Ransomware
Malicious software used in ransom demands
Follow Ransomware on Notably News to receive short updates to your email — rarely!
We include updates on LockBit, Park Jin Hyok, CryptoLocker, British Library cyberattack, REvil, Rensenware, Denis Periša, TeslaCrypt, PGPCoder, Linux.Encoder, KeRanger, Dridex, CryptMix, Locky, LogicLocker, Vice Society ... and more.
| 2024 | Ransomware payments sharply dropped to $813 million, attributed to victim non-payment and law enforcement actions. |
| November 2024 | Targeted Rutherford County Schools in Tennessee with a cyberattack, likely involving data breach or ransomware. |
| August 2024 | Conducted a cyberattack on Seattle-Tacoma International Airport, compromising its digital systems. |
| July 2024 | Attacked the City of Columbus, Ohio, releasing over 3 TB of data on the dark web after attempting to extort $1.7M (30 Bitcoin) from the city. |
| June 2024 |
LockBit
LockBit claimed responsibility for a major breach of Evolve Bank & Trust, threatening to leak data from the bank and its financial technology partners, including Stripe, Mercury, Affirm, and Airwallex.
|
| June 2024 |
LockBit
Attacked the University Hospital Center in Zagreb, Croatia, causing significant disruption and claiming to have exfiltrated medical records and employee information. The Croatian government refused their demands.
|
| May 2024 | BlackCat (ALPHV) cyber gang conducted a ransomware attack on the servers and endpoint devices of Hong Kong's Consumer Council, as reported by The Standard (Hong Kong). |
| May 2024 |
Health Service Executive ransomware attack
473 legal actions were reported against the Health Service Executive (HSE) in relation to the ransomware attack, with the State Claims Agency managing 12 personal injury cases primarily focused on the psychological impact of the cyber incident.
|
| May 23 2024 |
LockBit
Attacked London Drugs, forcing closure of all Canadian locations, and demanded $25 million ransom. After the company refused, LockBit leaked data and the company offered identity theft protection to affected employees.
|
| May 21 2024 |
LockBit
LockBit claimed responsibility for a cyberattack on London Drugs, demanding $25 million ransom. The attack had previously caused nationwide store closures from April 28 to May 7.
|
| May 7 2024 |
LockBit
Charges and sanctions were announced against Dmitry Khoroshev, alleged administrator and developer of LockBit.
|
| May 1 2024 |
REvil
Yaroslav Vasinskyi was sentenced to 13 years and seven months in prison and ordered to pay $16 million in restitution after pleading guilty to cybercrime and money laundering charges.
|
| April 2024 |
Akira
By April 2024, Akira ransomware was estimated to have earned approximately $42 million from its ransomware-as-a-service operations since its inception.
|
| March 2024 | A representative for BlackCat announced the group was shutting down in the aftermath of the Change Healthcare ransomware attack. |
| February 2024 | A coordinated international operation successfully took down the LockBit ransomware gang, while the BlackCat/ALPHV gang disappeared. |
| February 24 2024 |
LockBit
A new LockBit website emerged, claiming to list over a dozen victims including the FBI, hospitals, and Fulton County, Georgia. The site threatened to release jury identities and court documents related to Donald Trump if a ransom was not paid by March 2.
|
| February 19 2024 |
LockBit
National Crime Agency, Europol, and international law enforcement agencies conducted Operation Cronos, seizing LockBit's darknet websites. Four individuals were arrested (one in Ukraine, one in Poland, two in the United States), and two Russians were named. Law enforcement seized the group's source code and obtained decryption keys.
|
| January 2024 |
LockBit
Attacked Fulton County computers, with the county confirming no ransom was paid and no sensitive information was extracted.
|
| 2023 | Ransomware payments reached a record high of $1.25 billion. |
| 2023 | The FBI and CISA jointly issued an advisory providing detailed information on Royal ransomware's tactics, techniques, procedures (TTPs), and indicators of compromise (IOCs) to help organizations defend against their attacks. |
| 2023 | Rhysida executed a significant cyberattack on the British Library, encrypting their data and threatening to publicly release it unless a ransom was paid. |
| 2023 | Launched a cyberattack against the Chilean army, demonstrating their capability to target military organizations. |
| 2023 | Rhysida conducted a data dump targeting Insomniac Games, potentially exposing sensitive company information. |
| 2023 |
LockBit
Early 2023 estimates indicate LockBit is responsible for 44% of all global ransomware incidents.
|
| 2023 |
The Ransomware Hunting Team
The audiobook, narrated by BD Wong, won the Audie Award for Nonfiction.
|
| 2023 |
U.S. Ransomware Task Force
The RTF successfully dismantled the Hive, an international ransomware network that had extorted hundreds of millions of dollars from victims in the United States and internationally.
|
| 2023 |
Clop
Clop cyber gang deployed TrueBot malware, affecting over 1,500 systems worldwide, marking a significant expansion of their cyber attack capabilities.
|
| 2023 |
Clop
Clop claims responsibility for hacking multiple major organizations including BBC, British Airways, Estee Lauder, 1st Source, First National Bankers Bank, Putnam Investments, Landal Greenparks, Shell, New York City Department of Education, and Ernst & Young.
|
| 2023 |
Clop
Clop expanded its tactics to use 'encryption-less ransomware', focusing on pure extortion by threatening to leak data without actually encrypting systems, which allows for potentially larger profits.
|
| 2023 |
Health Service Executive ransomware attack
Dáil Éireann's Public Accounts Committee examined the financial impact of the cyber attack, revealing the Department of Health spent €1 million and the HSE spent €53 million in immediate response costs.
|
| December 2023 |
REvil
The Supreme Court of Korea reported experiencing a cyberattack by the Lazarus Group, resulting in sensitive data leakage.
|
| December 19 2023 | The U.S. Department of State announced substantial reward offers: $10 million for leads identifying or locating ALPHV/Blackcat ransomware gang leaders, and an additional $5 million for tips about individuals participating in their ransomware attacks. |
| December 19 2023 | The FBI seized the BlackCat (ALPHV) ransomware group's website, replacing it with an official message announcing a coordinated law enforcement action. The FBI simultaneously released a decryption tool to help ransomware victims recover their files without paying ransom. |
| November 2023 | FBI and CISA warn that Royal ransomware gang may rebrand as 'BlackSuit' after testing an encryptor called BlackSuit |
| November 2023 | US agencies CISA, FBI, and MS-ISAC published an official alert about Rhysida ransomware, detailing the group's infiltration techniques and operational methods. |
| November 2023 |
LockBit
Attacked the US subsidiary of the Chinese state-owned Industrial and Commercial Bank of China. Released Boeing's internal stolen data onto the Internet.
|
| November 2023 |
REvil
Seoul Central District Prosecutors' Office announced prosecution of accomplices assisting the Fluffy group in South Korea.
|
| October 2023 |
LockBit
Claimed to have stolen sensitive data from Boeing, which Boeing later acknowledged as a cyber incident affecting parts and distribution business.
|
| September 2023 | The cyberattack on MGM resulted in a significant financial impact of $100 million for the company's third quarter, affecting operations including their sports betting platform BetMGM. |
| September 2023 | Scattered Spider, an affiliate of ALPHV, conducted ransomware attacks against MGM Resorts International and Caesars Entertainment. Caesars paid $15 million in ransom, while MGM refused to pay and instead shut down all systems for weeks. |
| July 2023 |
LockBit
Attacked the Port of Nagoya in Japan, which handles 10% of the country's trade, forcing a shutdown of container operations.
|
| July 2023 |
2022 Costa Rican ransomware attack
By July 2023, the number of Latin American countries with a national cybersecurity strategy increased from 12 to 20, partly in response to increasing cybersecurity threats like the Costa Rican ransomware attack.
|
| June 2023 | BlackCat claimed responsibility for a February 2023 breach of Reddit's systems, alleging theft of 80 GB of compressed data and demanding a $4.5 million ransom. This attack was notable for not involving typical data encryption. |
| June 2023 |
Akira
Avast released a decryptor for the Akira ransomware, exploiting the ransomware's partial file encryption approach. The decryptor was noted to be Windows-based and would require WINE for use on Linux systems.
|
| June 2023 |
LockBit
Demanded a $70 million ransom from TSMC group via a ransomware attack through one of its suppliers.
|
|
We are only showing the most recent entries for this topic. |
|
This contents of the box above is based on material from the Wikipedia articles Rhysida (hacker group), U.S. Ransomware Task Force, Akira (ransomware), Clop (cyber gang), Health Service Executive ransomware attack, 2022 Costa Rican ransomware attack, Royal (cyber gang), Ransomware, REvil, The Ransomware Hunting Team, BlackCat (cyber gang) & LockBit, which are released under the Creative Commons Attribution-ShareAlike 4.0 International License.