Trackers keeping an eye on ransomware leak sites logged more than 8,000 claimed victims worldwide in 2025, a rise of more than 50 percent compared to 2023. The counts come from outfits watching dark web shaming pages such as Ransomware.live and RansomLook.io, so they only include cases where crooks decided to post receipts. Plenty of victims, Emsisoft says, will have paid up, recovered, or kept quiet without ever appearing on a leak site.
An orthopedic center with several locations in the Capital Region faces a $500,000 fine for failing to protect patient information. The New York Attorney General, Letitia James, said an investigation into Orthopedics NY LLP found the orthopedic medicine and surgery center failed to adequately protect its systems, exposing the personal information of more than 650,000 patients and employees. The AG's office said cyberattackers gained remote access to OrthopedicsNY's patient data in 2023 by using compromised login credentials.
US feds have dismantled a crypto laundering service that they say helped cybercrooks wash tens of millions of dollars in dirty digital cash, seizing its servers and unsealing charges against an alleged Russian operator. The FBI, working with cops in Europe and a grab bag of state and federal agencies, announced this week that it has taken down the infrastructure behind E-Note, an unlicensed virtual currency exchange accused of acting as a financial rinse cycle for ransomware crews, account takeover gangs, and other online criminals.
Hundreds of millions of computers worldwide are still running Windows 10, months after the one-time king of PC operating systems officially passed its end-of-support deadline. If you're responsible for one of those machines and you aren't ready to upgrade to Windows 11, you can sign up today for an Extended Security Updates (ESU) subscription -- consumers can get those updates free through October 2026, as I explain here: How to get free Windows 10 security patches on your PC - from now to October 2026.
In a post on its dark web leak site, seen by The Register, Everest said: "Files contain this information and much more: Binary segmentation modules, Source code & patches, RAM dumps & memory logs, AI models & weights, OEM internal tools & firmware, Test videos, Calibration & dual-camera data, Image datasets, Crash logs & debug reports, Evaluation & performance reports, HDR, fusion, post processing data, Test APKs, experimental apps, Scripts & automation, Small config binary calibration files."
Encryption rates in ransomware attacks on manufacturing companies have fallen sharply. Only 40 percent of attacks resulted in actual encryption, the lowest level in five years and a significant drop from 74 percent last year. However, attackers are compensating for this with a different tactic: extortion without encryption rose from 3 percent in 2024 to 10 percent in 2025. They are increasingly relying on stolen data as a means of pressure.
Among the benefits, tabletop exercises simulate a real-life attack so firms can put incident response plans to the test, including decision-making processes, communications and technical measures. When done well, tabletop exercises can expose blind spots and help response teams "build the muscle memory needed to act fast when the real thing hits", says Adam Harrison, managing director in the cyber security practice at FTI Consulting. So what types of tabletop exercises are available and how can you use them in your business?
Cybercrime fighters in the US, UK, and Australia have imposed sanctions on several Russia-linked entities they claim provide hosting services to ransomware gangs Lockbit, BlackSuit, and Play. The sanctions target an organization called "Media Land," an entity that the US Department of Treasury describes as a provider of hosting services to "criminal marketplaces and ransomware actors" and which allowed its infrastructure to be used for "multiple distributed denial-of-service (DDOS) attacks against U.S. victim companies and critical infrastructure."
Ransomware doesn't knock on the front door. It sneaks in quietly, and by the time you notice, the damage is already done. Backups, replication, and cloud storage help recover from ransomware, but when it strikes, these products may not be enough. You copy your data and ensure copies are recoverable when needed. Replication is often viewed as the gold standard of protection. It is fast, efficient, and seems like an easy answer. Two common types of replication are in use today.
In a statement published this week, Synnovis said the investigation "took more than a year to complete because the compromised data was unstructured, incomplete and fragmented, and often very difficult to understand." It added that specialist incident response teams had to use "highly specialized platforms and bespoke processes" to work through terabytes of jumbled information and identify which healthcare providers' patients were affected.
Last month, Google said that the ransomware gang Clop was targeting companies after exploiting multiple vulnerabilities in Oracle's E-Business Suite software, which companies use for their business operations, storing their human resources files, and other sensitive data. The exploits allowed the hackers to steal their customer's business data and employee records from more than 100 companies, per Google.
Imagine this: Sarah from accounting gets what looks like a routine password reset email from your organization's cloud provider. She clicks the link, types in her credentials, and goes back to her spreadsheet. But unknown to her, she's just made a big mistake. Sarah just accidentally handed over her login details to cybercriminals who are laughing all the way to their dark web marketplace, where they'll sell her credentials for about $15. Not much as a one-off, but a serious money-making operation when scaled up.
"Sanctions will not deter all malicious cyber activity," he said. "What they can do is complicate operations, raise costs, disrupt enabling infrastructure and signal collective resolve." Saiz explained that sanctions can deter adversaries by imposing friction, restricting access to various resources - both financial and technical - and making threat actor networks publicly toxic, such as the UK's National Crime Agency (NCA) did to LockBit with some success. However, he warned, cyber sanctions do not deter every threat actor and their practical impact varies wildly.
In the past year, the rapid democratization of AI has opened the door for a new class of haunting threats. Malware creation, once a domain requiring deep expertise and significant time, can now be automated in mere seconds. It's no longer about who has the most sophisticated tools, but who can leverage AI the fastest - and the current advantage favors the bad actors. It's like a haunted house gone wrong, and the monsters are in control.
