Ransomware groups were faster, stealthier, and more active than ever in 2024
2024 was the worst year ever for big game ransomware.
1 minute
ransomware
ThreatDown State of Malware report 2025
The ThreatDown State of Malware report focuses on a few key developments that we witnessed in 2024.
2 minutes
Akira ransomware’s secret weapon—AnyDesk
The Akira ransomware group drops the AnyDesk client to gain persistence.
2 minutes
Which ports to monitor for ransomware attacks
There are a few ports that deserve extra attention when you're monitoring your systems for ransomware attacks.
3 minutes
How the Black Basta ransomware gang hides Cobalt Strike beacons with PowerShell
Ransomware gangs love PowerShell.
4 minutes
Why ransomware gangs want you to keep using that GPON router
A vulnerability found in 2018 is ranked #6 on the list of most attacked vulnerabilities.
2 minutes
Ransomware insurance is funding cybercrime, says White House official
"This is a troubling practice that must end."
2 minutes
Ransomware payments on track to smash $1.1 billion record
Median payments to some strains are now $1.5 million—a 650% increase from early 2023.
1 minute
Ransomware group disguises SharpRhino trojan as Angry IP Scanner
Researchers have uncovered more details of a Hunters International campaign that uses search ads to spread the SharpRhino RAT.
1 minute
New phishing campaign uses Discord for payload delivery
A new phishing campaign uses two Discord CDN's to host malicious executables.
3 minutes
Rhysida using Oyster Backdoor to deliver ransomware
In a recent attack, Rhysida used a new variant of the Oyster backdoor, also known as Broomstick.
3 minutes
Biggest trial court in the US closed after ransomware attack
The Los Angeles County Superior Court remained closed on Monday as it tried to recover from a ransomware attack.
1 minute
Ransomware review: July 2024
In June, LockBit said it breached the Federal Reserve and Black Basta was seen exploiting a Windows zero-day.
3 minutes
Credential Dumping: How ransomware gangs steal login data and how to detect it
Get the ins and outs of Credential Dumping.
5 minutes
How the world’s worst ransomware gang avoids detection
Look at a real example of how LockBit used LOTL techniques on a ThreatDown MDR client.
4 minutes
South Africa’s NHLS is recovering from a ransomware attack quickly, it just doesn’t feel that way
It's estimated that the NHLS handles diagnostic tests for about 80% of South Africa's population. Ransomware groups don't care.
2 minutes
Alabama State Department of Education stops ransomware attack but the assault on US education continues
More than 60% of global ransomware attacks on education happen in the USA.
2 minutes
Ransomware increases hospital deaths significantly
New research shows that you don't want to be in a hospital when ransomware strikes.
1 minute
Upgrade now! New MOVEit Transfer vulnerability under active exploitation
A new vulnerability in MOVEit Transfer is already under active exploitation, just a day after a patch was released.
2 minutes
From weeks to hours: Why ransomware attacks are getting quicker
Businesses will need to adapt as ransomware gangs take less time to steal and encrypt data than ever before.
4 minutes
