial access and a Deno-based malware loader to execute fileless payloads from...
This week: GlassWorm escalates with 72 malicious Open VSX extensions and a GitHub token force-push campaign poisoning hundreds of Python repos; CISA adds...
An international law enforcement operation codenamed Operation Synergia III has sinkholed 45,000 IP addresses and seized servers linked to ransomware,...
England Hockey, the national governing body for field hockey in England, is investigating a potential data breach after the AiLock ransomware group listed...
Canadian telecom giant Telus Digital has confirmed a security incident after the ShinyHunters hacking group claimed to have stolen nearly 1 petabyte of...
This week: UNC6426 weaponizes a stale npm supply chain compromise to seize full AWS admin in 72 hours, Cognizant TriZetto leaks 3.4 million patient...
Microsoft-tracked threat actor Velvet Tempest is deploying Termite ransomware via a ClickFix social-engineering chain that loads DonutLoader and installs...
Evgenii Ptitsyn, 43, a Russian national who administered the Phobos ransomware-as-a-service operation, pleaded guilty to wire fraud conspiracy in the U.S....
An incident response manager and a ransomware negotiator face up to 20 years after admitting to conducting BlackCat (ALPHV) ransomware attacks against...
A ransomware attack detected February 19 has taken down UMMC's EPIC EMR system and forced all 35 health clinics across Mississippi to close, canceling...
This week: UMMC closes 35 clinics after ransomware, Advantest semiconductor supplier hit, AT&T's 2024 breach resurfaces with 148M decrypted SSNs, Diesel...
Advantest Corporation, the world's leading manufacturer of semiconductor test equipment supplying companies like TSMC, Intel, and Samsung, disclosed a...
The HellCat ransomware group has breached Swiss enterprise communications provider Ascom by exploiting Jira credentials harvested through infostealer...
The January 2025 ransomware attack on government technology giant Conduent continues to expand in scope, now confirmed to affect 15.4 million in Texas and...
The Nova ransomware group, formerly known as RALord, has been confirmed fully operational with 73 victims across nearly every continent, employing double...
A new ransomware strain called Reynolds bundles a Bring Your Own Vulnerable Driver component directly in its payload, killing EDR processes from...
The Warlock ransomware group exploited CVE-2026-23760, an authentication bypass zero-day in SmarterMail, to breach SmarterTools itself, compromise 12...
With 91 publicly disclosed ransomware attacks in January 2026 alone, the ransomware landscape is shifting toward data-only extortion while healthcare...
The Qilin ransomware group has compromised Romania's national oil pipeline operator Conpet, exfiltrating over 1 TB of data including passports, internal...
BlackFog's 2025 State of Ransomware Report reveals a 49% increase in ransomware attacks year-over-year, with evolving tactics shifting toward...
Cybersecurity Ventures forecasts ransomware damage costs will surge to $74 billion globally in 2026, up from $57 billion in 2025, as attacks grow more...
Major U.S. payment processor BridgePay remains completely offline after a ransomware attack, forcing merchants nationwide to revert to cash-only operations.
Critical path traversal vulnerability in WinRAR enables ransomware and credential theft as Russian and Chinese threat actors weaponize phishing campaigns...
This week: state-backed espionage campaigns across 155 countries, China-linked router hijacking, ransomware surge, new security tools, and site updates.
The ShinyHunters hacking group published a 760 MB archive of 5.1 million Panera Bread customer records on the dark web after the company refused to pay a...
Government technology provider Conduent's January 2025 ransomware breach now confirmed to affect at least 15.4 million people in Texas alone, with 8TB of...
Information management giant Iron Mountain clarifies that alleged 1.4TB breach was limited to marketing materials after single credential compromise.
Security researchers identify 14 active RaaS platforms operating sophisticated affiliate programs, with entry costs as low as $40 per month lowering the...
Threat intelligence reports show 8 active ransomware groups claimed 26 victims on February 2nd alone, with major corporations including BASF and Honeywell...
Complete ransomware incident response playbook following NIST framework. Covers detection, containment, eradication, recovery, and lessons learned.
Ransomware attacks against healthcare organizations have increased 67% in the first month of 2026, with multiple hospital systems reporting service disruptions.
Qilin ransomware group claims responsibility for massive healthcare breach, stealing 850GB of sensitive patient data across multiple states. Initial...
Industry experts separate signal from noise in 2026's threat landscape. AI-powered attacks, supply chain risks, and the evolution of ransomware top the...
Claims administration firm Sedgwick confirms cybersecurity incident at government subsidiary after TridentLocker ransomware group claims theft of 3.4 GB...