Welcome to ISMG's Ransomware Resource Center!

Ransomware has rapidly become one of the world's most prevalent types of cybercrime. The lure for criminals is easy to see: Using highly automated and easily distributed crypto-locking malware to forcibly encrypt systems, attackers can demand bitcoin ransoms in exchange for decryption keys. Use this Ransomware Resource Center for the latest details on emerging ransomware variants, threat intelligence on attackers, plus best practices for detection, response and remediation.

Ukraine Extradites Suspected Ransomware Group Member to US

Mathew J. Schwartz • June 19, 2025

A suspected initial access specialist for a ransomware-wielding group is being extradited from Ukraine to the United States to stand trial. The group has been accused of earning over $100 million in ransom by using malware such as Ryuk, Dharma and Hive against more than 2,400 organizations.

Fraud Management & Cybercrime

LockBit Crackdown Fragmented Russian Cybercrime Groups

Latest

Agentic AI

Agentic AI Security Gets Fuel With Snyk's Invariant Labs Buy

Michael Novinson • June 24, 2025

To safeguard AI-native apps, Snyk has acquired Swiss startup Invariant Labs, whose experts pioneered research into vulnerabilities in agentic workflows. Snyk plans to integrate these capabilities across its developer-first security platform, starting with design partners.

Account Takeover Fraud

Neovera Boosts Bank Fraud Defense With Greenway Acquisition

Michael Novinson • June 18, 2025

Neovera has acquired Greenway Solutions, a Charlotte-based fraud red-teaming vendor serving top banks, to expand its cyber capabilities. The Washington D.C.-area services provider plans to tailor services for community banks and credit unions using automation and selective testing.

Cybercrime

Scattered Spider Targeting American Insurance Firms

Akshaya Asokan • June 17, 2025

A hacking collective behind recent cyberattacks on major British retailers has pivoted to target U.S. insurance firms, warned Google. Scattered Spider, tracked as UNC3944 by Google, is a financially motivated threat group consisting largely of English-speaking adolescents.

Fraud Management & Cybercrime

Erie Insurance Tells SEC It's Responding to a Cyber Incident

Marianne Kolbasuk McGee • June 12, 2025

Erie Indemnity Company, which offers a wide range of insurance including Medicare supplements and cyber coverage, has notified the U.S. Securities and Exchange Commission that it has been responding to a cyber incident since last weekend. The company is also warning customers of potential scams.

Agentic AI

Beyond Generic Chatbots: Rise of Industry-Specific AI Agents

Sandhya Michu • June 6, 2025

As companies shift away from broad, general-purpose AI tools, Iksha Labs CEO Hitesh Ganjoo says the future lies in domain-specific agents such as Rumi, an AI hiring coworker that's transforming interviews with speed and consistency.

Data Backup and Recovery

The Forgotten Details of Ransomware Response Plans

Marianne Kolbasuk McGee • June 4, 2025

While healthcare organizations often know in general what they need to do in case they're faced with a ransomware attack, the devil is in the details of how comprehensive and well-rehearsed that incident preparedness plan is for optimal response, said Rick Doten, vice president and healthplan CISO at Centene Corp.

Agentic AI

Nvidia CEO Huang Warns Export Bans Empower Chinese AI Firms

Michael Novinson • May 29, 2025

CEO Jensen Huang says new U.S. chip restrictions on China forced Nvidia to write down $4.5 billion in AI inventory and will hurt American leadership in global infrastructure as Chinese firms gain momentum. The rules fuel China’s rise and jeopardize U.S. infrastructure dominance, according to Huang.

Security Operations

Zscaler Buys Red Canary to Elevate AI-Driven Threat Response

Michael Novinson • May 28, 2025

Zscaler's buy of Red Canary will unify its cloud-based security infrastructure with Red Canary's MDR insights, giving rise to a next-gen SOC built on automation, AI, and rapid detection expertise. The integration will support a proactive SOC experience powered by AI workflows and security expertise.

Fraud Management & Cybercrime

Cancer Center Pays Patients $11.5M in Double-Extortion Hack

Marianne Kolbasuk McGee • May 27, 2025

A Seattle cancer center has agreed to pay $11.5 million to settle a proposed class action lawsuit involving a 2023 double-extortion ransomware attack that affected 2.1 million people, with some patients directly threatened by hackers with swatting attacks if they didn't pay a ransom.

Artificial Intelligence & Machine Learning

How Can We Solve the 'Insane' Deepfake Video Problem?

Suparna Goswami • May 27, 2025

AI enthusiasts are saying Veo 3 is one of Google's best products. The mind-blowing AI constructs cinematic video clips from text prompts, and the results look real. Veo 3 pushes deepfake capabilities into uncharted territory and introduces new threats to truth, trust and authenticity.

Operational Technology (OT)

OT Systems Exposed to Basic Hacks, CISA Warns

Chris Riotta • May 7, 2025

The Cybersecurity and Infrastructure Security Agency is warning that critical infrastructure operators remain vulnerable to low-skill cyberattacks targeting OT systems. The agency called for the removal of public internet access, tighter remote controls and better cyber hygiene.

Endpoint Protection Platforms (EPP)

CrowdStrike Lays Off 500 Workers as AI Flattens Hiring Curve

Michael Novinson • May 7, 2025

CrowdStrike plans to axe 500 employees as the endpoint security behemoth looks to operate more efficiently. Saying its use of AI technology "flattens our hiring curve," the company revealed plans to reduce its nearly 10,000-person staff by 5% to scale its business with more focus and discipline.