X-Industry

Google has warned that ransomware gangs are reinventing their business models as traditional encryption-based attacks become less profitable and data-theft extortion surges.   According to new analysis, better cybersecurity controls, improved backup strategies, and stronger recovery capabilities mean more victims can restore their systems without paying, directly eroding criminal revenue. However, threat actors are not retreating; they are adapting their methods to make operations harder to disr

Blockchain analysis firm Chainalysis has released new data indicating that ransomware activity in 2025 featured reduced overall revenue alongside increased disruption and economic damage.  Globally, on-chain payments to attackers totaled approximately $820 million, an 8% decline from the previous year, yet the number of attacks claimed rose by 50%, and the UK emerged as one of the most targeted nations with severe impacts on major organizations.[1]

The use of blockchain technology in tracking ra

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.  The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked t

Our friends at SentinelLabs have published a great review on the current status of the malicious cyber capabilities of Iran.  Recent US and Israeli strikes against Iranian targets, followed by Iranian attacks on multiple regional locations, present a highly dynamic geopolitical situation with credible cyber threat implications.  Iran has historically incorporated cyber operations into periods of regional escalation.  Given the rapid escalation of geopolitical tensions, we assess that Iranian sta

As the healthcare sector continues to grapple with the professionalization of cybercrime, the University of Mississippi Medical Center (UMMC) has become the latest high-profile target in a sprawling ransomware attack.  This incident is a reminder of the "identity-first" battlefield and the catastrophic impact of machine-speed exfiltration on clinical operations.  The attack, first disclosed on 19 February 2026, has severely disrupted the state's only academic medical center. UMMC leadership, inc

In a recent law enforcement operation, the Federal Bureau of Investigation (FBI) dismantled the notorious cyber-criminal forum known as the Russian Anonymous Marketplace (RAMP), a platform favored by ransomware actors and initial access brokers. This takedown represents a significant disruption in the cybercrime landscape, particularly for Russian-speaking cybercriminals.  The news of RAMP's disarray emerged in late January 2026, when several cyber threat intelligence (CTI) analysts observed tha

In a recent law enforcement operation, the Federal Bureau of Investigation (FBI) dismantled the notorious cyber-criminal forum known as the Russian Anonymous Marketplace (RAMP), a platform favored by ransomware actors and initial access brokers. This takedown represents a significant disruption in the cybercrime landscape, particularly for Russian-speaking cybercriminals.  The news of RAMP's disarray emerged in late January 2026, when several cyber threat intelligence (CTI) analysts observed tha

In a recent law enforcement operation, the Federal Bureau of Investigation (FBI) dismantled the notorious cyber-criminal forum known as the Russian Anonymous Marketplace (RAMP), a platform favored by ransomware actors and initial access brokers. This takedown represents a significant disruption in the cybercrime landscape, particularly for Russian-speaking cybercriminals.  The news of RAMP's disarray emerged in late January 2026, when several cyber threat intelligence (CTI) analysts observed tha