Tag Archives: ransomware

Infosec In Brief 15 ransomware gangs, including Scattered Spider and Lapsus$, have announced that they are going dark, and say no more attacks will be carried out in their name. In a post on Breachforums, the ransomware-slingers say they have met their objectives – exposing insecure systems, not extortion – and “silence will now be our strength.” “If you worry …

A new piece of ransomware can encrypt a drive’s EFI boot partition. (Image source: ESET Security) A new form of ransomware, dubbed HybridPetya, is able to bypass UEFI Secure Boot and can install malware on a system’s EFI boot partition. This means that HybridPetya can hold a computer hard drive ransom by preventing it from booting into Windows. It appears …

A new ransomware strain dubbed HybridPetya was able to exploit a patched vulnerability to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot on unrevoked Windows systems, making it the fourth publicly known bootkit capable of punching through the feature and hijacking a PC before the operating system loads. ESET researchers discovered the ransomware-bootkit combo after samples were uploaded to VirusTotal …

A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious application on the EFI System Partition. HybridPetya appears inspired by the destructive Petya/NotPetya malware that encrypted computers and prevented Windows from booting in attacks in 2016 and 2017 but did not provide a recovery option. Researchers at cybersecurity company ESET found a sample of HybridPetya …

Cybersecurity researchers have discovered a new ransomware strain dubbed HybridPetya that resembles the notorious Petya/NotPetya malware, while also incorporating the ability to bypass the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems using a now-patched vulnerability disclosed earlier this year. Slovakian cybersecurity company ESET said the samples were uploaded to the VirusTotal platform in February 2025. “HybridPetya encrypts …

Earlier today, the U.S. District Court for the Eastern District of New York unsealed a superseding indictment charging Volodymyr Viktorovich Tymoshchuk — also known as deadforz, Boba, msfv, and farnetwork — a Ukrainian national, with serving as an administrator in the LockerGoga, MegaCortex, and Nefilim ransomware schemes. “Volodymyr Tymoshchuk is charged for his role in ransomware schemes that extorted more …

Federal and state authorities are investigating a ransomware attack that has disrupted key services across the state of Nevada. The Sunday attack interrupted multiple government services, including phone systems and state agency websites.  The attackers were able to steal data during the intrusion, but officials still don’t know what they took, Tim Galluzi, Nevada chief information officer and executive director …

A massive ransomware cyberattack that has crippled Nevada’s state government since Sunday has resulted in some data being moved outside of the network by “malicious actors,” state officials said Wednesday. State agency officials would not disclose the nature of the data that was taken outside the state network during the press conference in Carson City, and stressed that it is …

While such activity so far does not appear to be the norm across the ransomware ecosystem, the findings represent a stark warning. “There are definitely some groups that are using AI to aid with the development of ransomware and malware modules, but as far as Recorded Future can tell, most aren’t,” says Allan Liska, an analyst for the security firm …

Someone Created First AI-Powered Ransomware Using OpenAI’s gpt-oss:20b Model  The Hacker News Researchers flag code that uses AI systems to carry out ransomware attacks  CyberScoop First known AI-powered ransomware uncovered by ESET Research  WeLiveSecurity The first AI-powered ransomware has been discovered — “PromptLock” uses local AI to foil heuristic detection and evade API tracking  Tom’s Hardware Oh goody, the ‘first known AI-powered ransomware’ has …